Message 232543 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	kroeckx
Recipients	alex, benjamin.peterson, christian.heimes, doko, dstufft, giampaolo.rodola, janssen, kroeckx, lemburg, ned.deily, pitrou, python-dev, vstinner
Date	2014-12-12.13:08:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1418389681.06.0.183415894422.issue22935@psf.upfronthosting.co.za>
In-reply-to

Content
So this seems to be a function that just gets the certificate? You need to be careful with this since a server could perfectly decide to send a different certificate depending on the client hello it receives. Like if you support ECDSA it might decide to send you the ECDSA certificate instead of the RSA certificate. Or maybe you're even connecting to a different IP address? In any case, you should always use SSLv23, stop supporting anything else.

So this seems to be a function that just gets the certificate?  You need to be careful with this since a server could perfectly decide to send a different certificate depending on the client hello it receives.  Like if you support ECDSA it might decide to send you the ECDSA certificate instead of the RSA certificate.  Or maybe you're even connecting to a different IP address?

In any case, you should always use SSLv23, stop supporting anything else.

History
Date	User	Action	Args
2014-12-12 13:08:01	kroeckx	set	recipients: + kroeckx, lemburg, doko, janssen, pitrou, vstinner, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft
2014-12-12 13:08:01	kroeckx	set	messageid: <1418389681.06.0.183415894422.issue22935@psf.upfronthosting.co.za>
2014-12-12 13:08:01	kroeckx	link	issue22935 messages
2014-12-12 13:08:00	kroeckx	create