bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED (#3531)

Signed-off-by: Christian Heimes <christian@python.org>
author: Christian Heimes <christian@python.org> 2017-09-15 18:29:57 (GMT)
committer: GitHub <noreply@github.com> 2017-09-15 18:29:57 (GMT)
commit: e82c034496512139e9ea3f68ceda86c04bc7baab (patch)
tree: 1fab1d26c6edba33d400598e705dd7269cf77e12 /Modules
parent: a170fa162dc03f0a014373349e548954fff2e567 (diff)
download: cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.zip
cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.gz
cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 8aaaa32..73abad3 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3227,10 +3227,10 @@ set_check_hostname(PySSLContext *self, PyObject *arg, void *c)
         return -1;
     if (check_hostname &&
             SSL_CTX_get_verify_mode(self->ctx) == SSL_VERIFY_NONE) {
-        PyErr_SetString(PyExc_ValueError,
-                        "check_hostname needs a SSL context with either "
-                        "CERT_OPTIONAL or CERT_REQUIRED");
-        return -1;
+        /* check_hostname = True sets verify_mode = CERT_REQUIRED */
+        if (_set_verify_mode(self->ctx, PY_SSL_CERT_REQUIRED) == -1) {
+            return -1;
+        }
     }
     self->check_hostname = check_hostname;
     return 0;
author	Christian Heimes <christian@python.org>	2017-09-15 18:29:57 (GMT)
committer	GitHub <noreply@github.com>	2017-09-15 18:29:57 (GMT)
commit	e82c034496512139e9ea3f68ceda86c04bc7baab (patch)
tree	1fab1d26c6edba33d400598e705dd7269cf77e12 /Modules
parent	a170fa162dc03f0a014373349e548954fff2e567 (diff)
download	cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.zip cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.gz cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.bz2