commit f8cbbbb652caf694661ab0ee8a4858fc7692c59a
author Antoine Pitrou <solipsis@pitrou.net> Sun Mar 23 16:31:08 2014 +0100
committer Antoine Pitrou <solipsis@pitrou.net> Sun Mar 23 16:31:08 2014 +0100
tree d593afa5d6efd4d102967956e616495c87cedc0e
parent c346060440f342fa0138536057d16fdaf1f974f0

Issue #20913: make it clear that create_default_context() also enables hostname checking

Doc/library/ssl.rst

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index e0b8eec..1673da7 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1626,7 +1626,8 @@
 security policy, it is highly recommended that you use the
 :func:`create_default_context` function to create your SSL context.
 It will load the system's trusted CA certificates, enable certificate
-validation, and try to choose reasonably secure protocol and cipher settings.
+validation and hostname checking, and try to choose reasonably secure
+protocol and cipher settings.
 
 For example, here is how you would use the :class:`smtplib.SMTP` class to
 create a trusted, secure connection to a SMTP server::
@@ -1641,9 +1642,9 @@
 :meth:`SSLContext.load_cert_chain`.
 
 By contrast, if you create the SSL context by calling the :class:`SSLContext`
-constructor yourself, it will not have certificate validation enabled by
-default.  If you do so, please read the paragraphs below to achieve a good
-security level.
+constructor yourself, it will not have certificate validation nor hostname
+checking enabled by default.  If you do so, please read the paragraphs below
+to achieve a good security level.
 
 Manual settings
 ^^^^^^^^^^^^^^^