> On May 2, 2016, at 7:33 PM, John Levine <[email protected]> wrote:
>
> I tried writing a python script to fetch an https URL and check a
> different domain name against the subjectAltNames in the site's
> certificate. It turned out to be really easy, viz. the tiny script
> below. So at first glance, that doesn't seem to be a big problem.
Cute, but likely completely insecure. I see no check that the
certificate chain is trusted. Users should probably use existing
test HTTPS libraries, rather than roll their own.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
