This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author a.badger
Recipients Arfrever, Ben.Darnell, a.badger, barry, christian.heimes, loewis, pitrou, t-8ch
Date 2013-09-03.03:59:23
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1378180764.48.0.487437798903.issue17997@psf.upfronthosting.co.za>
In-reply-to
Content
So, is this a security issue?  I've been wondering if I should apply the attached patch to the backports-ssl_match_hostname module on pypi.  I was hoping there'd be some information here as to whether this will be going into the stdlib in the future.

Thus far, ssl_match_hostname has just been a backport of the match_hostname function but if this is a security problem, I could press for us to diverge from the python3 stdlib.  It would be easier to make the case if this is seen as a critical problem that will need to be fixed even if the current patch might not be the eventual fix.
History
Date User Action Args
2013-09-03 03:59:24a.badgersetrecipients: + a.badger, loewis, barry, pitrou, christian.heimes, Arfrever, Ben.Darnell, t-8ch
2013-09-03 03:59:24a.badgersetmessageid: <1378180764.48.0.487437798903.issue17997@psf.upfronthosting.co.za>
2013-09-03 03:59:24a.badgerlinkissue17997 messages
2013-09-03 03:59:23a.badgercreate