This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, docs@python, josh.r, ned.deily
Date 2019-05-11.16:03:07
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1557590587.79.0.515299528982.issue36868@roundup.psfhosted.org>
In-reply-to
Content 
The entry in whatsnew is a documentation bug. Initially I wanted to expose host_flags and wrote the whatnew entry for it. Later we decided against the flag and an only implemented the hostname_checks_common_name switch (https://docs.python.org/3/library/ssl.html#ssl.SSLContext.hostname_checks_common_name).

1) SSLContext.host_flags in whatsnew is a bug. I'm updating the text.

2/3/4) The _host_flags attribute and the HOSTFLAG_* attributes are for internal use only to provide the hostname_checks_common_name flag.

5) Underscore is not a valid character for hostnames in A, AAAA, CNAME, and similar DNS record types. It's used in e.g. SRV record types, but an application will never directly connect to a SRV record address. It looks like OpenSSL interprets RFC 6125 (https://tools.ietf.org/html/rfc6125#section-6.4.3) strictly and requires valid DNS names.

I wonder, how did you get your DNS server to accept underscores? In theory you should run into a DNS exception earlier.
History
Date User Action Args
2019-05-11 16:03:07christian.heimessetrecipients: + christian.heimes, ned.deily, docs@python, josh.r
2019-05-11 16:03:07christian.heimessetmessageid: <1557590587.79.0.515299528982.issue36868@roundup.psfhosted.org>
2019-05-11 16:03:07christian.heimeslinkissue36868 messages
2019-05-11 16:03:07christian.heimescreate