This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Quentin.Pradet, christian.heimes
Date 2021-03-16.21:29:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1615930177.91.0.850868645582.issue43522@roundup.psfhosted.org>
In-reply-to
Content
Oh heck, this is a genuine bug. I'm not yet sure if it's an undocumented API quirk in OpenSSL, a design bug in OpenSSL, or a bug in my code.

Python sets the host flags on the X509_VERIFY_PARAM of the *SSL_CTX. All flags get copied to *SSL struct and later to *X509_STORE_CTX struct. At least I thought that all flags get copied. Apparently hostflags aren't copied from *SSL_CTX to *SSL because the *SSL_CTX doesn't have any verify hosts configured. They are only ever configured on *SSL struct.

https://github.com/openssl/openssl/blob/081a7061f3da07318c4b0f5de67b82285630bf6b/crypto/x509/x509_vpm.c#L202-L213
History
Date User Action Args
2021-03-16 21:29:37christian.heimessetrecipients: + christian.heimes, Quentin.Pradet
2021-03-16 21:29:37christian.heimessetmessageid: <1615930177.91.0.850868645582.issue43522@roundup.psfhosted.org>
2021-03-16 21:29:37christian.heimeslinkissue43522 messages
2021-03-16 21:29:37christian.heimescreate