diff options
| author | Benjamin Peterson <benjamin@python.org> | 2014-12-07 18:47:34 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2014-12-07 18:47:34 (GMT) |
| commit | b46247bee518487abcc9e17925d28d682b8e08ac (patch) | |
| tree | 6618e2002d1aa6a6abd6f51626235a866e9a8bfc /Lib | |
| parent | 5db1bb81ff88c90364cfcf458bae8115126411d8 (diff) | |
| parent | a090f01bb63d73382e6e65b0364047c50afae5c2 (diff) | |
| download | cpython-b46247bee518487abcc9e17925d28d682b8e08ac.zip cpython-b46247bee518487abcc9e17925d28d682b8e08ac.tar.gz cpython-b46247bee518487abcc9e17925d28d682b8e08ac.tar.bz2 | |
merge 3.4 (#22959)
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/http/client.py | 4 | ||||
| -rw-r--r-- | Lib/test/test_httplib.py | 14 |
2 files changed, 16 insertions, 2 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py index 4a8b4ee..4169e60 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -1274,8 +1274,8 @@ else: context = ssl._create_default_https_context() will_verify = context.verify_mode != ssl.CERT_NONE if check_hostname is None: - check_hostname = will_verify - elif check_hostname and not will_verify: + check_hostname = context.check_hostname + if check_hostname and not will_verify: raise ValueError("check_hostname needs a SSL context with " "either CERT_OPTIONAL or CERT_REQUIRED") if key_file or cert_file: diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py index ddeabe1..90da3fc 100644 --- a/Lib/test/test_httplib.py +++ b/Lib/test/test_httplib.py @@ -1113,6 +1113,7 @@ class HTTPSTest(TestCase): server = self.make_server(CERT_fakehostname) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED + context.check_hostname = True context.load_verify_locations(CERT_fakehostname) h = client.HTTPSConnection('localhost', server.port, context=context) with self.assertRaises(ssl.CertificateError): @@ -1123,11 +1124,24 @@ class HTTPSTest(TestCase): with self.assertRaises(ssl.CertificateError): h.request('GET', '/') # With check_hostname=False, the mismatching is ignored + context.check_hostname = False h = client.HTTPSConnection('localhost', server.port, context=context, check_hostname=False) h.request('GET', '/nonexistent') resp = h.getresponse() self.assertEqual(resp.status, 404) + # The context's check_hostname setting is used if one isn't passed to + # HTTPSConnection. + context.check_hostname = False + h = client.HTTPSConnection('localhost', server.port, context=context) + h.request('GET', '/nonexistent') + self.assertEqual(h.getresponse().status, 404) + # Passing check_hostname to HTTPSConnection should override the + # context's setting. + h = client.HTTPSConnection('localhost', server.port, context=context, + check_hostname=True) + with self.assertRaises(ssl.CertificateError): + h.request('GET', '/') @unittest.skipIf(not hasattr(client, 'HTTPSConnection'), 'http.client.HTTPSConnection not available') |