From 216d463b1f5eea7b6505b9ec13372d830ef720b6 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 2 Dec 2013 20:20:11 +0100 Subject: Issue #19783: nntplib now supports SSLContext.check_hostname and server name indication for TLS/SSL connections. --- Lib/nntplib.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'Lib/nntplib.py') diff --git a/Lib/nntplib.py b/Lib/nntplib.py index 046f48343d..fcb01d319b 100644 --- a/Lib/nntplib.py +++ b/Lib/nntplib.py @@ -279,7 +279,7 @@ def _unparse_datetime(dt, legacy=False): if _have_ssl: - def _encrypt_on(sock, context): + def _encrypt_on(sock, context, hostname): """Wrap a socket in SSL/TLS. Arguments: - sock: Socket to wrap - context: SSL context to use for the encrypted connection @@ -289,7 +289,8 @@ if _have_ssl: # Generate a default SSL context if none was passed. if context is None: context = ssl._create_stdlib_context() - return context.wrap_socket(sock) + server_hostname = hostname if ssl.HAS_SNI else None + return context.wrap_socket(sock, server_hostname=server_hostname) # The classes themselves @@ -1005,7 +1006,7 @@ class _NNTPBase: resp = self._shortcmd('STARTTLS') if resp.startswith('382'): self.file.close() - self.sock = _encrypt_on(self.sock, context) + self.sock = _encrypt_on(self.sock, context, self.host) self.file = self.sock.makefile("rwb") self.tls_on = True # Capabilities may change after TLS starts up, so ask for them @@ -1065,7 +1066,7 @@ if _have_ssl: in default port and the `ssl_context` argument for SSL connections. """ self.sock = socket.create_connection((host, port), timeout) - self.sock = _encrypt_on(self.sock, ssl_context) + self.sock = _encrypt_on(self.sock, ssl_context, host) file = self.sock.makefile("rwb") _NNTPBase.__init__(self, file, host, readermode=readermode, timeout=timeout) -- cgit v1.2.1