This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Quentin.Pradet, christian.heimes
Date 2021-03-16.21:29:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Oh heck, this is a genuine bug. I'm not yet sure if it's an undocumented API quirk in OpenSSL, a design bug in OpenSSL, or a bug in my code.

Python sets the host flags on the X509_VERIFY_PARAM of the *SSL_CTX. All flags get copied to *SSL struct and later to *X509_STORE_CTX struct. At least I thought that all flags get copied. Apparently hostflags aren't copied from *SSL_CTX to *SSL because the *SSL_CTX doesn't have any verify hosts configured. They are only ever configured on *SSL struct.
Date User Action Args
2021-03-16 21:29:37christian.heimessetrecipients: + christian.heimes, Quentin.Pradet
2021-03-16 21:29:37christian.heimessetmessageid: <>
2021-03-16 21:29:37christian.heimeslinkissue43522 messages
2021-03-16 21:29:37christian.heimescreate