[issue23033] Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard handling.
Donald Stufft
report at bugs.python.org
Thu Dec 11 22:03:43 CET 2014
New submission from Donald Stufft:
Various browsers[1][2] are dropping support for wild card certificates which are anything but a single "*" alone in the left most position. The other style wildcards were deprecated previously and they should not appear in any public certificate and in the words of the Chrome project are "dang weird for internal certificates".
I believe we should follow suite and just only allow a single "*" alone in the left most segment for the SSL handling code.
[1] https://codereview.chromium.org/762013002
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1107791
----------
messages: 232493
nosy: dstufft
priority: normal
severity: normal
status: open
title: Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard handling.
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23033>
_______________________________________
More information about the Python-bugs-list
mailing list