Message346980
> It's a potential security bug although low severity.
What is the worst that can happen with this issue?
Other the client doesn't validate the cert at all, and so this issue has no impact, or the client validates the cert and trusts the CA, but the host isn't fully validated... Ok, but could someone abuse "1.1.1.1 ; this should not work but does"? Does a web browser accept such hostname? Or can it be used to inject SQL or a shell command for example? |
|
Date |
User |
Action |
Args |
2019-07-01 08:55:28 | vstinner | set | recipients:
+ vstinner, janssen, christian.heimes, ned.deily, alex, lukasz.langa, dstufft |
2019-07-01 08:55:28 | vstinner | set | messageid: <1561971328.54.0.47490834861.issue37463@roundup.psfhosted.org> |
2019-07-01 08:55:28 | vstinner | link | issue37463 messages |
2019-07-01 08:55:28 | vstinner | create | |
|