subject:"\[issue23033\] Disallow support for a\*.example.net, \*a.example.net, and a\*b.example.net in certificate wildcard handling."

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-11-26 Thread Mariatta Wijaya


Mariatta Wijaya  added the comment:

I merged the PR, this is now in 3.7.
Thanks all!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-11-26 Thread Mariatta Wijaya


Mariatta Wijaya  added the comment:


New changeset ede2ac913eba47131ee1bbc37a9aea344d678576 by Mariatta (Mandeep 
Singh) in branch 'master':
bpo-23033:  Improve SSL Certificate handling (GH-937)
https://github.com/python/cpython/commit/ede2ac913eba47131ee1bbc37a9aea344d678576


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-06-12 Thread Christian Heimes


Christian Heimes added the comment:

It's probably not a good idea to port it to 3.6. It's a backwards incompatible 
change.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-06-11 Thread Mariatta Wijaya


Mariatta Wijaya added the comment:

Can this go to 3.6.2?

--
nosy: +Mariatta
stage: needs patch -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-04-02 Thread Christian Heimes


Christian Heimes added the comment:

Ned, Benjamin,

are you ok with a backport to 2.7 and 3.6? Substring (aka partial) matching of 
wildcards is a MAY feature according to RFC 6125 
https://tools.ietf.org/html/rfc6125#section-6.4.3 . They are a violation of 
CA/B Form's baseline requirements, so no publicaly trusted cert may contain a 
CN or SAN entry with a partial wildcard. Several libraries and languages do not 
implement the feature either. Improper wildcard matching caused a bunch of 
security issues and CVEs in Python.

--
nosy: +benjamin.peterson, ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-04-01 Thread Raymond Hettinger


Raymond Hettinger added the comment:

+1

--
nosy: +rhettinger

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2017-03-31 Thread Mandeep Singh


Changes by Mandeep Singh :


--
pull_requests: +1120

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2016-09-15 Thread Christian Heimes


Changes by Christian Heimes :


--
assignee:  -> christian.heimes
components: +SSL
versions:  -Python 3.5, Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2016-09-08 Thread Christian Heimes


Christian Heimes added the comment:

Sounds good to me!

For 3.7 I'm planning to use OpenSSL's hostname verification system and 
deprecate match_hostname(). It does support partial matching by default.

--
nosy: +christian.heimes
stage:  -> needs patch
type:  -> security
versions: +Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2014-12-11 Thread Donald Stufft


New submission from Donald Stufft:

Various browsers[1][2] are dropping support for wild card certificates which 
are anything but a single * alone in the left most position. The other style 
wildcards were deprecated previously and they should not appear in any public 
certificate and in the words of the Chrome project are dang weird for internal 
certificates.

I believe we should follow suite and just only allow a single * alone in the 
left most segment for the SSL handling code.

[1] https://codereview.chromium.org/762013002
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1107791

--
messages: 232493
nosy: dstufft
priority: normal
severity: normal
status: open
title: Disallow support for a*.example.net, *a.example.net, and a*b.example.net 
in certificate wildcard handling.
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23033
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2014-12-11 Thread Antoine Pitrou


Antoine Pitrou added the comment:

Sounds fine for me in 3.5.

--
nosy: +pitrou
versions:  -Python 2.7, Python 3.4, Python 3.6

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23033
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

2014-12-11 Thread Alex Gaynor


Alex Gaynor added the comment:

As a part of this, we might want to consider changing the implementation to not 
compile the SANs into a regular expression. Constantly compiling new regexs can 
cause churn in the `re` cache, which can degrade performance -- also, it's 
probably much worse on PyPy :-)

--
nosy: +alex

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23033
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

[issue23033] Disallow support for a.example.net, a.example.net, and a*b.example.net in certificate wildcard handling.

12 matches

Site Navigation

Mail list logo

Footer information