Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generate_adhoc_ssl_pair() uses hardcoded subject alternative name of * #2158

Closed
henryk opened this issue Jun 10, 2021 · 0 comments · Fixed by #2159
Closed

generate_adhoc_ssl_pair() uses hardcoded subject alternative name of * #2158

henryk opened this issue Jun 10, 2021 · 0 comments · Fixed by #2159
Milestone

Comments

@henryk
Copy link
Contributor

henryk commented Jun 10, 2021

Steps to reproduce:

  • Use a development server created with werkzeug.service.generate_adhoc_ssl_pair(cn="localhost") (I'm using pytest-httpserver)
  • Connect with Python built-in methods (making sure to provide the adhoc certificate as a CA file)

Actual results:

  • A hardcoded SAN of * is added to the certificate, leading to ssl.SSLCertVerificationError: ("sole wildcard without additional labels are not support: '*'.",)

Expected results:

  • The cn value should also be the single DNS name in the SAN

Environment:

  • Python version: Python 3.8.5
  • Werkzeug version: 2.0.1
@davidism davidism added this to the 2.0.2 milestone Aug 6, 2021
@davidism davidism closed this as completed Aug 6, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants