diff options
author | Andy McCurdy <andy@andymccurdy.com> | 2019-01-27 11:43:33 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-27 11:43:33 -0800 |
commit | 574a10c0da5f94c63f9516c78209a010fd467b05 (patch) | |
tree | 8e6639dfd022f50d3b395bfb62685f788f98e55d | |
parent | f6fedf95761313485cd9dc3f2d60f224da7a4aab (diff) | |
parent | 62f1f19e6c817aafe5274916f2ff43bc7465b808 (diff) | |
download | redis-py-574a10c0da5f94c63f9516c78209a010fd467b05.tar.gz |
Merge pull request #1087 from oridistor/ssl_sni
Add support for SNI connection to Redis-py
-rwxr-xr-x | redis/connection.py | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/redis/connection.py b/redis/connection.py index 9181fba..cf5ed0e 100755 --- a/redis/connection.py +++ b/redis/connection.py @@ -729,11 +729,24 @@ class SSLConnection(Connection): def _connect(self): "Wrap the socket with SSL support" sock = super(SSLConnection, self)._connect() - sock = ssl.wrap_socket(sock, - cert_reqs=self.cert_reqs, - keyfile=self.keyfile, - certfile=self.certfile, - ca_certs=self.ca_certs) + if hasattr(ssl, "create_default_context"): + context = ssl.create_default_context() + context.check_hostname = False + context.verify_mode = self.cert_reqs + if self.certfile and self.keyfile: + context.load_cert_chain(certfile=self.certfile, + keyfile=self.keyfile) + if self.ca_certs: + context.load_verify_locations(self.ca_certs) + sock = context.wrap_socket(sock, server_hostname=self.host) + else: + # In case this code runs in a version which is older than 2.7.9, + # we want to fall back to old code + sock = ssl.wrap_socket(sock, + cert_reqs=self.cert_reqs, + keyfile=self.keyfile, + certfile=self.certfile, + ca_certs=self.ca_certs) return sock |