On Tue, 15 Jun 2010 19:56:46 -0700 John Nagle <na...@animats.com> wrote: > > http://bugs.python.org/issue1589 [...] > > The typical Python user will expect SSL checking for URL opening > to behave like a browser does. They won't be up to speed on the > internal mechanics of X.509 certificates. The default case should > be to require a hostname match (considering certificate wildcards, > multiple common names, multiple alt names, etc.). > > Expecting the caller to do this check is unreasonable. It's > about 70 lines of python code to cover all the cases. And > that's without proper support for error reporting for internationalized > host names.
If you are interested in this, I would encourage you to post a patch or a proposal on the aforementioned bug entry so as to add a hostname checking function to the SSL module. (m2crypto has its own implementation that can serve as a source of inspiration, and test cases) If/when that is done, the second step would be to integrate it by default with the urllib module, and perhaps other ones. Thanks Antoine. -- http://mail.python.org/mailman/listinfo/python-list
