[Python-checkins] cpython: add check_hostname arg to ssl._create_stdlib_context()

Mon Dec 2 20:59:38 CET 2013

http://hg.python.org/cpython/rev/ba1cc1a6de01
changeset: 87718:ba1cc1a6de01
user: Christian Heimes <christian at cheimes.de>
date: Mon Dec 02 20:59:28 2013 +0100
summary:
 add check_hostname arg to ssl._create_stdlib_context()
files:
 Lib/ssl.py | 3 ++-
 Lib/test/test_ssl.py | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -405,7 +405,7 @@
 
 
 def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
- purpose=Purpose.SERVER_AUTH,
+ check_hostname=False, purpose=Purpose.SERVER_AUTH,
 certfile=None, keyfile=None,
 cafile=None, capath=None, cadata=None):
 """Create a SSLContext object for Python stdlib modules
@@ -424,6 +424,7 @@
 
 if cert_reqs is not None:
 context.verify_mode = cert_reqs
+ context.check_hostname = check_hostname
 
 if keyfile and not certfile:
 raise ValueError("certfile must be specified")
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1032,9 +1032,11 @@
 self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
 
 ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
- cert_reqs=ssl.CERT_REQUIRED)
+ cert_reqs=ssl.CERT_REQUIRED,
+ check_hostname=True)
 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+ self.assertTrue(ctx.check_hostname)
 self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
 
 ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)
-- 
Repository URL: http://hg.python.org/cpython
