Christian Heimes added the comment: Sigh, this is the seventh or eight security issue related to Python's hostname verification, maybe more. I know for years that Python's current approach is buggy and a collection of bad ideas. That's it, I'm going to rip out ssl.match_hostname() and let OpenSSL handle all verification internally. I've been working on another PEP that features the change for quite some time. I'll to finish my SSL PEP before PyCon and language summit.
Here is a quick proof-of-concept implementation (requires OpenSSL >= 1.0.2 and libressl >= 2.5). https://github.com/tiran/cpython/tree/openssl_check_hostname ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30141> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
