Skip to content

Commit

Permalink
Add support for specifying server_hostname via SNI when connecting (#325
Browse files Browse the repository at this point in the history
)

Add server_hostname param
  • Loading branch information
dspangen authored Jul 27, 2022
1 parent 4bbdef9 commit 9903ca6
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
3 changes: 2 additions & 1 deletion clickhouse_driver/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -700,7 +700,8 @@ def from_url(cls, url):
kwargs[name] = asbool(value)
elif name == 'ssl_version':
kwargs[name] = getattr(ssl, value)
elif name in ['ca_certs', 'ciphers', 'keyfile', 'certfile']:
elif name in ['ca_certs', 'ciphers', 'keyfile', 'certfile',
'server_hostname']:
kwargs[name] = value
elif name == 'alt_hosts':
kwargs['alt_hosts'] = value
Expand Down
11 changes: 10 additions & 1 deletion clickhouse_driver/connection.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,11 @@ class Connection(object):
:param ciphers: see :func:`ssl.wrap_socket` docs.
:param keyfile: see :func:`ssl.wrap_socket` docs.
:param certfile: see :func:`ssl.wrap_socket` docs.
:param server_hostname: Hostname to use in SSL Wrapper construction.
Defaults to `None` which will send the passed
host param during SSL initialization. This param
may be used when connecting over an SSH tunnel
to correctly identify the desired server via SNI.
:param alt_hosts: list of alternative hosts for connection.
Example: alt_hosts=host1:port1,host2:port2.
:param settings_is_important: ``False`` means unknown settings will be
Expand All @@ -135,6 +140,7 @@ def __init__(
# Secure socket parameters.
verify=True, ssl_version=None, ca_certs=None, ciphers=None,
keyfile=None, certfile=None,
server_hostname=None,
alt_hosts=None,
settings_is_important=False,
):
Expand Down Expand Up @@ -176,6 +182,8 @@ def __init__(

self.ssl_options = ssl_options

self.server_hostname = server_hostname

# Use LZ4 compression by default.
if compression is True:
compression = 'lz4'
Expand Down Expand Up @@ -247,7 +255,8 @@ def _create_socket(self, host, port):

if self.secure_socket:
ssl_context = self._create_ssl_context(ssl_options)
sock = ssl_context.wrap_socket(sock, server_hostname=host)
sock = ssl_context.wrap_socket(
sock, server_hostname=self.server_hostname or host)

sock.connect(sa)
return sock
Expand Down

0 comments on commit 9903ca6

Please sign in to comment.