This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, gvanrossum, j1m, r.david.murray, yselivanov
Date 2016-09-16.07:56:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1474012608.45.0.103031924736.issue27391@psf.upfronthosting.co.za>
In-reply-to
Content 
You are still ignoring my remarks about TLS SNI. :)

Python uses server_hostname for two different but related parts of the TLS/SSL.

1) When server_hostname is set, the client sends the hostname to the server during the TLS handshake in the ClientHello message. [1] Without a TLS SNI extension your client may talk to the wrong service. TLS SNI not limited to HTTPS, although HTTPS virtual hosting is the biggest user of SNI. You should only omit the argument if you directly connect to an IP address.

2) Python uses server_hostname to verify that the certificate matches the hostname. Hostname matching can be disabled with a custom SSLContext that has check hostname disabled.
[1] https://en.wikipedia.org/wiki/Server_Name_Indication

server_hostname='' should not bypass hostname verification. That's a bug.
History
Date User Action Args
2016-09-16 07:56:48christian.heimessetrecipients: + christian.heimes, gvanrossum, r.david.murray, j1m, yselivanov
2016-09-16 07:56:48christian.heimessetmessageid: <1474012608.45.0.103031924736.issue27391@psf.upfronthosting.co.za>
2016-09-16 07:56:48christian.heimeslinkissue27391 messages
2016-09-16 07:56:48christian.heimescreate