diff options
author | Christian Heimes <christian@python.org> | 2018-01-27 15:51:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-27 15:51:38 +0100 |
commit | 61d478c71c5341cdc54e6bfb4ace4252852fd972 (patch) | |
tree | 5ad17242b4c341df03664ee5cde87cdb80b0ee50 /PC | |
parent | 746cc75541f31278864a10b995e7d009bd2ff053 (diff) | |
download | cpython-git-61d478c71c5341cdc54e6bfb4ace4252852fd972.tar.gz |
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP
The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.
* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'PC')
-rw-r--r-- | PC/pyconfig.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/PC/pyconfig.h b/PC/pyconfig.h index db745dee76..d2a3f5dd39 100644 --- a/PC/pyconfig.h +++ b/PC/pyconfig.h @@ -687,4 +687,7 @@ Py_NO_ENABLE_SHARED to find out. Also support MS_NO_COREDLL for b/w compat */ /* framework name */ #define _PYTHONFRAMEWORK "" +/* Define if libssl has X509_VERIFY_PARAM_set1_host and related function */ +#define HAVE_X509_VERIFY_PARAM_SET1_HOST 1 + #endif /* !Py_CONFIG_H */ |