Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL client certificates fail #567

plockaby opened this issue May 14, 2019 · 2 comments


None yet
2 participants
Copy link

commented May 14, 2019

I'm not sure if this worked in previous versions and just broke or if it is has always been broken but here it goes. Using Python 3.6.8 and Eventlet 0.24.1. This code works without eventlet and successfully connects to a remote host using a client certificate:

import socket
import ssl

ctx = ssl.SSLContext()
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.check_hostname = True

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
    with ctx.wrap_socket(sock, server_hostname="") as ssock:
        ssock.connect(("", 3278))
        ssock.sendall(bytes("hello", "utf-8"))

But if this is prefixed then it no longer works:

import eventlet

import socket
import ssl

I get this exception:

Traceback (most recent call last):
  File "<stdin>", line 3, in <module>
  File "/home/plockaby/venv/lib/python3.6/site-packages/eventlet/green/", line 329, in connect
  File "/home/plockaby/venv/lib/python3.6/site-packages/eventlet/green/", line 260, in do_handshake
    super(GreenSSLSocket, self).do_handshake)
  File "/home/plockaby/venv/lib/python3.6/site-packages/eventlet/green/", line 109, in _call_trampolining
    return func(*a, **kw)
  File "/usr/local/python-3.6.8/lib/python3.6/", line 1077, in do_handshake
  File "/usr/local/python-3.6.8/lib/python3.6/", line 692, in do_handshake
    raise ValueError("check_hostname needs server_hostname "
ValueError: check_hostname needs server_hostname argument

Any insight would be helpful.


This comment has been minimized.

Copy link

commented May 22, 2019

sslobj = context._wrap_socket(self, server_side)

Changing this to:

sslobj = context._wrap_socket(self, server_side, server_hostname = self.server_hostname)

Seems to fix the problem using the example


This comment has been minimized.

Copy link

commented Jun 6, 2019

The fix given by @mutesplash does indeed fix my problem so I've given you a pull request to implement it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.