diff -r 7117e9b0f595 Lib/ssl.py
--- a/Lib/ssl.py	Sat May 30 12:06:03 2015 -0600
+++ b/Lib/ssl.py	Sat May 30 22:33:59 2015 +0200
@@ -738,7 +738,7 @@
             try:
                 sslobj = self._context._wrap_socket(self, server_side,
                                                     server_hostname)
-                self._sslobj = SSLObject(sslobj, owner=self)
+                self._sslobj = sslobj
                 if do_handshake_on_connect:
                     timeout = self.gettimeout()
                     if timeout == 0.0:
@@ -783,7 +783,11 @@
         if not self._sslobj:
             raise ValueError("Read on closed or unwrapped SSL socket.")
         try:
-            return self._sslobj.read(len, buffer)
+            if buffer is not None:
+                v = self._sslobj.read(len, buffer)
+            else:
+                v = self._sslobj.read(len or 1024)
+            return v
         except SSLError as x:
             if x.args[0] == SSL_ERROR_EOF and self.suppress_ragged_eofs:
                 if buffer is not None:
@@ -810,7 +814,7 @@
 
         self._checkClosed()
         self._check_connected()
-        return self._sslobj.getpeercert(binary_form)
+        return self._sslobj.peer_certificate(binary_form)
 
     def selected_npn_protocol(self):
         self._checkClosed()
@@ -963,7 +967,7 @@
 
     def unwrap(self):
         if self._sslobj:
-            s = self._sslobj.unwrap()
+            s = self._sslobj.shutdown()
             self._sslobj = None
             return s
         else:
@@ -983,6 +987,11 @@
             self._sslobj.do_handshake()
         finally:
             self.settimeout(timeout)
+        if self.context.check_hostname:
+            if not self.server_hostname:
+                raise ValueError("check_hostname needs server_hostname "
+                                 "argument")
+            match_hostname(self.getpeercert(), self.server_hostname)
 
     def _real_connect(self, addr, connect_ex):
         if self.server_side:
@@ -992,7 +1001,7 @@
         if self._connected:
             raise ValueError("attempt to connect already-connected SSLSocket!")
         sslobj = self.context._wrap_socket(self, False, self.server_hostname)
-        self._sslobj = SSLObject(sslobj, owner=self)
+        self._sslobj = sslobj
         try:
             if connect_ex:
                 rc = socket.connect_ex(self, addr)
@@ -1035,9 +1044,15 @@
         if the requested `cb_type` is not supported.  Return bytes of the data
         or None if the data is not available (e.g. before the handshake).
         """
+        if cb_type not in CHANNEL_BINDING_TYPES:
+            raise ValueError("Unsupported channel binding type")
+        if cb_type != "tls-unique":
+            raise NotImplementedError(
+                            "{0} channel binding type not implemented"
+                            .format(cb_type))
         if self._sslobj is None:
             return None
-        return self._sslobj.get_channel_binding(cb_type)
+        return self._sslobj.tls_unique_cb()
 
     def version(self):
         """