URL: https://github.com/freeipa/freeipa/pull/490
Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification
tiran commented:
"""
The hostname must be ASCII text. Something like ```hostname.encode('ascii')```
should catch non-ASCII text and Python 3 bytes.
"""
See the
URL: https://github.com/freeipa/freeipa/pull/490
Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification
HonzaCholasta commented:
"""
@tiran, how do I ensure that?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/490#issuecomment-281313807
--
URL: https://github.com/freeipa/freeipa/pull/490
Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification
tiran commented:
"""
Do we ensure that the function is always called with an IDN A-Label encoded
hostname? ```ssl.match_hostname``` assumes that all parts are
