[issue22921] SSLContext's check_hostname needlessly intertwined with SNI
Donald Stufft
report at bugs.python.org
Sun Nov 23 19:55:09 CET 2014
Donald Stufft added the comment:
I tested this patch on Python 3.5 compiled on CentOS 5.11 which does not have SNI enabled. The end result is that you can use server_hostname even when SNI isn't there to enable the SSL certificate checks. Of course the check will fail if the host your connecting to requires SNI to serve the expected certificate, but that's no different than it is today.
The docs still need updated, I can do that a little bit later today, but figured I'd let people review this since it's done and working other than the docs.
The basic gist of the patch is that we stash the hostname and use it for the validation checks, but we don't send it deeper into the stack if SNI is not available.
----------
keywords: +patch
Added file: http://bugs.python.org/file37256/check-hostname-no-sni.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22921>
_______________________________________
More information about the Python-bugs-list
mailing list