Add support for specifying server_hostname via SNI when connecting (#325

) Add server_hostname param
mymarilyn · Jul 27, 2022 · 9903ca6 · 9903ca6
1 parent 4bbdef9
commit 9903ca6
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/clickhouse_driver/client.py b/clickhouse_driver/client.py
@@ -700,7 +700,8 @@ def from_url(cls, url):
                 kwargs[name] = asbool(value)
             elif name == 'ssl_version':
                 kwargs[name] = getattr(ssl, value)
-            elif name in ['ca_certs', 'ciphers', 'keyfile', 'certfile']:
+            elif name in ['ca_certs', 'ciphers', 'keyfile', 'certfile',
+                          'server_hostname']:
                 kwargs[name] = value
             elif name == 'alt_hosts':
                 kwargs['alt_hosts'] = value

diff --git a/clickhouse_driver/connection.py b/clickhouse_driver/connection.py
@@ -113,6 +113,11 @@ class Connection(object):
     :param ciphers: see :func:`ssl.wrap_socket` docs.
     :param keyfile: see :func:`ssl.wrap_socket` docs.
     :param certfile: see :func:`ssl.wrap_socket` docs.
+    :param server_hostname: Hostname to use in SSL Wrapper construction.
+                            Defaults to `None` which will send the passed
+                            host param during SSL initialization. This param
+                            may be used when connecting over an SSH tunnel
+                            to correctly identify the desired server via SNI.
     :param alt_hosts: list of alternative hosts for connection.
                       Example: alt_hosts=host1:port1,host2:port2.
     :param settings_is_important: ``False`` means unknown settings will be
@@ -135,6 +140,7 @@ def __init__(
             # Secure socket parameters.
             verify=True, ssl_version=None, ca_certs=None, ciphers=None,
             keyfile=None, certfile=None,
+            server_hostname=None,
             alt_hosts=None,
             settings_is_important=False,
     ):
@@ -176,6 +182,8 @@ def __init__(
 
         self.ssl_options = ssl_options
 
+        self.server_hostname = server_hostname
+
         # Use LZ4 compression by default.
         if compression is True:
             compression = 'lz4'
@@ -247,7 +255,8 @@ def _create_socket(self, host, port):
 
                 if self.secure_socket:
                     ssl_context = self._create_ssl_context(ssl_options)
-                    sock = ssl_context.wrap_socket(sock, server_hostname=host)
+                    sock = ssl_context.wrap_socket(
+                        sock, server_hostname=self.server_hostname or host)
 
                 sock.connect(sa)
                 return sock