granicus.if.org Git - python/commit

]> granicus.if.org Git - python/commit

author	Christian Heimes <christian@python.org>
	Sat, 27 Jan 2018 14:51:38 +0000 (15:51 +0100)
committer	GitHub <noreply@github.com>
	Sat, 27 Jan 2018 14:51:38 +0000 (15:51 +0100)
commit	61d478c71c5341cdc54e6bfb4ace4252852fd972
tree	5ad17242b4c341df03664ee5cde87cdb80b0ee50	tree \| snapshot
parent	746cc75541f31278864a10b995e7d009bd2ff053	commit \| diff

bpo-31399: Let OpenSSL verify hostname and IP address (#3462)

bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>

15 files changed:

Doc/library/ssl.rst		diff \| blob \| history
Doc/whatsnew/3.7.rst		diff \| blob \| history
Lib/asyncio/sslproto.py		diff \| blob \| history
Lib/http/client.py		diff \| blob \| history
Lib/ssl.py		diff \| blob \| history
Lib/test/test_asyncio/test_events.py		diff \| blob \| history
Lib/test/test_ftplib.py		diff \| blob \| history
Lib/test/test_imaplib.py		diff \| blob \| history
Lib/test/test_poplib.py		diff \| blob \| history
Lib/test/test_ssl.py		diff \| blob \| history
Lib/test/test_urllib2_localnet.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2017-09-08-14-05-33.bpo-31399.FtBrrt.rst	[new file with mode: 0644]	blob
Modules/_ssl.c		diff \| blob \| history
PC/pyconfig.h		diff \| blob \| history
setup.py		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom