On Sun, 01 Dec 2013 02:53:32 +0100
Christian Heimes
Am 30.11.2013 23:51, schrieb Antoine Pitrou:
Small nit: what happens if the server_hostname is None (i.e. wasn't passed to context.wrap_socket())?
The code will raise an exception. My patch already implements a more verbose ValueError that explains the cause of the problem. It's flaw in code, that calls context.wrap_socket. Erroneous code will no longer pass silently.
The patch also ensures a valid combination of verify_mode and check_hostname:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.check_hostname = True Traceback (most recent call last): File "<stdin>", line 1, in <module> ValueError: check_hostname needs a SSL context with either CERT_OPTIONAL or CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED context.check_hostname = True context.verify_mode = ssl.CERT_NONE Traceback (most recent call last): File "<stdin>", line 1, in <module> ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.
So I have to set attributes in a given order? I find this silly. Regards Antoine.