Riccardo Schirone <rschi...@redhat.com> added the comment:
As far as I know you can't request a hostname with spaces in it (which seems to be a precondition to trigger this bug) so I think an attacker cannot even create a malicious CA that would be mistakenly accepted by match_hostname. ---------- nosy: +rschiron _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37463> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com