Message204681
The patches in the dependency tickets are using SNI. The problem is, a non-None server_hostname argument raises an error when OpenSSL doesn't support the feature.
Here is a demo patch for my idea. It makes it very easy to add hostname matching to existing code. All it takes is the "server_hostname" argument to wrap_socket() and a new property "check_hostname" for the SSLContext object. The rest is done in do_handshake(). |
|
Date |
User |
Action |
Args |
2013-11-28 17:25:38 | christian.heimes | set | recipients:
+ christian.heimes, georg.brandl, janssen, pitrou, larry, giampaolo.rodola, Arfrever, dstufft |
2013-11-28 17:25:38 | christian.heimes | set | messageid: <1385659538.64.0.880832336626.issue19509@psf.upfronthosting.co.za> |
2013-11-28 17:25:38 | christian.heimes | link | issue19509 messages |
2013-11-28 17:25:38 | christian.heimes | create | |
|