Mads Kiilerich <m...@kiilerich.com> added the comment: > Indeed. But, strictly speaking, there are no tests for IPs, so it > shouldn't be taken for granted that it works, even for commonName. > The rationale is that there isn't really any point in using an IP rather > a host name.
I don't know if there is a point or not, but some hosts are for some reason intended to be connected to using IP address and their certificates thus contains IP addresses. I think we should support that too, and I find it a bit confusing to only have partial support for subjectAltName. > Well, that's additional logic to code. I'm not sure it's worth it, > especially given that the function is called match_hostname in the first > place. "hostname" in Python usually refers to both IP addresses and DNS hostnames (just like in URLs), so I think it is a fair assumption that IP addresses also works in this hostname function. Perhaps it should be noted that CertificateError only is raised by match_hostname so a paranoid programmer don't start catching it everywhere - and also that match_hostname won't raise SSLError. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue1589> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
