Issue #5639: Add a *server_hostname* argument to `SSLContext.wrap_socket`

in order to support the TLS SNI extension. `HTTPSConnection` and `urlopen()` also use this argument, so that HTTPS virtual hosts are now supported.
author: Antoine Pitrou <solipsis@pitrou.net> 2010-10-22 18:19:07 (GMT)
committer: Antoine Pitrou <solipsis@pitrou.net> 2010-10-22 18:19:07 (GMT)
commit: d532321f7ba2e23e4110f05331fee8beca736826 (patch)
tree: 9383fb529fee0b92edc2a06e0435b7e8560cb1ec /Lib/ssl.py
parent: 4ebfdf01bb128005842be322fc89457d527ff000 (diff)
download: cpython-d532321f7ba2e23e4110f05331fee8beca736826.zip
cpython-d532321f7ba2e23e4110f05331fee8beca736826.tar.gz
cpython-d532321f7ba2e23e4110f05331fee8beca736826.tar.bz2
1 files changed, 12 insertions, 3 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index ae8aaef..f1a0e45 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -77,6 +77,7 @@ from _ssl import (
     SSL_ERROR_EOF,
     SSL_ERROR_INVALID_ERROR_CODE,
     )
+from _ssl import HAS_SNI
 
 from socket import getnameinfo as _getnameinfo
 from socket import error as socket_error
@@ -158,10 +159,12 @@ class SSLContext(_SSLContext):
 
     def wrap_socket(self, sock, server_side=False,
                     do_handshake_on_connect=True,
-                    suppress_ragged_eofs=True):
+                    suppress_ragged_eofs=True,
+                    server_hostname=None):
         return SSLSocket(sock=sock, server_side=server_side,
                          do_handshake_on_connect=do_handshake_on_connect,
                          suppress_ragged_eofs=suppress_ragged_eofs,
+                         server_hostname=server_hostname,
                          _context=self)
 
 
@@ -176,6 +179,7 @@ class SSLSocket(socket):
                  do_handshake_on_connect=True,
                  family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
                  suppress_ragged_eofs=True, ciphers=None,
+                 server_hostname=None,
                  _context=None):
 
         if _context:
@@ -202,7 +206,11 @@ class SSLSocket(socket):
             self.ssl_version = ssl_version
             self.ca_certs = ca_certs
             self.ciphers = ciphers
+        if server_side and server_hostname:
+            raise ValueError("server_hostname can only be specified "
+                             "in client mode")
         self.server_side = server_side
+        self.server_hostname = server_hostname
         self.do_handshake_on_connect = do_handshake_on_connect
         self.suppress_ragged_eofs = suppress_ragged_eofs
         connected = False
@@ -232,7 +240,8 @@ class SSLSocket(socket):
         if connected:
             # create the SSL object
             try:
-                self._sslobj = self.context._wrap_socket(self, server_side)
+                self._sslobj = self.context._wrap_socket(self, server_side,
+                                                         server_hostname)
                 if do_handshake_on_connect:
                     timeout = self.gettimeout()
                     if timeout == 0.0:
@@ -431,7 +440,7 @@ class SSLSocket(socket):
         if self._sslobj:
             raise ValueError("attempt to connect already-connected SSLSocket!")
         socket.connect(self, addr)
-        self._sslobj = self.context._wrap_socket(self, False)
+        self._sslobj = self.context._wrap_socket(self, False, self.server_hostname)
         try:
             if self.do_handshake_on_connect:
                 self.do_handshake()
author	Antoine Pitrou <solipsis@pitrou.net>	2010-10-22 18:19:07 (GMT)
committer	Antoine Pitrou <solipsis@pitrou.net>	2010-10-22 18:19:07 (GMT)
commit	d532321f7ba2e23e4110f05331fee8beca736826 (patch)
tree	9383fb529fee0b92edc2a06e0435b7e8560cb1ec /Lib/ssl.py
parent	4ebfdf01bb128005842be322fc89457d527ff000 (diff)
download	cpython-d532321f7ba2e23e4110f05331fee8beca736826.zip cpython-d532321f7ba2e23e4110f05331fee8beca736826.tar.gz cpython-d532321f7ba2e23e4110f05331fee8beca736826.tar.bz2