This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients DK26, christian.heimes
Date 2019-08-14.05:09:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
This is not a bug in Python but a misconfiguration on your side. A workaround for a misconfiguration doesn't belong into upstream code. The certificate validation code is security-sensitive and I don't feel comfortable to add unnecessary string transformation to it. The code refuses bad wildcards because we have had more than one CVE related to wildcard matching.

Besides the ssl.match_hostname() function is deprecated and no longer used. Starting with Python 3.7 the ssl module uses OpenSSL to verify host names.

I suggest that you either ship this fix locally with your app. Or talk to IT again and have them replace the wrong certificate with a correct one that does not violate the standards.
Date User Action Args
2019-08-14 05:09:22christian.heimessetrecipients: + christian.heimes, DK26
2019-08-14 05:09:22christian.heimessetmessageid: <>
2019-08-14 05:09:22christian.heimeslinkissue37845 messages
2019-08-14 05:09:22christian.heimescreate