diff options
author | Ori Markovitch <ori@redislabs.com> | 2018-11-26 06:19:38 -0800 |
---|---|---|
committer | Ori Markovitch <ori@redislabs.com> | 2018-11-26 06:36:56 -0800 |
commit | 9084735e8e6ef4fb6aa3e6f00c73315e4c03949b (patch) | |
tree | a1b6f0d7087b09fdf891ef9ed3f275b63349f1fa | |
parent | 16f21ea4784202be8e7b0b69d2211b0ac0d2ae9e (diff) | |
download | redis-py-9084735e8e6ef4fb6aa3e6f00c73315e4c03949b.tar.gz |
Made sure SSL SNI will not affect using redis-py in versions older than 2.7.9
-rwxr-xr-x | redis/connection.py | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/redis/connection.py b/redis/connection.py index 7d466d1..5192c9e 100755 --- a/redis/connection.py +++ b/redis/connection.py @@ -729,15 +729,23 @@ class SSLConnection(Connection): def _connect(self): "Wrap the socket with SSL support" sock = super(SSLConnection, self)._connect() - context = ssl.create_default_context() - context.check_hostname = False - context.verify_mode = self.cert_reqs - if self.certfile and self.keyfile: - context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile) - if self.ca_certs: - context.load_verify_locations(self.ca_certs) - sock = context.wrap_socket(sock, - server_hostname=self.host) + if hasattr(ssl, "create_default_context"): + context = ssl.create_default_context() + context.check_hostname = False + context.verify_mode = self.cert_reqs + if self.certfile and self.keyfile: + context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile) + if self.ca_certs: + context.load_verify_locations(self.ca_certs) + sock = context.wrap_socket(sock, + server_hostname=self.host) + else: + # In case this code runs in a version which is older than 2.7.9, we want to fall back to old code + sock = ssl.wrap_socket(sock, + cert_reqs=self.cert_reqs, + keyfile=self.keyfile, + certfile=self.certfile, + ca_certs=self.ca_certs) return sock |