[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
david
report at bugs.python.org
Mon Nov 1 04:45:45 CET 2010
david <db.pub.mail at gmail.com> added the comment:
So I know the current patch doesn't support IP addresses but I thought I would link to what mozilla considered a security problem(just for future reference):
CVE-2010-3170: http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
"Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority."
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue1589>
_______________________________________
More information about the Python-bugs-list
mailing list