Message 306007 - Python tracker

Message306007

Author	christian.heimes
Recipients	christian.heimes, samiam
Date	2017-11-10.07:11:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1510297886.11.0.213398074469.issue31997@psf.upfronthosting.co.za>
In-reply-to

Content
In the future Python will no longer use its own hostname verification code. Instead we are going to rely on OpenSSL to verify the hostname for us. A trailing dot also affects SNI. How do OpenSSL's functions SSL_set_tlsext_host_name() and X509_VERIFY_PARAM_set1_host() deal with a trailing dot? How do TLS servers such as Apache mod_ssl, Apache mod_nss, nginx, Go's TLS server, ... deal with trailing dot in SNI?

Content

In the future Python will no longer use its own hostname verification code. Instead we are going to rely on OpenSSL to verify the hostname for us. A trailing dot also affects SNI. How do OpenSSL's functions SSL_set_tlsext_host_name() and X509_VERIFY_PARAM_set1_host() deal with a trailing dot?

How do TLS servers such as Apache mod_ssl, Apache mod_nss, nginx, Go's TLS server, ... deal with trailing dot in SNI?

History
Date	User	Action	Args
2017-11-10 07:11:26	christian.heimes	set	recipients: + christian.heimes, samiam
2017-11-10 07:11:26	christian.heimes	set	messageid: <1510297886.11.0.213398074469.issue31997@psf.upfronthosting.co.za>
2017-11-10 07:11:26	christian.heimes	link	issue31997 messages
2017-11-10 07:11:25	christian.heimes	create