Message 189280 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	fweimer
Recipients	fweimer
Date	2013-05-15.10:25:06
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1368613506.72.0.090501566592.issue17980@psf.upfronthosting.co.za>
In-reply-to

Content
If the name in the certificate contains many "" characters, matching the compiled regular expression against the host name can take a very long time. Certificate validation happens before host name checking, so I think this is a minor issue only because it can only be triggered in cooperation with a CA (which seems unlikely). The fix is to limit the number of "" wildcards to a reasonable maximum (perhaps even 1).

If the name in the certificate contains many "*" characters, matching the compiled regular expression against the host name can take a very long time.  Certificate validation happens before host name checking, so I think this is a minor issue only because it can only be triggered in cooperation with a CA (which seems unlikely).

The fix is to limit the number of "*" wildcards to a reasonable maximum (perhaps even 1).

History
Date	User	Action	Args
2013-05-15 10:25:06	fweimer	set	recipients: + fweimer
2013-05-15 10:25:06	fweimer	set	messageid: <1368613506.72.0.090501566592.issue17980@psf.upfronthosting.co.za>
2013-05-15 10:25:06	fweimer	link	issue17980 messages
2013-05-15 10:25:06	fweimer	create