[Python-Dev] frozenset C API? (original) (raw)
Aahz aahz at pythoncraft.com
Wed Sep 12 03:34:12 CEST 2007
- Previous message: [Python-Dev] frozenset C API?
- Next message: [Python-Dev] frozenset C API?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Sep 06, 2007, Bill Janssen wrote:
By the way, I think the hostname matching provisions of 2818 (which is, after all, only an informational RFC, not a standard) are poorly thought out. Many machines have more hostnames than you can shake a stick at, and often provide certs with the wrong hostname in them (usually because they have no way to determine what the right hostname is, from inside that machine).
...which is why you pretty much need to have a canonical hostname mapped to each IP you're using on a machine. Basically, you need to map the hostname you intend to use to an IP, then do reverse-DNS to find out whether the hostname is in fact the canonical hostname. If not, you're using the wrong hostname on your cert.
Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/
"Many customs in this life persist because they ease friction and promote productivity as a result of universal agreement, and whether they are precisely the optimal choices is much less important." --Henry Spencer http://www.lysator.liu.se/c/ten-commandments.html
- Previous message: [Python-Dev] frozenset C API?
- Next message: [Python-Dev] frozenset C API?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]