Python OpenSSL library
Antoine Pitrou
solipsis at pitrou.net
Thu Jun 17 13:49:22 EDT 2010
On Tue, 15 Jun 2010 19:56:46 -0700
John Nagle <nagle at animats.com> wrote:
>
> http://bugs.python.org/issue1589
[...]
>
> The typical Python user will expect SSL checking for URL opening
> to behave like a browser does. They won't be up to speed on the
> internal mechanics of X.509 certificates. The default case should
> be to require a hostname match (considering certificate wildcards,
> multiple common names, multiple alt names, etc.).
>
> Expecting the caller to do this check is unreasonable. It's
> about 70 lines of python code to cover all the cases. And
> that's without proper support for error reporting for internationalized
> host names.
If you are interested in this, I would encourage you to post a patch or
a proposal on the aforementioned bug entry so as to add a hostname
checking function to the SSL module.
(m2crypto has its own implementation that can serve as a source of
inspiration, and test cases)
If/when that is done, the second step would be to integrate it by
default with the urllib module, and perhaps other ones.
Thanks
Antoine.
More information about the Python-list
mailing list