diff options
author | Benjamin Peterson <benjamin@python.org> | 2014-11-23 23:04:34 (GMT) |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2014-11-23 23:04:34 (GMT) |
commit | 7243b574e5fc6f9ae68dc5ebd8252047b8e78e3b (patch) | |
tree | 4cd25f9fde37754132337eebdd1b1e958bf979f4 /Doc/library | |
parent | 378e15d7abedb4a1990230d5e3c74d2390be96c4 (diff) | |
download | cpython-7243b574e5fc6f9ae68dc5ebd8252047b8e78e3b.zip cpython-7243b574e5fc6f9ae68dc5ebd8252047b8e78e3b.tar.gz cpython-7243b574e5fc6f9ae68dc5ebd8252047b8e78e3b.tar.bz2 |
don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
Diffstat (limited to 'Doc/library')
-rw-r--r-- | Doc/library/ssl.rst | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index fb20793..1a0b1da 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -664,8 +664,7 @@ Constants .. data:: HAS_SNI Whether the OpenSSL library has built-in support for the *Server Name - Indication* extension (as defined in :rfc:`4366`). When true, you can - use the *server_hostname* argument to :meth:`SSLContext.wrap_socket`. + Indication* extension (as defined in :rfc:`4366`). .. versionadded:: 3.2 @@ -1227,11 +1226,12 @@ to speed up repeated connections from the same clients. On client connections, the optional parameter *server_hostname* specifies the hostname of the service which we are connecting to. This allows a single server to host multiple SSL-based services with distinct certificates, - quite similarly to HTTP virtual hosts. Specifying *server_hostname* - will raise a :exc:`ValueError` if the OpenSSL library doesn't have support - for it (that is, if :data:`HAS_SNI` is :const:`False`). Specifying - *server_hostname* will also raise a :exc:`ValueError` if *server_side* - is true. + quite similarly to HTTP virtual hosts. Specifying *server_hostname* will + raise a :exc:`ValueError` if *server_side* is true. + + .. versionchanged:: 3.5 + Always allow a server_hostname to be passed, even if OpenSSL does not + have SNI. .. method:: SSLContext.session_stats() |