Author desbma
Recipients desbma
Date 2014-11-27.19:42:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1417117359.84.0.965866100579.issue22959@psf.upfronthosting.co.za>
In-reply-to
Content
http.client.HTTPSConnection has both a check_hostname parameter, and a context parameter to pass an already setup SSL context.
When check_hostname is not set and thus is None, and when passing a SSL context set to NOT check hostnames, ie:

import http.client
import ssl

ssl_context = ssl.create_default_context() 
ssl_context.check_hostname = False
https = http.client.HTTPSConnection(..., context=ssl_context)

The https object WILL check hostname.

In my opinion the line :
https://hg.python.org/cpython/file/3.4/Lib/http/client.py#l1207
            will_verify = context.verify_mode != ssl.CERT_NONE

Should be changed to:
            will_verify = (context.verify_mode != ssl.CERT_NONE) and (context.check_hostname)
History
Date User Action Args
2014-11-27 19:42:39desbmasetrecipients: + desbma
2014-11-27 19:42:39desbmasetmessageid: <1417117359.84.0.965866100579.issue22959@psf.upfronthosting.co.za>
2014-11-27 19:42:39desbmalinkissue22959 messages
2014-11-27 19:42:39desbmacreate