New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpo-43522: Fix SSLContext.hostname_checks_common_name (GH-24899) #24899
Conversation
|
The fix has landed in OpenSSL 3.0.0 and is flagged for backport to 1.1.1. |
|
Thanks! Should we mention in the docs that the flag had no effect until now? |
Something like this? I'll adjust the versionchanged to 3.8.9 and 3.9.3 in backports. |
|
Yes, that would be perfect. That way we'll know for what Python and OpenSSL combinations this flag will be safe to use. There's one thing I don't understand: is it enough to have either the CPython and OpenSSL fixes, or do we need both? |
|
The workaround in this PR is only necessary for OpenSSL 1.1.1k and older. 1.1.1l and 3.0.0 are going to copy the flag correctly without the workaround.
|
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not copy hostflags from *struct SSL_CTX* to *struct SSL*. Signed-off-by: Christian Heimes <christian@python.org>
|
Thanks @tiran for the PR |
|
Sorry, @tiran, I could not cleanly backport this to |
|
Sorry @tiran, I had trouble checking out the |
|
GH-25451 is a backport of this pull request to the 3.9 branch. |
…thonGH-24899) Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not copy hostflags from *struct SSL_CTX* to *struct SSL*. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit b467d9a) Co-authored-by: Christian Heimes <christian@python.org> (cherry picked from commit 330b49e) Co-authored-by: Christian Heimes <christian@python.org>
|
GH-25452 is a backport of this pull request to the 3.8 branch. |
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not copy hostflags from *struct SSL_CTX* to *struct SSL*. Signed-off-by: Christian Heimes <christian@python.org>
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from struct SSL_CTX to struct SSL.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue43522