-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Find a replacement for deprecated ssl.match_hostname
#368
Comments
I found service-identity which is mentioned in trio's documentation, it may be helpful. |
Thank you very much, this looks like exactly what we want! |
jlaine
added a commit
to jlaine/aioquic
that referenced
this issue
Jul 5, 2023
The standard libraries's `ssl.match_hostname` method was marked as deprecated in Python 3.10. Rather than implementing this critical piece of code ourselves, make use of the Python Cryptographic Authority's `service-identity` package. One notable behaviour change is that validation is performed *only* against the `subjectAltName` extension instead of the `commonName`. This is the same behaviour as web browsers use.
jlaine
added a commit
to jlaine/aioquic
that referenced
this issue
Jul 5, 2023
The standard libraries's `ssl.match_hostname` method was marked as deprecated in Python 3.10. Rather than implementing this critical piece of code ourselves, make use of the Python Cryptographic Authority's `service-identity` package. One notable behaviour change is that validation is performed *only* against the `subjectAltName` extension instead of the `commonName`. This is the same behaviour as web browsers use.
jlaine
added a commit
to jlaine/aioquic
that referenced
this issue
Jul 5, 2023
The standard libraries's `ssl.match_hostname` method was marked as deprecated in Python 3.10. Rather than implementing this critical piece of code ourselves, make use of the Python Cryptographic Authority's `service-identity` package. One notable behaviour change is that validation is performed *only* against the `subjectAltName` extension instead of the `commonName`. This is the same behaviour as web browsers use.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When connecting to a server, we rely on the standard library's ssl.matchhostname method to check the certificate presented by the server is valid for the hostname we connected to. Howver this method has been deprecated since Python 3.7 so we need to find a suitable replacement.
So far I have found:
The text was updated successfully, but these errors were encountered: