Antoine Pitrou <pit...@free.fr> added the comment: > > Correct me if I'm wrong, but the "well-maintained pyOpenSSL > > package" doesn't have the missing functionality (hostname > > checking in server certificates), either. > > I'm pretty sure it's just a wrapper around the openssl library, which > does not include it. That was Bill Janssen's argument for why the ssl > module shouldn't do that verification. Well, that and the fact that > there's no finalized standard for it yet. I believe this is the latest > draft: > http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09
Well, to be clear, it shouldn't be done *automatically*. But providing a helper function that implements the feature and lets higher layers like http.client and urllib.request call it if desired would be more than reasonable. (openssl may not provide such a function, but gnutls does, by the way) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue1589> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
