Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 31aa69ead58c53ef670ae45debbcd07e3c099d0b^! / . / Lib
commit31aa69ead58c53ef670ae45debbcd07e3c099d0b[log] [tgz]
authorBenjamin Peterson <benjamin@python.org>Sun Nov 23 20:13:31 2014 -0600
committerBenjamin Peterson <benjamin@python.org>Sun Nov 23 20:13:31 2014 -0600
treec357bb434acd1d6e39b6a6e70243071244afb3d0
parent88922db77568ead498631379ff87c07a22529b7f [diff]
allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI (closes #22921)

Patch from Donald Stufft.

diff --git a/Lib/httplib.py b/Lib/httplib.py
index db5fa37..6d2e38d 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py

@@ -1214,10 +1214,9 @@
                 server_hostname = self._tunnel_host
             else:
                 server_hostname = self.host
-            sni_hostname = server_hostname if ssl.HAS_SNI else None
 
             self.sock = self._context.wrap_socket(self.sock,
-                                                  server_hostname=sni_hostname)
+                                                  server_hostname=server_hostname)
             if not self._context.check_hostname and self._check_hostname:
                 try:
                     ssl.match_hostname(self.sock.getpeercert(), server_hostname)

diff --git a/Lib/ssl.py b/Lib/ssl.py
index 4b68284..c9f25c0 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py

@@ -527,12 +527,7 @@
             raise ValueError("server_hostname can only be specified "
                              "in client mode")
         if self._context.check_hostname and not server_hostname:
-            if HAS_SNI:
-                raise ValueError("check_hostname requires server_hostname")
-            else:
-                raise ValueError("check_hostname requires server_hostname, "
-                                 "but it's not supported by your OpenSSL "
-                                 "library")
+            raise ValueError("check_hostname requires server_hostname")
         self.server_side = server_side
         self.server_hostname = server_hostname
         self.do_handshake_on_connect = do_handshake_on_connect

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 39aa17c..b023fbc 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py

@@ -1323,11 +1323,8 @@
             # Same with a server hostname
             s = ctx.wrap_socket(socket.socket(socket.AF_INET),
                                 server_hostname="svn.python.org")
-            if ssl.HAS_SNI:
-                s.connect(("svn.python.org", 443))
-                s.close()
-            else:
-                self.assertRaises(ValueError, s.connect, ("svn.python.org", 443))
+            s.connect(("svn.python.org", 443))
+            s.close()
             # This should fail because we have no verification certs
             ctx.verify_mode = ssl.CERT_REQUIRED
             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
@@ -2089,7 +2086,6 @@
                     cert = s.getpeercert()
                     self.assertTrue(cert, "Can't get peer certificate.")
 
-        @needs_sni
         def test_check_hostname(self):
             if support.verbose:
                 sys.stdout.write("\n")