Author nbareil
Recipients kiilerix, nbareil, pitrou, python-dev, sdaoden
Date 2011-05-07.07:48:34
SpamBayes Score 0.000150883
Marked as misclassified No
Message-id <1304754517.36.0.568196346631.issue12000@psf.upfronthosting.co.za>
In-reply-to
Content
Hello Mads

> Until now Python failed to the safe side by not matching on 
> subjectAltName iPAddress but also not falling back to commonName
> if they were specified. AFAICS, with this change it is possible to 
> create strange certificates that Python would accept when an IP 
> address matched commonName but other implementations would reject 
> because of iPAddress mismatch.

Good point! But I think we already have this issue with a certificate 
like this one:

cert = { 'subject': ((('commonName', '192.168.1.1'),),)}
ok(cert, '192.168.1.1')

Do you think this test should fail?
History
Date User Action Args
2011-05-07 07:48:37nbareilsetrecipients: + nbareil, pitrou, kiilerix, sdaoden, python-dev
2011-05-07 07:48:37nbareilsetmessageid: <1304754517.36.0.568196346631.issue12000@psf.upfronthosting.co.za>
2011-05-07 07:48:34nbareillinkissue12000 messages
2011-05-07 07:48:34nbareilcreate