[Python-checkins] cpython: Issue #19783: nntplib now supports SSLContext.check_hostname and server name
christian.heimes
python-checkins at python.org
Mon Dec 2 20:20:21 CET 2013
http://hg.python.org/cpython/rev/42a6919ee7e5
changeset: 87716:42a6919ee7e5
user: Christian Heimes <christian at cheimes.de>
date: Mon Dec 02 20:20:11 2013 +0100
summary:
Issue #19783: nntplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
files:
Doc/library/nntplib.rst | 8 ++++++++
Lib/nntplib.py | 9 +++++----
Misc/NEWS | 3 +++
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/Doc/library/nntplib.rst b/Doc/library/nntplib.rst
--- a/Doc/library/nntplib.rst
+++ b/Doc/library/nntplib.rst
@@ -102,6 +102,10 @@
.. versionadded:: 3.2
+ .. versionchanged:: 3.4
+ The class now supports hostname check with
+ :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
+ :data:`~ssl.HAS_SNI`).
.. exception:: NNTPError
@@ -241,6 +245,10 @@
.. versionadded:: 3.2
+ .. versionchanged:: 3.4
+ The method now supports hostname check with
+ :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
+ :data:`~ssl.HAS_SNI`).
.. method:: NNTP.newgroups(date, *, file=None)
diff --git a/Lib/nntplib.py b/Lib/nntplib.py
--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py
@@ -279,7 +279,7 @@
if _have_ssl:
- def _encrypt_on(sock, context):
+ def _encrypt_on(sock, context, hostname):
"""Wrap a socket in SSL/TLS. Arguments:
- sock: Socket to wrap
- context: SSL context to use for the encrypted connection
@@ -289,7 +289,8 @@
# Generate a default SSL context if none was passed.
if context is None:
context = ssl._create_stdlib_context()
- return context.wrap_socket(sock)
+ server_hostname = hostname if ssl.HAS_SNI else None
+ return context.wrap_socket(sock, server_hostname=server_hostname)
# The classes themselves
@@ -1005,7 +1006,7 @@
resp = self._shortcmd('STARTTLS')
if resp.startswith('382'):
self.file.close()
- self.sock = _encrypt_on(self.sock, context)
+ self.sock = _encrypt_on(self.sock, context, self.host)
self.file = self.sock.makefile("rwb")
self.tls_on = True
# Capabilities may change after TLS starts up, so ask for them
@@ -1065,7 +1066,7 @@
in default port and the `ssl_context` argument for SSL connections.
"""
self.sock = socket.create_connection((host, port), timeout)
- self.sock = _encrypt_on(self.sock, ssl_context)
+ self.sock = _encrypt_on(self.sock, ssl_context, host)
file = self.sock.makefile("rwb")
_NNTPBase.__init__(self, file, host,
readermode=readermode, timeout=timeout)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,9 @@
- Issue #19784: poplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
+- Issue #19783: nntplib now supports SSLContext.check_hostname and server name
+ indication for TLS/SSL connections.
+
- Issue #19782: imaplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list