[issue31997] SSL lib does not handle trailing dot (period) in hostname or certificate
Christian Heimes
report at bugs.python.org
Fri Nov 10 02:59:17 EST 2017
Christian Heimes <lists at cheimes.de> added the comment:
Trailing dots in hostname seem to be protocol specific, e.g. SMTP does not allow them. Unless you find a RFC that mandates support for trailing dots in TLS, I'm against a change in Python's TLS stack. It's too risky to mess up SNI, too.
I'd rather follow RFC 5890, make the caller deal with FQDN + trailing dot and require libraries to pass in a DNS Domain Names (a fully qualified domain name without a trailing dot) to server_hostname.
https://tools.ietf.org/html/rfc6125#section-2.2
https://tools.ietf.org/html/rfc5890#section-2.2
(The complete name convention using a trailing dot described
in RFC 1123 [RFC1123], which can be explicit as in "www.example.com."
or implicit as in "www.example.com", is not considered in this
specification.)
----------
nosy: +alex, dstufft, janssen
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31997>
_______________________________________
More information about the Python-bugs-list
mailing list