Issue #23239: ssl.match_hostname() now supports matching of IP addresses.

1 files changed, 7 insertions, 4 deletions

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index e7cf425..254fc1f 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -344,10 +344,9 @@ Certificate handling
    Verify that *cert* (in decoded format as returned by
    :meth:`SSLSocket.getpeercert`) matches the given *hostname*.  The rules
    applied are those for checking the identity of HTTPS servers as outlined
-   in :rfc:`2818` and :rfc:`6125`, except that IP addresses are not currently
-   supported. In addition to HTTPS, this function should be suitable for
-   checking the identity of servers in various SSL-based protocols such as
-   FTPS, IMAPS, POPS and others.
+   in :rfc:`2818` and :rfc:`6125`.  In addition to HTTPS, this function
+   should be suitable for checking the identity of servers in various
+   SSL-based protocols such as FTPS, IMAPS, POPS and others.
 
    :exc:`CertificateError` is raised on failure. On success, the function
    returns nothing::
@@ -369,6 +368,10 @@ Certificate handling
       IDN A-labels such as ``www*.xn--pthon-kva.org`` are still supported,
       but ``x*.python.org`` no longer matches ``xn--tda.python.org``.
 
+   .. versionchanged:: 3.5
+      Matching of IP addresses, when present in the subjectAltName field
+      of the certificate, is now supported.
+
 .. function:: cert_time_to_seconds(cert_time)
 
    Return the time in seconds since the Epoch, given the ``cert_time``