[issue17997] ssl.match_hostname(): sub string wildcard should not match IDNA prefix
Toshio Kuratomi
report at bugs.python.org
Tue Sep 3 05:59:24 CEST 2013
Toshio Kuratomi added the comment:
So, is this a security issue? I've been wondering if I should apply the attached patch to the backports-ssl_match_hostname module on pypi. I was hoping there'd be some information here as to whether this will be going into the stdlib in the future.
Thus far, ssl_match_hostname has just been a backport of the match_hostname function but if this is a security problem, I could press for us to diverge from the python3 stdlib. It would be easier to make the case if this is seen as a critical problem that will need to be fixed even if the current patch might not be the eventual fix.
----------
nosy: +a.badger
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17997>
_______________________________________
More information about the Python-bugs-list
mailing list