exar...@twistedmatrix.com wrote:
On 05:49 pm, na...@animats.com wrote:
exar...@twistedmatrix.com wrote:
On 04:51 pm, na...@animats.com wrote:
I'm converting some code from M2Crypto to the new "ssl" module, and
I've found what looks like a security hole. The "ssl" module will
validate the c
On 05:49 pm, na...@animats.com wrote:
exar...@twistedmatrix.com wrote:
On 04:51 pm, na...@animats.com wrote:
I'm converting some code from M2Crypto to the new "ssl" module,
and
I've found what looks like a security hole. The "ssl" module will
validate the certificate chain, but it doesn't
On Mon, Apr 19, 2010 at 1:49 PM, John Nagle wrote:
> exar...@twistedmatrix.com wrote:
>>
>> On 04:51 pm, na...@animats.com wrote:
>>>
>>> I'm converting some code from M2Crypto to the new "ssl" module, and
>>> I've found what looks like a security hole. The "ssl" module will
>>> validate the ce
exar...@twistedmatrix.com wrote:
On 04:51 pm, na...@animats.com wrote:
I'm converting some code from M2Crypto to the new "ssl" module, and
I've found what looks like a security hole. The "ssl" module will
validate the certificate chain, but it doesn't check that the certificate
is valid for
On 04:51 pm, na...@animats.com wrote:
I'm converting some code from M2Crypto to the new "ssl" module, and
I've found what looks like a security hole. The "ssl" module will
validate the certificate chain, but it doesn't check that the
certificate
is valid for the domain.
Here's the basic
