[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
Antoine Pitrou
report at bugs.python.org
Mon Oct 4 19:19:59 CEST 2010
Antoine Pitrou <pitrou at free.fr> added the comment:
> I think it looks good except for the wildcard checking. According to
> the latest draft of that TLS id-checking RFC, you aren't supposed to
> allow the wildcard as part of a fragment. Of course this contradicts
> RFC 2818.
Well, since it is then an "error" (according to the id-checking draft)
in the certificate itself rather than the hostname we are trying to
match, it seems there would be no real issue in accepting the match
anyway. It's up to CAs to make sure that certificates conform to
whatever standard is currently in effect.
I'm also assuming RFC 2818 is in wider use than the id-checking draft;
am I wrong?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue1589>
_______________________________________
More information about the Python-bugs-list
mailing list