[issue31892] ssl.get_server_certificate should allow specifying certificate / key type
Hanno Boeck added the comment: Any update? :-) -- ___ Python tracker <https://bugs.python.org/issue31892> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32876] HTMLParser raises exception on some inputs
Hanno Boeck added the comment: Now the example code raises an AssertionError(). Is that intended? I don't think that's any better. I usually wouldn't expect an HTML parser to raise any error if you pass it a string, but instead to do fault tolerant parsing. And if it's expected that some inputs can generate exceptions, at least I think this should be properly documented. -- ___ Python tracker <https://bugs.python.org/issue32876> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue40717] pl.python.org has expired cert and links to nonexistent django.pl page
New submission from Hanno Boeck : I'm not sure if this is a good place to report this, but I haven't found a separate bug tracker or feedback contact for the webpages. https://pl.python.org/ has an expired certificate and it contains a prominent link to django.pl, which itself returns a DNS SERVFAIL error. -- assignee: docs@python components: Documentation messages: 369531 nosy: docs@python, hanno priority: normal severity: normal status: open title: pl.python.org has expired cert and links to nonexistent django.pl page ___ Python tracker <https://bugs.python.org/issue40717> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue36391] XSS in bugs.python.org 404 error page
New submission from Hanno Boeck : There's an XSS on the 404 error page: https://bugs.python.org/%3Cimg%20src=x%20onerror=alert(1)%3E (For lack of a webpage / bug tracker category I chose "Documentation" as the closest category I could find) -- assignee: docs@python components: Documentation messages: 338543 nosy: docs@python, hanno priority: normal severity: normal status: open title: XSS in bugs.python.org 404 error page type: security ___ Python tracker <https://bugs.python.org/issue36391> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35570] 2to3 creates code using deprecated imp module
New submission from Hanno Boeck : 2to3 (in python 3.6.6) will rewrite the reload function to use the imp module. However according to [1] "Deprecated since version 3.4: The imp package is pending deprecation in favor of importlib." Also running the code with warnings enabled will show a deprecation warning. Example, take this minimal script: #!/usr/bin/python import sys reload(sys) Running to 2to3 ends up with: #!/usr/bin/python import sys import imp imp.reload(sys) $ PYTHONWARNINGS=d python3 foo.py test.py:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses import imp [1] https://docs.python.org/3/library/imp.html -- components: 2to3 (2.x to 3.x conversion tool) messages: 332390 nosy: hanno priority: normal severity: normal status: open title: 2to3 creates code using deprecated imp module versions: Python 3.6 ___ Python tracker <https://bugs.python.org/issue35570> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32876] HTMLParser raises exception on some inputs
Hanno Boeck added the comment: Actually BeautifulSoup also uses the python html parser in the backend, so it has the same problem. (It can use alternative backends, but the python parser is the default and they also describe it as "lenient", which I would interpret as "it can handle that".) -- ___ Python tracker <https://bugs.python.org/issue32876> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue31892] ssl.get_server_certificate should allow specifying certificate / key type
New submission from Hanno Boeck : The function ssl.get_server_certificate() from the ssl module is supposed to allow fetching the certificate of a TLS server. However in its current form it provides no way to specify a key type. Many popular hosts (e.g. facebook, google) support both ECDSA and RSA these days, depending on the cipher suites one uses to try to connect to them. If one wants to fetch the RSA certificate of e.g. facbeook this is not possible with the current python ssl module, as it will always output the ECDSA certificate. One can create a connection with an SSLContext that has only RSA ciphers set, but it's not possible to get the certificate out of an SSLContext. And the get_server_certificate function provides neither a way to bind it to a context nor a way to specify ciphers or key types. I think there should be an optional parameter to get_server_certificate that allows asking for a specific key type. -- assignee: christian.heimes components: SSL messages: 305182 nosy: christian.heimes, hanno priority: normal severity: normal status: open title: ssl.get_server_certificate should allow specifying certificate / key type type: enhancement ___ Python tracker <https://bugs.python.org/issue31892> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue24061] Python 2.x breaks with address sanitizer
Changes by Hanno Boeck : -- type: -> enhancement ___ Python tracker <http://bugs.python.org/issue24061> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue24061] Python 2.x breaks with address sanitizer
New submission from Hanno Boeck: Right now it is not possible to build python 2.7.9 with address sanitizer. This issue has been worked around for python 3 in bug #18596 by marking some functions with attributes to tell address sanitizer to ignore them. I have attached a patch that will apply the same workaround to python 2.7. I'd apprechiate if this could be applied before the next python 2 release. Although it's the "old" python 2 version I think this is important enough to be backported. -- files: python-2.7.9-workaround-asan.diff keywords: patch messages: 242055 nosy: hanno priority: normal severity: normal status: open title: Python 2.x breaks with address sanitizer versions: Python 2.7 Added file: http://bugs.python.org/file39208/python-2.7.9-workaround-asan.diff ___ Python tracker <http://bugs.python.org/issue24061> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20866] segfailt with os.popen and SIGPIPE
New submission from Hanno Boeck: I experience a segmentation fault with python 2.7 (both 2.7.5 and 2.7.6 tested on Ubuntu and Gentoo) when a large file is piped, the pipe is passed to os.popen and the process sends a SIGPIPE signal. To create an easy to reproduce testcase grep can be used. See example attached. To test first create a dummy file containing zeros, around 1 megabyte is enough: for i in `seq 1 10`; do echo "0123456789" >> dummy.txt; done Then pipe it to the script attached like this: cat dummy.txt | python2 minimal.py Result is a Segmentation fault. The same code doesn't segfault with python 3. -- components: Interpreter Core files: sigpipe_crash.py messages: 212897 nosy: hanno priority: normal severity: normal status: open title: segfailt with os.popen and SIGPIPE type: crash versions: Python 2.7 Added file: http://bugs.python.org/file34301/sigpipe_crash.py ___ Python tracker <http://bugs.python.org/issue20866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com