summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndy McCurdy <andy@andymccurdy.com>2019-01-27 11:43:33 -0800
committerGitHub <noreply@github.com>2019-01-27 11:43:33 -0800
commit574a10c0da5f94c63f9516c78209a010fd467b05 (patch)
tree8e6639dfd022f50d3b395bfb62685f788f98e55d
parentf6fedf95761313485cd9dc3f2d60f224da7a4aab (diff)
parent62f1f19e6c817aafe5274916f2ff43bc7465b808 (diff)
downloadredis-py-574a10c0da5f94c63f9516c78209a010fd467b05.tar.gz
Merge pull request #1087 from oridistor/ssl_sni
Add support for SNI connection to Redis-py
Diffstat
-rwxr-xr-xredis/connection.py23
1 files changed, 18 insertions, 5 deletions
diff --git a/redis/connection.py b/redis/connection.py
index 9181fba..cf5ed0e 100755
--- a/redis/connection.py
+++ b/redis/connection.py
@@ -729,11 +729,24 @@ class SSLConnection(Connection):
def _connect(self):
"Wrap the socket with SSL support"
sock = super(SSLConnection, self)._connect()
- sock = ssl.wrap_socket(sock,
- cert_reqs=self.cert_reqs,
- keyfile=self.keyfile,
- certfile=self.certfile,
- ca_certs=self.ca_certs)
+ if hasattr(ssl, "create_default_context"):
+ context = ssl.create_default_context()
+ context.check_hostname = False
+ context.verify_mode = self.cert_reqs
+ if self.certfile and self.keyfile:
+ context.load_cert_chain(certfile=self.certfile,
+ keyfile=self.keyfile)
+ if self.ca_certs:
+ context.load_verify_locations(self.ca_certs)
+ sock = context.wrap_socket(sock, server_hostname=self.host)
+ else:
+ # In case this code runs in a version which is older than 2.7.9,
+ # we want to fall back to old code
+ sock = ssl.wrap_socket(sock,
+ cert_reqs=self.cert_reqs,
+ keyfile=self.keyfile,
+ certfile=self.certfile,
+ ca_certs=self.ca_certs)
return sock
View Lorry Controller Status