[pypy-commit] pypy py3k: kill SSLContext.check_hostname, it's for 3.4 (or modern 2.9) ssl.py. exposing

pjenvey pypy.commits at gmail.com
Sun May 8 15:00:50 EDT 2016 

Author: Philip Jenvey <pjenvey at underboss.org>
Branch: py3k
Changeset: r84307:3be2e22ef987
Date: 2016-05-08 11:59 -0700
http://bitbucket.org/pypy/pypy/changeset/3be2e22ef987/

Log:	kill SSLContext.check_hostname, it's for 3.4 (or modern 2.9) ssl.py.
	exposing it gives the impression that we provide a 3.4 ssl.py that
	uses it to do ssl hostname matching in do_handshake, e.g.:

	https://github.com/python/asyncio/blob/309a218/asyncio/selector_even
	ts.py#L828

	(without this change, this code never matches hostnames!)

diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -1785,8 +1785,9 @@
                                SSLContext.descr_set_verify_mode),
     verify_flags=GetSetProperty(SSLContext.descr_get_verify_flags,
                                 SSLContext.descr_set_verify_flags),
-    check_hostname=GetSetProperty(SSLContext.descr_get_check_hostname,
-                                  SSLContext.descr_set_check_hostname),
+    # XXX: For use by 3.4 ssl.py only
+    #check_hostname=GetSetProperty(SSLContext.descr_get_check_hostname,
+    #                              SSLContext.descr_set_check_hostname),
 )
 
 
diff --git a/pypy/module/_ssl/test/test_ssl.py b/pypy/module/_ssl/test/test_ssl.py
--- a/pypy/module/_ssl/test/test_ssl.py
+++ b/pypy/module/_ssl/test/test_ssl.py
@@ -105,7 +105,8 @@
              ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
 
     def test_context(self):
-        import _ssl
+        import _ssl, sys
+        py33 = sys.version_info[:2] == (3, 3)
         s = _ssl._SSLContext(_ssl.PROTOCOL_TLSv1)
         raises(ValueError, _ssl._SSLContext, -1)
 
@@ -115,10 +116,13 @@
         assert not s.options & _ssl.OP_NO_SSLv2
         raises(TypeError, "s.options = 2.5")
 
-        assert not s.check_hostname
-        exc = raises(ValueError, "s.check_hostname = True")
-        assert str(exc.value) == "check_hostname needs a SSL context with " \
-                                 "either CERT_OPTIONAL or CERT_REQUIRED"
+        if py33:
+            assert not hasattr(s, 'check_hostname')
+        else:
+            assert not s.check_hostname
+            exc = raises(ValueError, "s.check_hostname = True")
+            assert str(exc.value) == "check_hostname needs a SSL context " \
+                "with either CERT_OPTIONAL or CERT_REQUIRED"
 
         assert s.verify_mode == _ssl.CERT_NONE
         s.verify_mode = _ssl.CERT_REQUIRED
@@ -133,12 +137,13 @@
         s.verify_flags = _ssl.VERIFY_DEFAULT
         assert s.verify_flags == _ssl.VERIFY_DEFAULT
 
-        s.check_hostname = True
-        assert s.check_hostname
+        if not py33:
+            s.check_hostname = True
+            assert s.check_hostname
 
-        exc = raises(ValueError, "s.verify_mode = _ssl.CERT_NONE")
-        assert str(exc.value) == "Cannot set verify_mode to CERT_NONE " \
-                                 "when check_hostname is enabled."
+            exc = raises(ValueError, "s.verify_mode = _ssl.CERT_NONE")
+            assert str(exc.value) == "Cannot set verify_mode to CERT_NONE " \
+                                     "when check_hostname is enabled."
 
     def test_set_default_verify_paths(self):
         import _ssl

More information about the pypy-commit mailing list