Riccardo Schirone <[email protected]> added the comment:
As far as I know you can't request a hostname with spaces in it (which seems to be a precondition to trigger this bug) so I think an attacker cannot even create a malicious CA that would be mistakenly accepted by match_hostname. ---------- nosy: +rschiron _______________________________________ Python tracker <[email protected]> <https://bugs.python.org/issue37463> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
