Message 306007 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, samiam
Date	2017-11-10.07:11:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1510297886.11.0.213398074469.issue31997@psf.upfronthosting.co.za>
In-reply-to

Content
In the future Python will no longer use its own hostname verification code. Instead we are going to rely on OpenSSL to verify the hostname for us. A trailing dot also affects SNI. How do OpenSSL's functions SSL_set_tlsext_host_name() and X509_VERIFY_PARAM_set1_host() deal with a trailing dot? How do TLS servers such as Apache mod_ssl, Apache mod_nss, nginx, Go's TLS server, ... deal with trailing dot in SNI?

In the future Python will no longer use its own hostname verification code. Instead we are going to rely on OpenSSL to verify the hostname for us. A trailing dot also affects SNI. How do OpenSSL's functions SSL_set_tlsext_host_name() and X509_VERIFY_PARAM_set1_host() deal with a trailing dot?

How do TLS servers such as Apache mod_ssl, Apache mod_nss, nginx, Go's TLS server, ... deal with trailing dot in SNI?

History
Date	User	Action	Args
2017-11-10 07:11:26	christian.heimes	set	recipients: + christian.heimes, samiam
2017-11-10 07:11:26	christian.heimes	set	messageid: <1510297886.11.0.213398074469.issue31997@psf.upfronthosting.co.za>
2017-11-10 07:11:26	christian.heimes	link	issue31997 messages
2017-11-10 07:11:25	christian.heimes	create