You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue: redis-py doesn't enforce hostname validation (Common Name nor Subject Alternative Name) by default when accepting a cert from a remote SSL terminator. This default behavior isn't compatible to accepted PEPs/RFCs and provides a dangerous sense of false security.
Task: Correct redis-py to validate certificates by default. IMHO this shouldn't be considered a breaking change as it simply reenforces the expected results when initiating a SSL connection.
Issue: redis-py doesn't enforce hostname validation (Common Name nor Subject Alternative Name) by default when accepting a cert from a remote SSL terminator. This default behavior isn't compatible to accepted PEPs/RFCs and provides a dangerous sense of false security.
Task: Correct redis-py to validate certificates by default. IMHO this shouldn't be considered a breaking change as it simply reenforces the expected results when initiating a SSL connection.
Additional research:
The text was updated successfully, but these errors were encountered: