Issue 19507: ssl.wrap_socket() with server_hostname should imply match_hostname() (original) (raw)
Issue19507
Created on 2013-11-05 22:47 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (3) | ||
|---|---|---|
| msg202244 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2013-11-05 22:47 |
| I find it surprising that wrap_socket() doesn't verify the server name with match_hostname() when it is called with a server_name argument. The check should be done by default. I suggest: - add validate_hostname=True flag to wrap_socket() and functions that call wrap_socket() - add SSLSocket.match_hostname(hostname=None) to validate hostname with current cert. hostname shall default to server_hostname | ||
| msg202255 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2013-11-06 08:51 |
| I'm not sure why it's surprising. SNI and certificate validation are two different things. Besides, this is adding a new level of complication to the wrap_socket() signature. | ||
| msg203149 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2013-11-17 13:49 |
| I'll work on a PEP for 3.5 that will handle this issue. |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:53 | admin | set | github: 63706 |
| 2013-11-17 13:49:08 | christian.heimes | set | status: open -> closedversions: + Python 3.5, - Python 3.4messages: + assignee: christian.heimesresolution: later |
| 2013-11-06 08:51:03 | pitrou | set | messages: + |
| 2013-11-05 22:47:30 | christian.heimes | create |