[Python-Dev] frozenset C API?
aahz at pythoncraft.com
Wed Sep 12 03:34:12 CEST 2007
On Thu, Sep 06, 2007, Bill Janssen wrote:
> By the way, I think the hostname matching provisions of 2818 (which
> is, after all, only an informational RFC, not a standard) are poorly
> thought out. Many machines have more hostnames than you can shake a
> stick at, and often provide certs with the wrong hostname in them
> (usually because they have no way to determine what the *right*
> hostname is, from inside that machine).
...which is why you pretty much need to have a canonical hostname mapped
to each IP you're using on a machine. Basically, you need to map the
hostname you intend to use to an IP, then do reverse-DNS to find out
whether the hostname is in fact the canonical hostname. If not, you're
using the wrong hostname on your cert.
Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/
"Many customs in this life persist because they ease friction and promote
productivity as a result of universal agreement, and whether they are
precisely the optimal choices is much less important." --Henry Spencer
More information about the Python-Dev