Python OpenSSL library
in [Python]
|
From: Antoine Pitrou on 17 Jun 2010 13:49 On Tue, 15 Jun 2010 19:56:46 -0700 John Nagle <nagle(a)animats.com> wrote: > > http://bugs.python.org/issue1589 [...] > > The typical Python user will expect SSL checking for URL opening > to behave like a browser does. They won't be up to speed on the > internal mechanics of X.509 certificates. The default case should > be to require a hostname match (considering certificate wildcards, > multiple common names, multiple alt names, etc.). > > Expecting the caller to do this check is unreasonable. It's > about 70 lines of python code to cover all the cases. And > that's without proper support for error reporting for internationalized > host names. If you are interested in this, I would encourage you to post a patch or a proposal on the aforementioned bug entry so as to add a hostname checking function to the SSL module. (m2crypto has its own implementation that can serve as a source of inspiration, and test cases) If/when that is done, the second step would be to integrate it by default with the urllib module, and perhaps other ones. Thanks Antoine.
From: geremy condra on 17 Jun 2010 14:48 On Thu, Jun 17, 2010 at 10:49 AM, Antoine Pitrou <solipsis(a)pitrou.net> wrote: > On Tue, 15 Jun 2010 19:56:46 -0700 > John Nagle <nagle(a)animats.com> wrote: >> >> http://bugs.python.org/issue1589 > [...] >> >> The typical Python user will expect SSL checking for URL opening >> to behave like a browser does. They won't be up to speed on the >> internal mechanics of X.509 certificates. The default case should >> be to require a hostname match (considering certificate wildcards, >> multiple common names, multiple alt names, etc.). >> >> Expecting the caller to do this check is unreasonable. It's >> about 70 lines of python code to cover all the cases. And >> that's without proper support for error reporting for internationalized >> host names. > > If you are interested in this, I would encourage you to post a patch or > a proposal on the aforementioned bug entry so as to add a hostname > checking function to the SSL module. > (m2crypto has its own implementation that can serve as a source of > inspiration, and test cases) > > If/when that is done, the second step would be to integrate it by > default with the urllib module, and perhaps other ones. John, I'll do this if you don't want to. Let me know. Geremy Condra
First
|
Prev
|
Pages: 1 2 3 4 5 6 Prev: Colour TIFF support (PIL or otherwise) Next: Python on Android Mobile? |