Author dstufft
Recipients alex, benjamin.peterson, christian.heimes, dstufft, pitrou
Date 2014-11-23.18:55:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1416768909.04.0.854225743039.issue22921@psf.upfronthosting.co.za>
In-reply-to
Content
I tested this patch on Python 3.5 compiled on CentOS 5.11 which does not have SNI enabled. The end result is that you can use server_hostname even when SNI isn't there to enable the SSL certificate checks. Of course the check will fail if the host your connecting to requires SNI to serve the expected certificate, but that's no different than it is today.

The docs still need updated, I can do that a little bit later today, but figured I'd let people review this since it's done and working other than the docs.

The basic gist of the patch is that we stash the hostname and use it for the validation checks, but we don't send it deeper into the stack if SNI is not available.
History
Date User Action Args
2014-11-23 18:55:09dstufftsetrecipients: + dstufft, pitrou, christian.heimes, benjamin.peterson, alex
2014-11-23 18:55:09dstufftsetmessageid: <1416768909.04.0.854225743039.issue22921@psf.upfronthosting.co.za>
2014-11-23 18:55:09dstufftlinkissue22921 messages
2014-11-23 18:55:08dstufftcreate