Nicolas Bareil <[email protected]> added the comment:
Hello Mads
> Until now Python failed to the safe side by not matching on
> subjectAltName iPAddress but also not falling back to commonName
> if they were specified. AFAICS, with this change it is possible to
> create strange certificates that Python would accept when an IP
> address matched commonName but other implementations would reject
> because of iPAddress mismatch.
Good point! But I think we already have this issue with a certificate
like this one:
cert = { 'subject': ((('commonName', '192.168.1.1'),),)}
ok(cert, '192.168.1.1')
Do you think this test should fail?
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue12000>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
