merge 3.4 (#22921)

author: Benjamin Peterson <benjamin@python.org> 2014-11-23 23:06:39 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2014-11-23 23:06:39 (GMT)
commit: f9284ae8ede5b8977248a4259eee0cd81a100c16 (patch)
tree: b3430fd55e6b76ee01dfd6ac4a0baa52de7b7a3a /Lib
parent: f1a3240ba86408a2cdb88a2bfa38a2dce1f4ed9c (diff)
parent: 7243b574e5fc6f9ae68dc5ebd8252047b8e78e3b (diff)
download: cpython-f9284ae8ede5b8977248a4259eee0cd81a100c16.zip
cpython-f9284ae8ede5b8977248a4259eee0cd81a100c16.tar.gz
cpython-f9284ae8ede5b8977248a4259eee0cd81a100c16.tar.bz2
14 files changed, 17 insertions, 60 deletions
diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
index f0c94c4..7df8b86 100644
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -708,7 +708,7 @@ class _SelectorSslTransport(_SelectorTransport):
             'server_side': server_side,
             'do_handshake_on_connect': False,
         }
-        if server_hostname and not server_side and ssl.HAS_SNI:
+        if server_hostname and not server_side:
             wrap_kwargs['server_hostname'] = server_hostname
         sslsock = sslcontext.wrap_socket(rawsock, **wrap_kwargs)
 
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 5b25b02..2f084d0 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -747,9 +747,8 @@ else:
                 resp = self.voidcmd('AUTH TLS')
             else:
                 resp = self.voidcmd('AUTH SSL')
-            server_hostname = self.host if ssl.HAS_SNI else None
             self.sock = self.context.wrap_socket(self.sock,
-                                                 server_hostname=server_hostname)
+                                                 server_hostname=self.host)
             self.file = self.sock.makefile(mode='r', encoding=self.encoding)
             return resp
 
@@ -788,9 +787,8 @@ else:
         def ntransfercmd(self, cmd, rest=None):
             conn, size = FTP.ntransfercmd(self, cmd, rest)
             if self._prot_p:
-                server_hostname = self.host if ssl.HAS_SNI else None
                 conn = self.context.wrap_socket(conn,
-                                                server_hostname=server_hostname)
+                                                server_hostname=self.host)
             return conn, size
 
         def abort(self):
diff --git a/Lib/http/client.py b/Lib/http/client.py
index 0a58fcb..31d066b 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -1288,10 +1288,9 @@ else:
                 server_hostname = self._tunnel_host
             else:
                 server_hostname = self.host
-            sni_hostname = server_hostname if ssl.HAS_SNI else None
 
             self.sock = self._context.wrap_socket(self.sock,
-                                                  server_hostname=sni_hostname)
+                                                  server_hostname=server_hostname)
             if not self._context.check_hostname and self._check_hostname:
                 try:
                     ssl.match_hostname(self.sock.getpeercert(), server_hostname)
diff --git a/Lib/imaplib.py b/Lib/imaplib.py
index 27445dd..49ee39d 100644
--- a/Lib/imaplib.py
+++ b/Lib/imaplib.py
@@ -753,9 +753,8 @@ class IMAP4:
             ssl_context = ssl._create_stdlib_context()
         typ, dat = self._simple_command(name)
         if typ == 'OK':
-            server_hostname = self.host if ssl.HAS_SNI else None
             self.sock = ssl_context.wrap_socket(self.sock,
-                                                server_hostname=server_hostname)
+                                                server_hostname=self.host)
             self.file = self.sock.makefile('rb')
             self._tls_established = True
             self._get_capabilities()
@@ -1231,9 +1230,8 @@ if HAVE_SSL:
 
         def _create_socket(self):
             sock = IMAP4._create_socket(self)
-            server_hostname = self.host if ssl.HAS_SNI else None
             return self.ssl_context.wrap_socket(sock,
-                                                server_hostname=server_hostname)
+                                                server_hostname=self.host)
 
         def open(self, host='', port=IMAP4_SSL_PORT):
             """Setup connection to remote server on "host:port".
diff --git a/Lib/nntplib.py b/Lib/nntplib.py
index d33faf8..bcf7d1b 100644
--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py
@@ -289,8 +289,7 @@ if _have_ssl:
         # Generate a default SSL context if none was passed.
         if context is None:
             context = ssl._create_stdlib_context()
-        server_hostname = hostname if ssl.HAS_SNI else None
-        return context.wrap_socket(sock, server_hostname=server_hostname)
+        return context.wrap_socket(sock, server_hostname=hostname)
 
 
 # The classes themselves
diff --git a/Lib/poplib.py b/Lib/poplib.py
index 2b0e3d5..8ad9cb7 100644
--- a/Lib/poplib.py
+++ b/Lib/poplib.py
@@ -387,9 +387,8 @@ class POP3:
         if context is None:
             context = ssl._create_stdlib_context()
         resp = self._shortcmd('STLS')
-        server_hostname = self.host if ssl.HAS_SNI else None
         self.sock = context.wrap_socket(self.sock,
-                                        server_hostname=server_hostname)
+                                        server_hostname=self.host)
         self.file = self.sock.makefile('rb')
         self._tls_established = True
         return resp
@@ -430,9 +429,8 @@ if HAVE_SSL:
 
         def _create_socket(self, timeout):
             sock = POP3._create_socket(self, timeout)
-            server_hostname = self.host if ssl.HAS_SNI else None
             sock = self.context.wrap_socket(sock,
-                                            server_hostname=server_hostname)
+                                            server_hostname=self.host)
             return sock
 
         def stls(self, keyfile=None, certfile=None, context=None):
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 6676af8..327a454 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -709,9 +709,8 @@ class SMTP:
             if context is None:
                 context = ssl._create_stdlib_context(certfile=certfile,
                                                      keyfile=keyfile)
-            server_hostname = self._host if ssl.HAS_SNI else None
             self.sock = context.wrap_socket(self.sock,
-                                            server_hostname=server_hostname)
+                                            server_hostname=self._host)
             self.file = None
             # RFC 3207:
             # The client MUST discard any knowledge obtained from
@@ -940,9 +939,8 @@ if _have_ssl:
                 print('connect:', (host, port), file=stderr)
             new_socket = socket.create_connection((host, port), timeout,
                     self.source_address)
-            server_hostname = self._host if ssl.HAS_SNI else None
             new_socket = self.context.wrap_socket(new_socket,
-                                                  server_hostname=server_hostname)
+                                                  server_hostname=self._host)
             return new_socket
 
     __all__.append("SMTP_SSL")
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 726bc7b..3d132b2 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -655,12 +655,7 @@ class SSLSocket(socket):
             raise ValueError("server_hostname can only be specified "
                              "in client mode")
         if self._context.check_hostname and not server_hostname:
-            if HAS_SNI:
-                raise ValueError("check_hostname requires server_hostname")
-            else:
-                raise ValueError("check_hostname requires server_hostname, "
-                                 "but it's not supported by your OpenSSL "
-                                 "library")
+            raise ValueError("check_hostname requires server_hostname")
         self.server_side = server_side
         self.server_hostname = server_hostname
         self.do_handshake_on_connect = do_handshake_on_connect
diff --git a/Lib/test/test_asyncio/test_events.py b/Lib/test/test_asyncio/test_events.py
index fab3259..ea657fd 100644
--- a/Lib/test/test_asyncio/test_events.py
+++ b/Lib/test/test_asyncio/test_events.py
@@ -12,9 +12,6 @@ try:
     import ssl
 except ImportError:
     ssl = None
-    HAS_SNI = False
-else:
-    from ssl import HAS_SNI
 import subprocess
 import sys
 import threading
@@ -857,7 +854,6 @@ class EventLoopTestsMixin:
         server.close()
 
     @unittest.skipIf(ssl is None, 'No ssl module')
-    @unittest.skipUnless(HAS_SNI, 'No SNI support in ssl module')
     def test_create_server_ssl_verify_failed(self):
         proto = MyProto(loop=self.loop)
         server, host, port = self._make_ssl_server(
@@ -882,7 +878,6 @@ class EventLoopTestsMixin:
         server.close()
 
     @unittest.skipIf(ssl is None, 'No ssl module')
-    @unittest.skipUnless(HAS_SNI, 'No SNI support in ssl module')
     @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets')
     def test_create_unix_server_ssl_verify_failed(self):
         proto = MyProto(loop=self.loop)
@@ -909,7 +904,6 @@ class EventLoopTestsMixin:
         server.close()
 
     @unittest.skipIf(ssl is None, 'No ssl module')
-    @unittest.skipUnless(HAS_SNI, 'No SNI support in ssl module')
     def test_create_server_ssl_match_failed(self):
         proto = MyProto(loop=self.loop)
         server, host, port = self._make_ssl_server(
@@ -937,7 +931,6 @@ class EventLoopTestsMixin:
         server.close()
 
     @unittest.skipIf(ssl is None, 'No ssl module')
-    @unittest.skipUnless(HAS_SNI, 'No SNI support in ssl module')
     @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets')
     def test_create_unix_server_ssl_verified(self):
         proto = MyProto(loop=self.loop)
@@ -963,7 +956,6 @@ class EventLoopTestsMixin:
         server.close()
 
     @unittest.skipIf(ssl is None, 'No ssl module')
-    @unittest.skipUnless(HAS_SNI, 'No SNI support in ssl module')
     def test_create_server_ssl_verified(self):
         proto = MyProto(loop=self.loop)
         server, host, port = self._make_ssl_server(
diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
index 528da39..8eba56c 100644
--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
@@ -1408,7 +1408,7 @@ class SelectorSslTransportTests(test_utils.TestCase):
         self.assertEqual(tr._conn_lost, 1)
         self.assertEqual(1, self.loop.remove_reader_count[1])
 
-    @unittest.skipIf(ssl is None or not ssl.HAS_SNI, 'No SNI support')
+    @unittest.skipIf(ssl is None, 'No SSL support')
     def test_server_hostname(self):
         _SelectorSslTransport(
             self.loop, self.sock, self.protocol, self.sslcontext,
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
index b401cf7..5db70c0 100644
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@@ -15,9 +15,6 @@ try:
     import ssl
 except ImportError:
     ssl = None
-    HAS_SNI = False
-else:
-    from ssl import HAS_SNI
 
 from unittest import TestCase, skipUnless
 from test import support
@@ -927,7 +924,6 @@ class TestTLS_FTPClass(TestCase):
         self.client.ccc()
         self.assertRaises(ValueError, self.client.sock.unwrap)
 
-    @skipUnless(HAS_SNI, 'No SNI support in ssl module')
     def test_check_hostname(self):
         self.client.quit()
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
index b587073..5485a2a 100644
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@@ -19,9 +19,6 @@ try:
     import ssl
 except ImportError:
     ssl = None
-    HAS_SNI = False
-else:
-    from ssl import HAS_SNI
 
 CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
 CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
@@ -387,7 +384,6 @@ class ThreadedNetworkedTestsSSL(ThreadedNetworkedTests):
     imap_class = IMAP4_SSL
 
     @reap_threads
-    @unittest.skipUnless(HAS_SNI, 'No SNI support in ssl module')
     def test_ssl_verified(self):
         ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
         ssl_context.verify_mode = ssl.CERT_REQUIRED
diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py
index 8ff6d7f..14a519d 100644
--- a/Lib/test/test_poplib.py
+++ b/Lib/test/test_poplib.py
@@ -21,13 +21,10 @@ PORT = 0
 SUPPORTS_SSL = False
 if hasattr(poplib, 'POP3_SSL'):
     import ssl
-    from ssl import HAS_SNI
 
     SUPPORTS_SSL = True
     CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
     CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
-else:
-    HAS_SNI = False
 
 requires_ssl = skipUnless(SUPPORTS_SSL, 'SSL not supported')
 
@@ -334,7 +331,6 @@ class TestPOP3Class(TestCase):
         self.assertEqual(resp, expected)
 
     @requires_ssl
-    @skipUnless(HAS_SNI, 'No SNI support in ssl module')
     def test_stls_context(self):
         expected = b'+OK Begin TLS negotiation'
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index aa17317..06705b2 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1428,11 +1428,8 @@ class NetworkedTests(unittest.TestCase):
             # Same with a server hostname
             s = ctx.wrap_socket(socket.socket(socket.AF_INET),
                                 server_hostname="svn.python.org")
-            if ssl.HAS_SNI:
-                s.connect(("svn.python.org", 443))
-                s.close()
-            else:
-                self.assertRaises(ValueError, s.connect, ("svn.python.org", 443))
+            s.connect(("svn.python.org", 443))
+            s.close()
             # This should fail because we have no verification certs
             ctx.verify_mode = ssl.CERT_REQUIRED
             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
@@ -1696,12 +1693,8 @@ class NetworkedBIOTests(unittest.TestCase):
             ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             ctx.verify_mode = ssl.CERT_REQUIRED
             ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)
-            if ssl.HAS_SNI:
-                ctx.check_hostname = True
-                sslobj = ctx.wrap_bio(incoming, outgoing, False, 'svn.python.org')
-            else:
-                ctx.check_hostname = False
-                sslobj = ctx.wrap_bio(incoming, outgoing, False)
+            ctx.check_hostname = True
+            sslobj = ctx.wrap_bio(incoming, outgoing, False, 'svn.python.org')
             self.assertIs(sslobj._sslobj.owner, sslobj)
             self.assertIsNone(sslobj.cipher())
             self.assertRaises(ValueError, sslobj.getpeercert)
@@ -2283,7 +2276,6 @@ else:
                     cert = s.getpeercert()
                     self.assertTrue(cert, "Can't get peer certificate.")
 
-        @needs_sni
         def test_check_hostname(self):
             if support.verbose:
                 sys.stdout.write("\n")
author	Benjamin Peterson <benjamin@python.org>	2014-11-23 23:06:39 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2014-11-23 23:06:39 (GMT)
commit	f9284ae8ede5b8977248a4259eee0cd81a100c16 (patch)
tree	b3430fd55e6b76ee01dfd6ac4a0baa52de7b7a3a /Lib
parent	f1a3240ba86408a2cdb88a2bfa38a2dce1f4ed9c (diff)
parent	7243b574e5fc6f9ae68dc5ebd8252047b8e78e3b (diff)
download	cpython-f9284ae8ede5b8977248a4259eee0cd81a100c16.zip cpython-f9284ae8ede5b8977248a4259eee0cd81a100c16.tar.gz cpython-f9284ae8ede5b8977248a4259eee0cd81a100c16.tar.bz2