[issue17980] CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names
Marc-Andre Lemburg
report at bugs.python.org
Fri May 17 12:52:43 CEST 2013
Marc-Andre Lemburg added the comment:
Here's another long discussions about SSL hostname matching that may provide some useful insights:
* https://bugzilla.mozilla.org/show_bug.cgi?id=159483
Note how RFC 2595 doesn't even allow sub-string matching. It only allows '*' to be used as component.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17980>
_______________________________________
More information about the Python-bugs-list
mailing list