This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients DK26, christian.heimes
Date 2019-08-14.05:09:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1565759362.92.0.279993865323.issue37845@roundup.psfhosted.org>
In-reply-to
Content 
This is not a bug in Python but a misconfiguration on your side. A workaround for a misconfiguration doesn't belong into upstream code. The certificate validation code is security-sensitive and I don't feel comfortable to add unnecessary string transformation to it. The code refuses bad wildcards because we have had more than one CVE related to wildcard matching.

Besides the ssl.match_hostname() function is deprecated and no longer used. Starting with Python 3.7 the ssl module uses OpenSSL to verify host names.

I suggest that you either ship this fix locally with your app. Or talk to IT again and have them replace the wrong certificate with a correct one that does not violate the standards.
History
Date User Action Args
2019-08-14 05:09:22christian.heimessetrecipients: + christian.heimes, DK26
2019-08-14 05:09:22christian.heimessetmessageid: <1565759362.92.0.279993865323.issue37845@roundup.psfhosted.org>
2019-08-14 05:09:22christian.heimeslinkissue37845 messages
2019-08-14 05:09:22christian.heimescreate