This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Marc.Abramowitz, alex, christian.heimes, dstufft, pitrou, python-dev, r.david.murray, Ádám.Zsigmond
Date 2016-04-07.15:06:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1460041591.44.0.724282858528.issue23239@psf.upfronthosting.co.za>
In-reply-to
Content
I'm -1 on the patch for a practical reason: The current API is broken and I don't want to have it documented as officially supported.

In fact it is not only broken but also incompatible with more modern releases of OpenSSL. Recently OpenSSL got proper implementation of hostname and IP checking. Hostname and IP must be set with different API calls:

https://www.openssl.org/docs/manmaster/crypto/X509_VERIFY_PARAM_add1_host.html
https://www.openssl.org/docs/manmaster/crypto/X509_check_host.html
History
Date User Action Args
2016-04-07 15:06:31christian.heimessetrecipients: + christian.heimes, pitrou, alex, r.david.murray, python-dev, Marc.Abramowitz, dstufft, Ádám.Zsigmond
2016-04-07 15:06:31christian.heimessetmessageid: <1460041591.44.0.724282858528.issue23239@psf.upfronthosting.co.za>
2016-04-07 15:06:31christian.heimeslinkissue23239 messages
2016-04-07 15:06:31christian.heimescreate