diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-12-02 19:10:50 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-12-02 19:10:50 (GMT) |
| commit | 1bc7068d7fde0eaf2155240f629bcf80280daff6 (patch) | |
| tree | ad4f3a6cb110ffca75e33511eabaed1d5854ef25 /Lib | |
| parent | b8a3f581580cc6dc7dd9621bbb41c2b85414eaba (diff) | |
| download | cpython-1bc7068d7fde0eaf2155240f629bcf80280daff6.zip cpython-1bc7068d7fde0eaf2155240f629bcf80280daff6.tar.gz cpython-1bc7068d7fde0eaf2155240f629bcf80280daff6.tar.bz2 | |
Issue #19784: poplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/poplib.py | 8 | ||||
| -rw-r--r-- | Lib/test/test_poplib.py | 9 |
2 files changed, 14 insertions, 3 deletions
diff --git a/Lib/poplib.py b/Lib/poplib.py index 00ffbcb..23a3517 100644 --- a/Lib/poplib.py +++ b/Lib/poplib.py @@ -387,7 +387,9 @@ class POP3: if context is None: context = ssl._create_stdlib_context() resp = self._shortcmd('STLS') - self.sock = context.wrap_socket(self.sock) + server_hostname = self.host if ssl.HAS_SNI else None + self.sock = context.wrap_socket(self.sock, + server_hostname=server_hostname) self.file = self.sock.makefile('rb') self._tls_established = True return resp @@ -428,7 +430,9 @@ if HAVE_SSL: def _create_socket(self, timeout): sock = POP3._create_socket(self, timeout) - sock = self.context.wrap_socket(sock) + server_hostname = self.host if ssl.HAS_SNI else None + sock = self.context.wrap_socket(sock, + server_hostname=server_hostname) return sock def stls(self, keyfile=None, certfile=None, context=None): diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py index 70fe426..31f8a3c 100644 --- a/Lib/test/test_poplib.py +++ b/Lib/test/test_poplib.py @@ -23,7 +23,8 @@ if hasattr(poplib, 'POP3_SSL'): import ssl SUPPORTS_SSL = True - CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert.pem") + CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem") + CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem") requires_ssl = skipUnless(SUPPORTS_SSL, 'SSL not supported') # the dummy data returned by server when LIST and RETR commands are issued @@ -332,6 +333,12 @@ class TestPOP3Class(TestCase): def test_stls_context(self): expected = b'+OK Begin TLS negotiation' ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + ctx.load_verify_locations(CAFILE) + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.check_hostname = True + with self.assertRaises(ssl.CertificateError): + resp = self.client.stls(context=ctx) + self.client = poplib.POP3("localhost", self.server.port, timeout=3) resp = self.client.stls(context=ctx) self.assertEqual(resp, expected) |