Message 312904 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	njs
Recipients	christian.heimes, njs
Date	2018年02月26日.09:43:20
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1519638200.62.0.467229070634.issue30141@psf.upfronthosting.co.za>

Content
I agree that backporting X509_VERIFY_PARAM_set1_host is unreasonable, at least until the openssl ecosystem has moved forward a bit. But in earlier versions, would it be easy to detect that do_handshake() hasn't been called and raise an error? The docs say you have to call do_handshake(), so if you don't that's already a bug and breaking that case should be OK, especially since it's never worked correctly. I'm not very stressed about this myself because my code doesn't trigger the error -- only buggy code does :-). But it would be nice if the buggy code could fail closed.

Content

I agree that backporting X509_VERIFY_PARAM_set1_host is unreasonable, at least until the openssl ecosystem has moved forward a bit. But in earlier versions, would it be easy to detect that do_handshake() hasn't been called and raise an error?
The docs say you have to call do_handshake(), so if you don't that's already a bug and breaking that case should be OK, especially since it's never worked correctly.
I'm not very stressed about this myself because my code doesn't trigger the error -- only buggy code does :-). But it would be nice if the buggy code could fail closed.

History
Date	User	Action	Args
2018年02月26日 09:43:20	njs	set	recipients: + njs, christian.heimes
2018年02月26日 09:43:20	njs	set	messageid: <1519638200.62.0.467229070634.issue30141@psf.upfronthosting.co.za>
2018年02月26日 09:43:20	njs	link	issue30141 messages
2018年02月26日 09:43:20	njs	create

homepage