Message349644
This is not a bug in Python but a misconfiguration on your side. A workaround for a misconfiguration doesn't belong into upstream code. The certificate validation code is security-sensitive and I don't feel comfortable to add unnecessary string transformation to it. The code refuses bad wildcards because we have had more than one CVE related to wildcard matching.
Besides the ssl.match_hostname() function is deprecated and no longer used. Starting with Python 3.7 the ssl module uses OpenSSL to verify host names.
I suggest that you either ship this fix locally with your app. Or talk to IT again and have them replace the wrong certificate with a correct one that does not violate the standards. |
|
Date |
User |
Action |
Args |
2019-08-14 05:09:22 | christian.heimes | set | recipients:
+ christian.heimes, DK26 |
2019-08-14 05:09:22 | christian.heimes | set | messageid: <1565759362.92.0.279993865323.issue37845@roundup.psfhosted.org> |
2019-08-14 05:09:22 | christian.heimes | link | issue37845 messages |
2019-08-14 05:09:22 | christian.heimes | create | |
|