Message135411
Hello Mads
> Until now Python failed to the safe side by not matching on
> subjectAltName iPAddress but also not falling back to commonName
> if they were specified. AFAICS, with this change it is possible to
> create strange certificates that Python would accept when an IP
> address matched commonName but other implementations would reject
> because of iPAddress mismatch.
Good point! But I think we already have this issue with a certificate
like this one:
cert = { 'subject': ((('commonName', '192.168.1.1'),),)}
ok(cert, '192.168.1.1')
Do you think this test should fail? |
|
Date |
User |
Action |
Args |
2011-05-07 07:48:37 | nbareil | set | recipients:
+ nbareil, pitrou, kiilerix, sdaoden, python-dev |
2011-05-07 07:48:37 | nbareil | set | messageid: <1304754517.36.0.568196346631.issue12000@psf.upfronthosting.co.za> |
2011-05-07 07:48:34 | nbareil | link | issue12000 messages |
2011-05-07 07:48:34 | nbareil | create | |
|