New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpo-19180: Updated reference for RFC 1750 and RFC 3280 #148
Conversation
chkumar246
commented
Feb 18, 2017
- RFC 1750 has been been obsoleted by RFC 4086.
- RFC 3280 has been obsoleted by RFC 5280.
- RFC 4366 has been obsoleted by RFC 6066.
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA). Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA. This is necessary for legal reasons before we can look at your contribution. Please follow these steps to help rectify the issue:
Thanks again to your contribution and we look forward to looking at it! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the little effect my review can have, I approve, and comment made by OP are correct.
RFC 4366 has been obsoleted by RFC 6066.
If another reviewer is wondering, this one is already cited a couple of lines after the end the diff.
Thanks for the review. Any thing more to add to this patch? |
@Carreau @serhiy-storchaka anything more i can improve to this patch? |
@serhiy-storchaka - shall we move forward with this? The change looks good to me. These are |
RFC references should be updated only if the ssl module actually supports new RFCs and is not sticked to obsolete RFCs. I'm not a SSL expert and don't know if it is. @tiran is an expert. There are also other references to obsolete RFCs in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update inline references, too.
Also please add RFC 6125 and link it from match_hostname.
@@ -2306,14 +2306,11 @@ successful call of :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or | |||
`RFC 1422: Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management <https://www.ietf.org/rfc/rfc1422>`_ | |||
Steve Kent | |||
|
|||
`RFC 1750: Randomness Recommendations for Security <https://www.ietf.org/rfc/rfc1750>`_ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This RFC is referenced in the documentation of RAND_add
. You need to update both occurrences.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
`RFC 4366: Transport Layer Security (TLS) Extensions <https://www.ietf.org/rfc/rfc4366>`_ | ||
Blake-Wilson et. al. | ||
`RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile <http://datatracker.ietf.org/doc/rfc5280/>`_ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5280 is correct. Please update documentation of SSLSocket.getpeercert
, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
`RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile <https://www.ietf.org/rfc/rfc3280>`_ | ||
Housley et. al. | ||
|
||
`RFC 4366: Transport Layer Security (TLS) Extensions <https://www.ietf.org/rfc/rfc4366>`_ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RFC 6066 is the successor to 4366. Please update documentation of HAS_SNI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@chkumar246 Thanks for the initial work on this at the PyCon Pune sprints. Do you think you may be able to find time to follow up on @tiran's feedback, or would you prefer that someone else pick up the change and finish up those final details? |
Added the sprint label, as this PR was submitted at the PyCon Pune 2017 core development sprint. |
Sorry for the late reply, I will update the PR soon. |
* RFC 1750 has been been obsoleted by RFC 4086. * RFC 3280 has been obsoleted by RFC 5280. * RFC 4366 has been obsoleted by RFC 6066.
Just add the url https://bugs.python.org/issue19180 |
thanks @ncoghlan |
…pythonGH-148) * RFC 1750 has been been obsoleted by RFC 4086. * RFC 3280 has been obsoleted by RFC 5280. * RFC 4366 has been obsoleted by RFC 6066. (cherry picked from commit 63c2c8a)
Backport: #2023 |