pyOpenSSL is vulnerable to hostname check bypassing. This is because it does not properly handle hostnames in the certificate that contain null bytes.The string formatting of subjectAltName X509Extension instances incorrectly truncates fields of the name when encountering null bytes, allowing man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.