On Tue, Jun 15, 2010 at 1:57 PM, Antoine Pitrou <solip...@pitrou.net> wrote: > > Hello, > >> He's describing the lack of hostname checking, discussed here[0], >> here[1], and in my pycon lightning talk last year, wherever those >> are kept. > > Ok, thank you. > I have tried to put some effort into the py3k ssl docs, so that security > issues get mentioned: > http://docs.python.org/dev/py3k/library/ssl.html#security-considerations > Any improvement or correction is welcome.
Could similar notifications be added to urllib, etc? That's where people really get bitten badly by this. > Also, following issue1589 (certificate hostname checking), I think it > would be useful at least to provide the necessary helper functions in > order to check certificate conformity, even if they aren't called > implicitly. I would encourage interested people to provide a patch for > the py3k ssl module, and will gladly review it. I'm not sure what this fixes if it doesn't get used in the higher-level modules, but I can ask if anybody is interested. Geremy Condra -- http://mail.python.org/mailman/listinfo/python-list
