]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f409c99) | patch
[bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128) (GH-5843)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sat, 24 Feb 2018 03:18:28 +0000 (19:18 -0800)
committerNathaniel J. Smith <njs@pobox.com>
Sat, 24 Feb 2018 03:18:28 +0000 (19:18 -0800)
commit1c37e277190565f0e30fc9281caae4c899ac3b50
treeff9dc72dfddff2f1aa9b96b39fa91ff1beff7ddetree | snapshot
parentf409c9988e72eff7c0378ab5578f5edecb8b1855commit | diff
[bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128) (GH-5843)

Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.

After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
(cherry picked from commit 11a1493bc4198f1def5e572049485779cf54dc57)

Co-authored-by: Christian Heimes <christian@python.org>
Doc/library/ssl.rst diff | blob | history
Doc/whatsnew/3.7.rst diff | blob | history
Lib/ssl.py diff | blob | history
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | history
Modules/clinic/_ssl.c.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.