On Feb 22 2016, pisymbol <[email protected]> wrote:
[ Use TLS without verifying certificate ]
> So I added a backend-option just to see this would work and then noticed
> that python-dugong doesn't honor it.
Well, how did you implement the option? You probably have to add the
feature to Dugong first.
> It seems it always calls
> ssl.match_hostname() regardless of the ssl_context passed in (I set
> check_hostname = False and verify_mode = CERT_NOINE).
Seems like a reasonable course of action to me. If you want to use SSL,
you'd certainly want to check if the certificate you got is for the host
you've connected to. That's different from checking if the certificate
is trusted.
> Is this technically a bug Nikolaus?
You mean that dugong checks the hostname even if you've set
`ssl_context.check_hostname` to False? That attribute has only been
introduced in Python 3.4, so I'd call it an enhancement :-).
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
