Re: [Python-Dev] Verification of SSL cert and hostname made easy

2013-11-30 Thread Christian Heimes
Am 30.11.2013 23:51, schrieb Antoine Pitrou: > Small nit: what happens if the server_hostname is None (i.e. wasn't > passed to context.wrap_socket())? The code will raise an exception. My patch already implements a more verbose ValueError that explains the cause of the problem. It's flaw in code,

Re: [Python-Dev] Verification of SSL cert and hostname made easy

2013-11-30 Thread Antoine Pitrou
On Sat, 30 Nov 2013 19:29:37 +0100 Christian Heimes wrote: > This fix requires only a new SSLContext attribute and a small > modification to SSLSocket.do_handshake(): > > if self.context.check_hostname: > try: > match_hostname(self.getpeercert(), self.server_hostname) > ex

Re: [Python-Dev] Verification of SSL cert and hostname made easy

2013-11-30 Thread Guido van Rossum
Sounds good. Is another change for asyncio needed? On Sat, Nov 30, 2013 at 1:54 PM, Nick Coghlan wrote: > > On 1 Dec 2013 04:32, "Christian Heimes" wrote: > > > > Hi, > > > > Larry has granted me a special pardon to add an outstanding fix for SSL, > > http://bugs.python.org/issue19509 . Right

Re: [Python-Dev] Verification of SSL cert and hostname made easy

2013-11-30 Thread Nick Coghlan
On 1 Dec 2013 04:32, "Christian Heimes" wrote: > > Hi, > > Larry has granted me a special pardon to add an outstanding fix for SSL, > http://bugs.python.org/issue19509 . Right now most stdlib modules > (ftplib, imaplib, nntplib, poplib, smtplib) neither support server name > indication (SNI) nor c

[Python-Dev] Verification of SSL cert and hostname made easy

2013-11-30 Thread Christian Heimes
Hi, Larry has granted me a special pardon to add an outstanding fix for SSL, http://bugs.python.org/issue19509 . Right now most stdlib modules (ftplib, imaplib, nntplib, poplib, smtplib) neither support server name indication (SNI) nor check the subject name of the peer's certificate properly. The

Re: [Python-Dev] PEP process entry point and ill fated initiatives

2013-11-30 Thread Kristján Valur Jónsson
Thanks for this long explanation, Nick. For someone that is not a compulsive reader of python-dev it certainly helps by putting things in perspective. I think the problem you describe is a singular one that needs to be dealt with using singular methods. My own personal complaints, have other caus

Re: [Python-Dev] PEP process entry point and ill fated initiatives

2013-11-30 Thread Mark Lawrence
On 30/11/2013 03:39, Nick Coghlan wrote: On 30 November 2013 01:25, Kristján Valur Jónsson wrote: I know that Anatoly himself is a subject of long history here, but I myself have felt lessening affinity to the dev community in recent years. It feels like it is increasingly shutting itself in.