Antoine Pitrou <pit...@free.fr> added the comment: > I think it looks good except for the wildcard checking. According to > the latest draft of that TLS id-checking RFC, you aren't supposed to > allow the wildcard as part of a fragment. Of course this contradicts > RFC 2818.
Well, since it is then an "error" (according to the id-checking draft) in the certificate itself rather than the hostname we are trying to match, it seems there would be no real issue in accepting the match anyway. It's up to CAs to make sure that certificates conform to whatever standard is currently in effect. I'm also assuming RFC 2818 is in wider use than the id-checking draft; am I wrong? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue1589> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com