[Python-Dev] SSL certs

Bill Janssen janssen at parc.com
Thu Sep 13 19:15:32 CEST 2007

> However, there is an alternative to using multiple IP addresses:
> one could also use multiple "subject alternative names", and create
> a certificate that lists them all.

Unfortunately, much of the client code that does the hostname
verification is wrapped up in gullible Web browsers or Java HTTPS
libraries that swallowed RFC 2818 whole, and not easily accessible by
applications.  Does any of it recognize and accept "subject
alternative name"?

It's possible to at least override the default Java client-side
hostname verification handling in a new application.  And Python is
lucky; because there was no client-side hostname verification
possible, RFC 2818 hasn't been plastered into the Python standard
library :-).


More information about the Python-Dev mailing list