diff options
author | Vincent Bernat <vincent@bernat.im> | 2016-05-17 15:55:12 +0200 |
---|---|---|
committer | Dana Powers <dana.powers@gmail.com> | 2016-05-17 06:55:12 -0700 |
commit | a7e9dfc405d5d1de60ce15bc6dad016d6418e3aa (patch) | |
tree | e4ddf849bd4a0b2bd97282d2b7822d4a6d8bf905 | |
parent | 2c9930dea4a4537cf237ac7cc9db1f3970419b59 (diff) | |
download | kafka-python-a7e9dfc405d5d1de60ce15bc6dad016d6418e3aa.tar.gz |
kafka/conn: use original hostname for SSL checks (#682)
When the address family is not provided, `self.host` is resolved to one
of the IP addresses and replaced by it. The SSL context is then built
using `self.host` which is now an IP instead of the proper name. Most of
the time, hostname cannot be checked this way. Therefore, save the
original hostname in a dedicated property and use this property for the
SSL context.
-rw-r--r-- | kafka/conn.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/kafka/conn.py b/kafka/conn.py index 6c44aaf..5cfc7f7 100644 --- a/kafka/conn.py +++ b/kafka/conn.py @@ -76,6 +76,7 @@ class BrokerConnection(object): def __init__(self, host, port, afi, **configs): self.host = host + self.hostname = host self.port = port self.afi = afi self.in_flight_requests = collections.deque() @@ -224,7 +225,7 @@ class BrokerConnection(object): try: self._sock = self._ssl_context.wrap_socket( self._sock, - server_hostname=self.host, + server_hostname=self.hostname, do_handshake_on_connect=False) except ssl.SSLError: log.exception('%s: Failed to wrap socket in SSLContext!', str(self)) @@ -605,7 +606,8 @@ class BrokerConnection(object): return version def __repr__(self): - return "<BrokerConnection host=%s port=%d>" % (self.host, self.port) + return "<BrokerConnection host=%s/%s port=%d>" % (self.hostname, self.host, + self.port) def _address_family(address): |