[Python-Dev] frozenset C API?

Aahz aahz at pythoncraft.com
Wed Sep 12 03:34:12 CEST 2007


On Thu, Sep 06, 2007, Bill Janssen wrote:
>
> By the way, I think the hostname matching provisions of 2818 (which
> is, after all, only an informational RFC, not a standard) are poorly
> thought out.  Many machines have more hostnames than you can shake a
> stick at, and often provide certs with the wrong hostname in them
> (usually because they have no way to determine what the *right*
> hostname is, from inside that machine).

...which is why you pretty much need to have a canonical hostname mapped
to each IP you're using on a machine.  Basically, you need to map the
hostname you intend to use to an IP, then do reverse-DNS to find out
whether the hostname is in fact the canonical hostname.  If not, you're
using the wrong hostname on your cert.
-- 
Aahz (aahz at pythoncraft.com)           <*>         http://www.pythoncraft.com/

"Many customs in this life persist because they ease friction and promote
productivity as a result of universal agreement, and whether they are
precisely the optimal choices is much less important." --Henry Spencer
http://www.lysator.liu.se/c/ten-commandments.html


More information about the Python-Dev mailing list