summaryrefslogtreecommitdiff
path: root/Lib/ssl.py
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-10-22 18:19:07 +0000
committerAntoine Pitrou <solipsis@pitrou.net>2010-10-22 18:19:07 +0000
commitd532321f7ba2e23e4110f05331fee8beca736826 (patch)
tree9383fb529fee0b92edc2a06e0435b7e8560cb1ec /Lib/ssl.py
parent4ebfdf01bb128005842be322fc89457d527ff000 (diff)
downloadcpython-git-d532321f7ba2e23e4110f05331fee8beca736826.tar.gz
Issue #5639: Add a *server_hostname* argument to `SSLContext.wrap_socket`
in order to support the TLS SNI extension. `HTTPSConnection` and `urlopen()` also use this argument, so that HTTPS virtual hosts are now supported.
Diffstat (limited to 'Lib/ssl.py')
-rw-r--r--Lib/ssl.py15
1 files changed, 12 insertions, 3 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index ae8aaefb4b..f1a0e45903 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -77,6 +77,7 @@ from _ssl import (
SSL_ERROR_EOF,
SSL_ERROR_INVALID_ERROR_CODE,
)
+from _ssl import HAS_SNI
from socket import getnameinfo as _getnameinfo
from socket import error as socket_error
@@ -158,10 +159,12 @@ class SSLContext(_SSLContext):
def wrap_socket(self, sock, server_side=False,
do_handshake_on_connect=True,
- suppress_ragged_eofs=True):
+ suppress_ragged_eofs=True,
+ server_hostname=None):
return SSLSocket(sock=sock, server_side=server_side,
do_handshake_on_connect=do_handshake_on_connect,
suppress_ragged_eofs=suppress_ragged_eofs,
+ server_hostname=server_hostname,
_context=self)
@@ -176,6 +179,7 @@ class SSLSocket(socket):
do_handshake_on_connect=True,
family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
suppress_ragged_eofs=True, ciphers=None,
+ server_hostname=None,
_context=None):
if _context:
@@ -202,7 +206,11 @@ class SSLSocket(socket):
self.ssl_version = ssl_version
self.ca_certs = ca_certs
self.ciphers = ciphers
+ if server_side and server_hostname:
+ raise ValueError("server_hostname can only be specified "
+ "in client mode")
self.server_side = server_side
+ self.server_hostname = server_hostname
self.do_handshake_on_connect = do_handshake_on_connect
self.suppress_ragged_eofs = suppress_ragged_eofs
connected = False
@@ -232,7 +240,8 @@ class SSLSocket(socket):
if connected:
# create the SSL object
try:
- self._sslobj = self.context._wrap_socket(self, server_side)
+ self._sslobj = self.context._wrap_socket(self, server_side,
+ server_hostname)
if do_handshake_on_connect:
timeout = self.gettimeout()
if timeout == 0.0:
@@ -431,7 +440,7 @@ class SSLSocket(socket):
if self._sslobj:
raise ValueError("attempt to connect already-connected SSLSocket!")
socket.connect(self, addr)
- self._sslobj = self.context._wrap_socket(self, False)
+ self._sslobj = self.context._wrap_socket(self, False, self.server_hostname)
try:
if self.do_handshake_on_connect:
self.do_handshake()