[Python-Dev] Verification of SSL cert and hostname made easy
Antoine Pitrou
solipsis at pitrou.net
Sun Dec 1 11:37:01 CET 2013
More information about the Python-Dev mailing list
Sun Dec 1 11:37:01 CET 2013
- Previous message: [Python-Dev] Verification of SSL cert and hostname made easy
- Next message: [Python-Dev] Verification of SSL cert and hostname made easy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 01 Dec 2013 02:53:32 +0100 Christian Heimes <christian at python.org> wrote: > Am 30.11.2013 23:51, schrieb Antoine Pitrou: > > Small nit: what happens if the server_hostname is None (i.e. wasn't > > passed to context.wrap_socket())? > > The code will raise an exception. My patch already implements a more > verbose ValueError that explains the cause of the problem. It's flaw in > code, that calls context.wrap_socket. Erroneous code will no longer pass > silently. > > The patch also ensures a valid combination of verify_mode and > check_hostname: > > >>> context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) > >>> context.check_hostname = True > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > ValueError: check_hostname needs a SSL context with either CERT_OPTIONAL > or CERT_REQUIRED > >>> context.verify_mode = ssl.CERT_REQUIRED > >>> context.check_hostname = True > >>> context.verify_mode = ssl.CERT_NONE > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is > enabled. So I have to set attributes in a given order? I find this silly. Regards Antoine.
- Previous message: [Python-Dev] Verification of SSL cert and hostname made easy
- Next message: [Python-Dev] Verification of SSL cert and hostname made easy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list