Message232545
> So this seems to be a function that just gets the certificate? You need to be careful with this since a server could perfectly decide to send a different certificate depending on the client hello it receives. (...) In any case, you should always use SSLv23, stop supporting anything else.
I don't understand. You say that depending on the protocol, you may get a different certificate, and then that we should stop supporting multiple protocol. Does it mean that you ask to remove a Python feature?
Even if it is technically possible to return a different certificate, I don't think that much servers will return a different certificate if the client uses SSLv23 instead of SSLv3. |
|
Date |
User |
Action |
Args |
2014-12-12 13:16:40 | vstinner | set | recipients:
+ vstinner, lemburg, doko, janssen, pitrou, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft, kroeckx |
2014-12-12 13:16:39 | vstinner | set | messageid: <1418390199.99.0.697604840555.issue22935@psf.upfronthosting.co.za> |
2014-12-12 13:16:39 | vstinner | link | issue22935 messages |
2014-12-12 13:16:39 | vstinner | create | |
|