Author vstinner
Recipients alex, benjamin.peterson, christian.heimes, doko, dstufft, giampaolo.rodola, janssen, kroeckx, lemburg, ned.deily, pitrou, python-dev, vstinner
Date 2014-12-12.13:16:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1418390199.99.0.697604840555.issue22935@psf.upfronthosting.co.za>
In-reply-to
Content
> So this seems to be a function that just gets the certificate?  You need to be careful with this since a server could perfectly decide to send a different certificate depending on the client hello it receives. (...) In any case, you should always use SSLv23, stop supporting anything else.

I don't understand. You say that depending on the protocol, you may get a different certificate, and then that we should stop supporting multiple protocol. Does it mean that you ask to remove a Python feature?

Even if it is technically possible to return a different certificate, I don't think that much servers will return a different certificate if the client uses SSLv23 instead of SSLv3.
History
Date User Action Args
2014-12-12 13:16:40vstinnersetrecipients: + vstinner, lemburg, doko, janssen, pitrou, giampaolo.rodola, christian.heimes, benjamin.peterson, ned.deily, alex, python-dev, dstufft, kroeckx
2014-12-12 13:16:39vstinnersetmessageid: <1418390199.99.0.697604840555.issue22935@psf.upfronthosting.co.za>
2014-12-12 13:16:39vstinnerlinkissue22935 messages
2014-12-12 13:16:39vstinnercreate