diff options
| author | Christian Heimes <christian@python.org> | 2018-02-24 01:35:08 (GMT) |
|---|---|---|
| committer | Nathaniel J. Smith <njs@pobox.com> | 2018-02-24 01:35:08 (GMT) |
| commit | 11a1493bc4198f1def5e572049485779cf54dc57 (patch) | |
| tree | 8ad419e997569f9a9d05ea7e213d5092086608fa /Misc | |
| parent | 82ab13d756a04eab1dae58629473b95ddf363484 (diff) | |
| download | cpython-11a1493bc4198f1def5e572049485779cf54dc57.zip cpython-11a1493bc4198f1def5e572049485779cf54dc57.tar.gz cpython-11a1493bc4198f1def5e572049485779cf54dc57.tar.bz2 | |
[bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128)
Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.
After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst b/Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst new file mode 100644 index 0000000..06528c9 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst @@ -0,0 +1 @@ +The ssl module now allows users to perform their own IDN en/decoding when using SNI. |