Python OpenSSL library
geremy condra
debatem1 at gmail.com
Tue Jun 15 17:14:08 EDT 2010
On Tue, Jun 15, 2010 at 1:57 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
>
> Hello,
>
>> He's describing the lack of hostname checking, discussed here[0],
>> here[1], and in my pycon lightning talk last year, wherever those
>> are kept.
>
> Ok, thank you.
> I have tried to put some effort into the py3k ssl docs, so that security
> issues get mentioned:
> http://docs.python.org/dev/py3k/library/ssl.html#security-considerations
> Any improvement or correction is welcome.
Could similar notifications be added to urllib, etc? That's where
people really get bitten badly by this.
> Also, following issue1589 (certificate hostname checking), I think it
> would be useful at least to provide the necessary helper functions in
> order to check certificate conformity, even if they aren't called
> implicitly. I would encourage interested people to provide a patch for
> the py3k ssl module, and will gladly review it.
I'm not sure what this fixes if it doesn't get used in the higher-level
modules, but I can ask if anybody is interested.
Geremy Condra
More information about the Python-list
mailing list