[issue33136] Harden ssl module against CVE-2018-8970

Gregory P. Smith added the comment: yes, this was fixed. -- nosy: +gregory.p.smith resolution: -> fixed stage: patch review -> commit review status: open -> closed ___ Python tracker ___

[issue33136] Harden ssl module against CVE-2018-8970

Ashwin Ramaswami added the comment: Can this be closed now? -- nosy: +epicfaace ___ Python tracker ___ ___ Python-bugs-list mailing

[issue33136] Harden ssl module against CVE-2018-8970

Christian Heimes added the comment: New changeset 2dd885eaa0d427e84892673c83d697bca5427c8b by Christian Heimes (Miss Islington (bot)) in branch '3.7': [3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230) https://github.com/python/cpython/commit/2dd885eaa0d427e84892673c8

[issue33136] Harden ssl module against CVE-2018-8970

Change by miss-islington : -- pull_requests: +5969 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue33136] Harden ssl module against CVE-2018-8970

Christian Heimes added the comment: New changeset d02ac25ab0879f1a6de6937573bf00a16b7bd22e by Christian Heimes in branch 'master': bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) https://github.com/python/cpython/commit/d02ac25ab0879f1a6de6937573bf00a16b7bd22e -- __

[issue33136] Harden ssl module against CVE-2018-8970

Change by Christian Heimes : -- keywords: +patch pull_requests: +5968 stage: needs patch -> patch review ___ Python tracker ___ ___ P

[issue33136] Harden ssl module against CVE-2018-8970

New submission from Christian Heimes : Since 3.7, the ssl module uses X509_VERIFY_PARAM_set1_host() to put the burden of hostname matching on OpenSSL. More specific, it calls X509_VERIFY_PARAM_set1_host(param, server_hostname, 0). The namelen=0 parameter means that OpenSSL handles server_hostn