Permalink
Browse files

manual specification of hostname to verify against

  • Loading branch information...
1 parent 2aa3e4a commit be10e166de69b5c62625cb7a03e8cb01c89c5701 @t-8ch t-8ch committed Jan 22, 2013
Showing with 27 additions and 10 deletions.
  1. +5 −1 CONTRIBUTORS.txt
  2. +8 −0 test/with_dummyserver/test_https.py
  3. +14 −9 urllib3/connectionpool.py
View
@@ -46,7 +46,11 @@ In chronological order:
* Support for explicitly closing pooled connections
* hartator <hartator@gmail.com>
- * Corrected multipart behavior for params
+ * Corrected multipart behavior for params
+
+* Thomas Weißschuh <thomas@t-8ch.de>
+ * various SSL patches
+ * Tests
* Sune Kirkeby <mig@ibofobi.dk>
* Optional SNI-support for Python 2 via PyOpenSSL.
@@ -137,6 +137,14 @@ def test_set_ssl_version_to_sslv3(self):
self._pool.ssl_version = ssl.PROTOCOL_SSLv3
self.assertRaises(SSLError, self._pool.request, 'GET', '/')
+ def test_verify_specific_hostname(self):
+ https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
+ cert_reqs='CERT_REQUIRED')
+
+ https_pool.ca_certs = DEFAULT_CA
+ https_pool.verify_hostname = 'localhost'
+ https_pool.request('GET', '/')
+
if __name__ == '__main__':
unittest.main()
View
@@ -81,12 +81,13 @@ class VerifiedHTTPSConnection(HTTPSConnection):
ssl_version = None
def set_cert(self, key_file=None, cert_file=None,
- cert_reqs=None, ca_certs=None):
+ cert_reqs=None, ca_certs=None, verify_hostname=None):
self.key_file = key_file
self.cert_file = cert_file
self.cert_reqs = cert_reqs
self.ca_certs = ca_certs
+ self.verify_hostname = verify_hostname
def connect(self):
# Add certificate verification
@@ -104,8 +105,8 @@ def connect(self):
ssl_version=resolved_ssl_version)
if resolved_cert_reqs != ssl.CERT_NONE:
- match_hostname(self.sock.getpeercert(), self.host)
-
+ match_hostname(self.sock.getpeercert(),
+ self.verify_hostname or self.host)
## Pool objects
@@ -502,18 +503,20 @@ class HTTPSConnectionPool(HTTPConnectionPool):
:class:`.VerifiedHTTPSConnection` is used, which *can* verify certificates,
instead of :class:`httplib.HTTPSConnection`.
- The ``key_file``, ``cert_file``, ``cert_reqs``, ``ca_certs``, and ``ssl_version``
+ The ``key_file``, ``cert_file``, ``cert_reqs``, ``ca_certs``,
+ ``ssl_version`` and ``verify_hostname``
are only used if :mod:`ssl` is available and are fed into
- :meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket into an SSL socket.
+ :meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket
+ into an SSL socket.
"""
scheme = 'https'
def __init__(self, host, port=None,
strict=False, timeout=None, maxsize=1,
block=False, headers=None,
- key_file=None, cert_file=None,
- cert_reqs=None, ca_certs=None, ssl_version=None):
+ key_file=None, cert_file=None, cert_reqs=None,
+ ca_certs=None, ssl_version=None, verify_hostname=None):
HTTPConnectionPool.__init__(self, host, port,
strict, timeout, maxsize,
@@ -523,6 +526,7 @@ def __init__(self, host, port=None,
self.cert_reqs = cert_reqs
self.ca_certs = ca_certs
self.ssl_version = ssl_version
+ self.verify_hostname = verify_hostname
def _new_conn(self):
"""
@@ -532,7 +536,7 @@ def _new_conn(self):
log.info("Starting new HTTPS connection (%d): %s"
% (self.num_connections, self.host))
- if not ssl: # Platform-specific: Python compiled without +ssl
+ if not ssl: # Platform-specific: Python compiled without +ssl
if not HTTPSConnection or HTTPSConnection is object:
raise SSLError("Can't connect to HTTPS URL because the SSL "
"module is not available.")
@@ -545,7 +549,8 @@ def _new_conn(self):
port=self.port,
strict=self.strict)
connection.set_cert(key_file=self.key_file, cert_file=self.cert_file,
- cert_reqs=self.cert_reqs, ca_certs=self.ca_certs)
+ cert_reqs=self.cert_reqs, ca_certs=self.ca_certs,
+ verify_hostname=self.verify_hostname)
connection.ssl_version = self.ssl_version

0 comments on commit be10e16

Please sign in to comment.