Python OpenSSL library
Nobody
nobody at nowhere.com
Tue Jun 15 17:32:27 EDT 2010
On Tue, 15 Jun 2010 22:57:24 +0200, Antoine Pitrou wrote:
> Also, following issue1589 (certificate hostname checking), I think it
> would be useful at least to provide the necessary helper functions in
> order to check certificate conformity, even if they aren't called
> implicitly. I would encourage interested people to provide a patch for
> the py3k ssl module, and will gladly review it.
The main issue is with the use of SSL for HTTPS: you *must* check the
hostname against the certificate *before* sending the request. Allowing
the caller to discover afterwards that (potentially confidential) data
has been sent to an unknown destination is not an acceptable alternative.
This check shouldn't require any additional steps on the part of the
caller. Simply creating an HTTPS connection or opening a connection using
an "https:" URL should be sufficient. If you want to provide support for
"fake SSL" (e.g. to allow connecting to hosts with self-signed
certificates), *that* should require additional steps.
The biggest problem with crypto is that it's very hard to tell the
difference between working crypto and broken crypto. If you make it easy
for developers to get it wrong, some of them *will* get it wrong, and it
may take a long time before anyone discovers this.
More information about the Python-list
mailing list