-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Begin the deprecation of auto-idna for x509.DNSName #3830
Conversation
@alex, thanks for your PR! By analyzing the history of the files in this pull request, we identified @reaperhulk, @sigmavirus24 and @frasertweedale to be potential reviewers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one comment/question
tests/test_x509_ext.py
Outdated
@@ -2220,16 +2275,20 @@ def test_other_name(self, backend): | |||
assert othernames == [expected] | |||
|
|||
def test_certbuilder(self, backend): | |||
sans = [u'*.example.org', u'*.\xf5\xe4\xf6\xfc.example.com', | |||
u'foobar.example.net'] | |||
sans = [b'*.example.org', b'*.\xf5\xe4\xf6\xfc.example.com', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be b'*.xn--4ca7aey.example.com'
or just be removed from the SAN list? Previously this tested that it was encoding idna properly, but now they're all just bytes being passed along (and we're passing non-ascii bytes here, so we're sort of testing whether OpenSSL will tolerate such garbage)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
Refs #3357