diff options
| author | Paul Lockaby <plockaby@uw.edu> | 2019-06-06 13:39:06 -0700 |
|---|---|---|
| committer | Sergey Shepelev <temotor@gmail.com> | 2021-05-11 21:18:43 +0300 |
| commit | 1a64cd700ec917fb408dff43d804c51061802c08 (patch) | |
| tree | d1cc050c6931c20f2be650650d8ff91b04ad64ad | |
| parent | 60d52530ea67caec46a34bb97d0a0812f4ca8c33 (diff) | |
| download | eventlet-1a64cd700ec917fb408dff43d804c51061802c08.tar.gz | |
ssl: py3.6 using client certificates raised ValueError: check_hostname needs server_hostname argument
https://github.com/eventlet/eventlet/issues/567
https://github.com/eventlet/eventlet/pull/575
| -rw-r--r-- | eventlet/green/ssl.py | 2 | ||||
| -rw-r--r-- | tests/ssl_test.py | 24 |
2 files changed, 25 insertions, 1 deletions
diff --git a/eventlet/green/ssl.py b/eventlet/green/ssl.py index 53a0fa6..3a5692d 100644 --- a/eventlet/green/ssl.py +++ b/eventlet/green/ssl.py @@ -364,7 +364,7 @@ class GreenSSLSocket(_original_sslsocket): sslobj = self._context._wrap_socket(self._sock, server_side, ssl_sock=self) else: context = self.context if PY33 else self._context - sslobj = context._wrap_socket(self, server_side) + sslobj = context._wrap_socket(self, server_side, server_hostname=self.server_hostname) else: sslobj = sslwrap(self._sock, server_side, self.keyfile, self.certfile, self.cert_reqs, self.ssl_version, diff --git a/tests/ssl_test.py b/tests/ssl_test.py index ea0cc85..b5913a2 100644 --- a/tests/ssl_test.py +++ b/tests/ssl_test.py @@ -1,6 +1,7 @@ import contextlib import random import socket +import sys import warnings import eventlet @@ -371,3 +372,26 @@ class SSLTest(tests.LimitedTestCase): peer, _ = server_tls.accept() assert peer.recv(64) == expected peer.close() + + def test_client_check_hostname(self): + # stdlib API compatibility + # https://github.com/eventlet/eventlet/issues/567 + def serve(listener): + sock, addr = listener.accept() + sock.recv(64) + sock.sendall(b"response") + sock.close() + + listener = listen_ssl_socket() + server_coro = eventlet.spawn(serve, listener) + ctx = ssl.create_default_context() + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.check_hostname = True + ctx.load_verify_locations(tests.certificate_file) + ctx.load_cert_chain(tests.certificate_file, tests.private_key_file) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + client = ctx.wrap_socket(sock, server_hostname="Test") + client.connect(listener.getsockname()) + client.send(b"check_hostname works") + client.recv(64) + server_coro.wait() |