]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 82ab13d) | patch
[bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128)
authorChristian Heimes <christian@python.org>
Sat, 24 Feb 2018 01:35:08 +0000 (02:35 +0100)
committerNathaniel J. Smith <njs@pobox.com>
Sat, 24 Feb 2018 01:35:08 +0000 (17:35 -0800)
commit11a1493bc4198f1def5e572049485779cf54dc57
tree8ad419e997569f9a9d05ea7e213d5092086608fatree | snapshot
parent82ab13d756a04eab1dae58629473b95ddf363484commit | diff
[bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128)

Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.

After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
Doc/library/ssl.rst diff | blob | history
Doc/whatsnew/3.7.rst diff | blob | history
Lib/ssl.py diff | blob | history
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | history
Modules/clinic/_ssl.c.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.