Last part of certificate validation: check that the hostname matches.

tornadoweb · Feb 15, 2011 · ab217b6 · ab217b6
1 parent 372e545
commit ab217b6
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
@@ -182,6 +182,10 @@ def _on_connect(self, parsed):
             self._timeout = self.io_loop.add_timeout(
                 self.start_time + self.request.request_timeout,
                 self._on_timeout)
+        if (self.request.validate_cert and
+            isinstance(self.stream, SSLIOStream)):
+            match_hostname(self.stream.socket.getpeercert(),
+                           parsed.netloc.partition(":")[0])
         if (self.request.method not in self._SUPPORTED_METHODS and
             not self.request.allow_nonstandard_methods):
             raise KeyError("unknown method %s" % self.request.method)