Toshio Kuratomi added the comment:

So, is this a security issue?  I've been wondering if I should apply the 
attached patch to the backports-ssl_match_hostname module on pypi.  I was 
hoping there'd be some information here as to whether this will be going into 
the stdlib in the future.

Thus far, ssl_match_hostname has just been a backport of the match_hostname 
function but if this is a security problem, I could press for us to diverge 
from the python3 stdlib.  It would be easier to make the case if this is seen 
as a critical problem that will need to be fixed even if the current patch 
might not be the eventual fix.

----------
nosy: +a.badger

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue17997>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to