Donald Stufft added the comment: I tested this patch on Python 3.5 compiled on CentOS 5.11 which does not have SNI enabled. The end result is that you can use server_hostname even when SNI isn't there to enable the SSL certificate checks. Of course the check will fail if the host your connecting to requires SNI to serve the expected certificate, but that's no different than it is today.
The docs still need updated, I can do that a little bit later today, but figured I'd let people review this since it's done and working other than the docs. The basic gist of the patch is that we stash the hostname and use it for the validation checks, but we don't send it deeper into the stack if SNI is not available. ---------- keywords: +patch Added file: http://bugs.python.org/file37256/check-hostname-no-sni.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22921> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
