This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author janssen
Recipients ahasenack, heikki, janssen, vila
Date 2008-09-11.16:04:03
SpamBayes Score 4.56873e-12
Marked as misclassified No
Message-id <>
In-reply-to <>
I think that, where it's appropriate, you can do that.  Just don't put it in
the SSL module.


On Wed, Sep 10, 2008 at 11:24 PM, Heikki Toivonen <>wrote:

> Heikki Toivonen <> added the comment:
> Ok, thank you for clarifications. Now I understand why the hostname
> checking isn't the solution that fits every problem. I am still not
> completely clear how you'd do the checking otherwise, for example to
> verify the service you are talking to is what you think it is.
> But still, I think dealing with email servers is another common use case
> where hostname check is adequate most of the time. I am sure there are
> other cases like this. Therefore I am still of the opinion that the
> default should be to do the hostname check. Yes, make it overridable,
> but doing the check is safer than not doing any checking IMO because
> even if the check is incorrect for a certain purpose the developer is
> likely to notice an error quickly and inclined to do some other security
> check instead of not doing anything and thinking they have a secure system.
> If you want to continue the discussion, we should maybe take this to
> some other forum, like comp.lang.python.
> _______________________________________
> Python tracker <>
> <>
> _______________________________________
File name Uploaded
unnamed janssen, 2008-09-11.16:04:01
Date User Action Args
2008-09-11 16:04:48janssensetrecipients: + janssen, vila, heikki, ahasenack
2008-09-11 16:04:03janssenlinkissue1589 messages
2008-09-11 16:04:03janssencreate