Red Hat Security Advisory 2014-1690-01 - The python-backports-ssl_match_hostname package provides RFC 6125 compliant wildcard matching. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.
630f007e3d3cbb97e3d958feade33386613235e76e9498f96c508f28f5197ea2