Heikki Toivonen added the comment:
You can't solve this by trying to do different things on different operating
systems. This bug depends on file system properties, not OS.
Also I don't think you can just lower case the path and do a comparison,
because there are funky characters
Changes by Heikki Toivonen :
--
assignee: -> ronaldoussoren
components: +Macintosh
nosy: +ronaldoussoren
___
Python tracker
<http://bugs.python.org/issu
Heikki Toivonen added the comment:
I also noticed this last week. However, this is not Windows specific. It
happens with file systems that are not case sensitive. Besides Windows (NTFS,
FAT*) the other common platform is Macintosh (HFS+ with default settings).
What happens is that we copy
Heikki Toivonen added the comment:
More or less random opinions on things presented before:
* I prefer having secure defaults to over documentation, because, well, people
don't read documentation.
* If not secure defaults, then pointing out in documentation the secure way
AND prov
Heikki Toivonen added the comment:
Since SSLv2 is insecure, could you at least add a warning for that protocol? I
think there was a separate issue for removing it altogether, but could a
warning be added here?
The documentation should mention that verify_mode=CERT_REQUIRED is recommended
Heikki Toivonen <[EMAIL PROTECTED]> added the comment:
Ok, thank you for clarifications. Now I understand why the hostname
checking isn't the solution that fits every problem. I am still not
completely clear how you'd do the checking otherwise, for example to
verify the service
Heikki Toivonen <[EMAIL PROTECTED]> added the comment:
Could you clarify your comment regarding hostname check being false
security?
Just about all SSL texts I have read say you must do that, and that is
what your web browser and email client does to ensure it is talking to
the right hos
Heikki Toivonen <[EMAIL PROTECTED]> added the comment:
Yeah, compatibility can be a problem. The cipher list I used for
M2Crypto was recommended in the book Network Security with OpenSSL (I
think). Besides removing unsafe ciphers, it orders the remaining ciphers
from strongest to weakest,
Heikki Toivonen <[EMAIL PROTECTED]> added the comment:
I would think most people/applications want to know to which host they
are talking to. The reason I am advocating adding a default check to the
stdlib is because this is IMO important for security, and it is easy to
get it wrong (I
New submission from Heikki Toivonen <[EMAIL PROTECTED]>:
The 2.6 documentation states selecting the most compatible SSLv23 mode
may mean low quality ciphers, which does not really help the application
developers. It would be better to provide a way to set the allowed
ciphers. Even bette
Heikki Toivonen <[EMAIL PROTECTED]> added the comment:
I would definitely recommend providing as strict as possible hostname
verification in the stdlib, but provide application developers a way to
override that.
M2Crypto (and TLS Lite, from which I copied the approach to M2Crypto),
pro
New submission from Heikki Toivonen <[EMAIL PROTECTED]>:
There should be a way to disable SSLv2 since it is insecure. It would be
even better if SSLv2 was disabled out of the box, but maybe there could
be a way to re-enable it.
I made the default to disable SSLv2 in M2Crypto, but thos
Heikki Toivonen added the comment:
We noticed this too in Chandler. We worked around this issue with the
patch I am attaching. Maybe not a correct fix, though.
--
nosy: +heikki
versions: +Python 2.5
Added file: http://bugs.python.org/file8833/patches-2.5.1-Linux
13 matches
Mail list logo
