Issue #19509: Finish implementation of check_hostname

The new asyncio package now supports the new feature and comes with additional tests for SSL.
author: Christian Heimes <christian@cheimes.de> 2013-12-05 23:23:13 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-12-05 23:23:13 (GMT)
commit: 6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57 (patch)
tree: 09996431e9b7acef25a3cd75b0d378fc9692a522 /Lib/asyncio
parent: 8ff6f3e895066ebf9f97106248fc0013be6b23ab (diff)
download: cpython-6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57.zip
cpython-6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57.tar.gz
cpython-6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57.tar.bz2
1 files changed, 14 insertions, 11 deletions
diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
index 93efddc..19caf79 100644
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -583,7 +583,8 @@ class _SelectorSslTransport(_SelectorTransport):
                 # cadefault=True.
                 if hasattr(ssl, '_create_stdlib_context'):
                     sslcontext = ssl._create_stdlib_context(
-                        cert_reqs=ssl.CERT_REQUIRED)
+                        cert_reqs=ssl.CERT_REQUIRED,
+                        check_hostname=bool(server_hostname))
                 else:
                     # Fallback for Python 3.3.
                     sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
@@ -639,17 +640,19 @@ class _SelectorSslTransport(_SelectorTransport):
         self._loop.remove_reader(self._sock_fd)
         self._loop.remove_writer(self._sock_fd)
 
-        # Verify hostname if requested.
         peercert = self._sock.getpeercert()
-        if (self._server_hostname and
-            self._sslcontext.verify_mode != ssl.CERT_NONE):
-            try:
-                ssl.match_hostname(peercert, self._server_hostname)
-            except Exception as exc:
-                self._sock.close()
-                if self._waiter is not None:
-                    self._waiter.set_exception(exc)
-                return
+        if not hasattr(self._sslcontext, 'check_hostname'):
+            # Verify hostname if requested, Python 3.4+ uses check_hostname
+            # and checks the hostname in do_handshake()
+            if (self._server_hostname and
+                self._sslcontext.verify_mode != ssl.CERT_NONE):
+                try:
+                    ssl.match_hostname(peercert, self._server_hostname)
+                except Exception as exc:
+                    self._sock.close()
+                    if self._waiter is not None:
+                        self._waiter.set_exception(exc)
+                    return
 
         # Add extra info that becomes available after handshake.
         self._extra.update(peercert=peercert,
author	Christian Heimes <christian@cheimes.de>	2013-12-05 23:23:13 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-12-05 23:23:13 (GMT)
commit	6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57 (patch)
tree	09996431e9b7acef25a3cd75b0d378fc9692a522 /Lib/asyncio
parent	8ff6f3e895066ebf9f97106248fc0013be6b23ab (diff)
download	cpython-6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57.zip cpython-6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57.tar.gz cpython-6d8c1abb003a4cb05f1ddcf0eeddeeeed513cd57.tar.bz2