[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
Heikki Toivonen
report at bugs.python.org
Thu Aug 21 00:52:15 CEST 2008
Heikki Toivonen <hjtoi-bugzilla at comcast.net> added the comment:
I would think most people/applications want to know to which host they
are talking to. The reason I am advocating adding a default check to the
stdlib is because this is IMO important for security, and it is easy to
get it wrong (I don't think I have it 100% correct in M2Crypto either,
although I believe it errs on the side of caution). I believe it would
be a disservice to ship something that effectively teaches developers to
ignore security (like the old socket.ssl does).
A TLS extension also allows SSL vhosts, so static IPs are no longer
strictly necessary (this is not universally supported yet, though).
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue1589>
_______________________________________
More information about the Python-bugs-list
mailing list