> On 30 nov. 2013, at 19:29, Christian Heimes wrote:
>
> With CERT_REQUIRED OpenSSL verifies that the peer's certificate is
> directly or indirectly signed by a trusted root certification authority.
> With Python 3.4 the ssl module is able to use/load the system's trusted
> root certs on all ma
Am 30.11.2013 23:16, schrieb Guido van Rossum:
> Sounds good.
>
> Is another change for asyncio needed?
Yes, but just a small one. The match_hostname() call in
selector_events is no longer required in 3.4.
Christian
___
Python-Dev mailing list
Python-D
Am 01.12.2013 12:33, schrieb Nick Coghlan:
> Perhaps a cleaner option would be to make check_hostname read only,
> and add a secure-by-default method that allows all verification
> related settings to be adjusted at once:
>
> def set_verify_mode(mode=ssl.CERT_REQUIRED, check_hostname=True):
>
On 1 December 2013 21:40, Antoine Pitrou wrote:
> On Sun, 1 Dec 2013 21:33:06 +1000
> Nick Coghlan wrote:
>>
>> If we don't do that, then I think Christian's approach is a reasonable
>> compromise given the late stage of the release cycle - it ensures the
>> context can't get into the inconsisten
On Sun, 1 Dec 2013 21:33:06 +1000
Nick Coghlan wrote:
>
> If we don't do that, then I think Christian's approach is a reasonable
> compromise given the late stage of the release cycle - it ensures the
> context can't get into the inconsistent verify_mode=CERT_NONE and
> check_hostname=True state,
On 1 December 2013 20:37, Antoine Pitrou wrote:
> On Sun, 01 Dec 2013 02:53:32 +0100
> Christian Heimes wrote:
>> Am 30.11.2013 23:51, schrieb Antoine Pitrou:
>> > Small nit: what happens if the server_hostname is None (i.e. wasn't
>> > passed to context.wrap_socket())?
>>
>> The code will raise
On Sun, 01 Dec 2013 02:53:32 +0100
Christian Heimes wrote:
> Am 30.11.2013 23:51, schrieb Antoine Pitrou:
> > Small nit: what happens if the server_hostname is None (i.e. wasn't
> > passed to context.wrap_socket())?
>
> The code will raise an exception. My patch already implements a more
> verbos
Am 30.11.2013 23:51, schrieb Antoine Pitrou:
> Small nit: what happens if the server_hostname is None (i.e. wasn't
> passed to context.wrap_socket())?
The code will raise an exception. My patch already implements a more
verbose ValueError that explains the cause of the problem. It's flaw in
code,
On Sat, 30 Nov 2013 19:29:37 +0100
Christian Heimes wrote:
> This fix requires only a new SSLContext attribute and a small
> modification to SSLSocket.do_handshake():
>
> if self.context.check_hostname:
> try:
> match_hostname(self.getpeercert(), self.server_hostname)
> ex
Sounds good.
Is another change for asyncio needed?
On Sat, Nov 30, 2013 at 1:54 PM, Nick Coghlan wrote:
>
> On 1 Dec 2013 04:32, "Christian Heimes" wrote:
> >
> > Hi,
> >
> > Larry has granted me a special pardon to add an outstanding fix for SSL,
> > http://bugs.python.org/issue19509 . Right
On 1 Dec 2013 04:32, "Christian Heimes" wrote:
>
> Hi,
>
> Larry has granted me a special pardon to add an outstanding fix for SSL,
> http://bugs.python.org/issue19509 . Right now most stdlib modules
> (ftplib, imaplib, nntplib, poplib, smtplib) neither support server name
> indication (SNI) nor c
Hi,
Larry has granted me a special pardon to add an outstanding fix for SSL,
http://bugs.python.org/issue19509 . Right now most stdlib modules
(ftplib, imaplib, nntplib, poplib, smtplib) neither support server name
indication (SNI) nor check the subject name of the peer's certificate
properly. The
12 matches
Mail list logo
