[New-bugs-announce] [issue28191] Support RFC4985 SRVName in SAN name

Christian Heimes report at bugs.python.org
Sat Sep 17 14:15:02 EDT 2016

New submission from Christian Heimes:

The standard subject alternative DNS name contains only a relationship between a cert and a host name. A host may have multiple services like HTTPS web server, IMAP server, mail servers etc. https://tools.ietf.org/html/rfc4985 defines a mechanism to define a relationship between a X.509 cert, a DNS name and a service, e.g. _https.www.example.org for service https on www.example.org.

OpenSSL is not yet able to convert a RFC4985 SRVName to a string. I have a patch, https://github.com/tiran/cpython/commits/feature/ssl_srvname

assignee: christian.heimes
components: SSL
messages: 276810
nosy: christian.heimes
priority: normal
severity: normal
stage: patch review
status: open
title: Support RFC4985 SRVName in SAN name
type: security
versions: Python 3.6, Python 3.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list