[New-bugs-announce] [issue17980] ssl.match_hostname() trips over crafted wildcard names
Florian Weimer
report at bugs.python.org
Wed May 15 12:25:06 CEST 2013
New submission from Florian Weimer:
If the name in the certificate contains many "*" characters, matching the compiled regular expression against the host name can take a very long time. Certificate validation happens before host name checking, so I think this is a minor issue only because it can only be triggered in cooperation with a CA (which seems unlikely).
The fix is to limit the number of "*" wildcards to a reasonable maximum (perhaps even 1).
----------
components: Library (Lib)
messages: 189280
nosy: fweimer
priority: normal
severity: normal
status: open
title: ssl.match_hostname() trips over crafted wildcard names
versions: Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17980>
_______________________________________
More information about the New-bugs-announce
mailing list