Devin Cook added the comment:
> Correct me if I'm wrong, but the "well-maintained pyOpenSSL
> package" doesn't have the missing functionality (hostname
> checking in server certificates), either.
I'm pretty sure it's just a wrapper around the openssl li
Devin Cook added the comment:
I think it looks good except for the wildcard checking. According to the latest
draft of that TLS id-checking RFC, you aren't supposed to allow the wildcard as
part of a fragment. Of course this contradicts RFC 2818.
http://tools.ietf.org/html/draft-saint
Devin Cook added the comment:
> I'm also assuming RFC 2818 is in wider use than the id-checking draft;
> am I wrong?
Yeah, since RFC 2818 has been accepted since 2000 and the id-checking draft was
started in 2009, I'd say it's a safe bet. I'm in n
Devin Cook added the comment:
It sounds like you may already have an idea of how you want the API structured,
but just in case you're still thinking about it here's another API to look at
that I think focuses on exactly what you were highlighting as priorities (sane
defaults, e
Devin Cook added the comment:
It looks like it's allowed for header line continuation.
http://www.ietf.org/rfc/rfc2616.txt
HTTP/1.1 header field values can be folded onto multiple lines if the
continuation line begins with a space or horizontal tab. All linear
white space, including fo
Devin Cook added the comment:
It looks like this bug was reintroduced in a5a3ae9be1fb.
--
nosy: +devin
___
Python tracker
<http://bugs.python.org/issue672
New submission from Devin Cook:
BaseHTTPRequestHandler limits request length to prevent DoS. WSGIRequestHandler
should probably do the same.
See: http://bugs.python.org/issue10714
--
components: Library (Lib)
files: wsgiref_request_length.patch
keywords: patch
messages: 226931
nosy
New submission from Devin Cook:
Several years ago a patch was applied to set the default binding of the pydoc
server to "localhost" instead of "0.0.0.0". It appears that the issue was
reintroduced in a5a3ae9be1fb.
See previous issue: http://bugs.python.org/issue672656
$
Devin Cook added the comment:
Sure, thanks.
New issue: http://bugs.python.org/issue22421
--
___
Python tracker
<http://bugs.python.org/issue672656>
___
___
Pytho
Changes by Devin Cook :
Removed file: http://bugs.python.org/file29202/asynchat_tip.patch
___
Python tracker
<http://bugs.python.org/issue11259>
___
___
Python-bugs-list m
Devin Cook added the comment:
updating the patch to the current tip
--
Added file: http://bugs.python.org/file34310/asynchat_tip.patch
___
Python tracker
<http://bugs.python.org/issue11
Changes by Devin Cook :
--
nosy: +devin
___
Python tracker
<http://bugs.python.org/issue1589>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
Devin Cook added the comment:
Should now be compliant with this part of the spec:
"Each header_value must not include any control characters, including carriage
returns or linefeeds, either embedded or at the end. (These requirements are to
minimize the complexity of any parsing that mu
Devin Cook added the comment:
backported patch to 2.7
--
Added file: http://bugs.python.org/file29192/header_newlines_2.7.patch
___
Python tracker
<http://bugs.python.org/issue11
Devin Cook added the comment:
backported patch to 2.6
--
Added file: http://bugs.python.org/file29193/header_newlines_2.6.patch
___
Python tracker
<http://bugs.python.org/issue11
Changes by Devin Cook :
--
nosy: +devin
___
Python tracker
<http://bugs.python.org/issue12226>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
Devin Cook added the comment:
I agree that this is probably a bug, but can't think of any instances where
this in itself would cause a security issue. By sending something like a
negative Content-Length, you do indeed get data returned that doesn't really
match the data sent on th
Devin Cook added the comment:
This looks resolved. Can it be closed?
--
nosy: +devin
___
Python tracker
<http://bugs.python.org/issue10340>
___
___
Python-bug
Changes by Devin Cook :
--
nosy: +devin
___
Python tracker
<http://bugs.python.org/issue16632>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
Changes by Devin Cook :
Removed file: http://bugs.python.org/file29182/header_newlines.patch
___
Python tracker
<http://bugs.python.org/issue11671>
___
___
Python-bug
Devin Cook added the comment:
The spec doesn't say anything about the header name. It probably should though,
as the same issue exists there.
I used two searches because that's how it's done in wsgiref.validate, and it's
not a huge deal to do that because the second one wi
Changes by Devin Cook :
Removed file: http://bugs.python.org/file29192/header_newlines_2.7.patch
___
Python tracker
<http://bugs.python.org/issue11671>
___
___
Python-bug
Changes by Devin Cook :
Removed file: http://bugs.python.org/file29193/header_newlines_2.6.patch
___
Python tracker
<http://bugs.python.org/issue11671>
___
___
Python-bug
23 matches
Mail list logo
