diff options
author | Guido van Rossum <guido@dropbox.com> | 2013-10-16 11:48:18 -0700 |
---|---|---|
committer | Guido van Rossum <guido@dropbox.com> | 2013-10-16 11:48:18 -0700 |
commit | 2778f220cfdc44963ccf25e59091f072faa27126 (patch) | |
tree | 30a3c4214ab0f6b2daf0fd4e71f36680645f2a96 | |
parent | 85d65e304a7aac1e49d9b9f0706e75cfbdfee034 (diff) | |
download | trollius-2778f220cfdc44963ccf25e59091f072faa27126.tar.gz |
Verify hostname if requested.
-rw-r--r-- | tulip/selector_events.py | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/tulip/selector_events.py b/tulip/selector_events.py index 053afda..98e0a94 100644 --- a/tulip/selector_events.py +++ b/tulip/selector_events.py @@ -533,6 +533,7 @@ class _SelectorSslTransport(_SelectorTransport): super().__init__(loop, sslsock, protocol, extra, server) + self._server_hostname = server_hostname self._waiter = waiter self._rawsock = rawsock self._sslcontext = sslcontext @@ -563,8 +564,20 @@ class _SelectorSslTransport(_SelectorTransport): self._waiter.set_exception(exc) raise + # Verify hostname if requested. + peercert = self._sock.getpeercert() + if (self._server_hostname is not None and + self._sslcontext.verify_mode == ssl.CERT_REQUIRED): + try: + ssl.match_hostname(peercert, self._server_hostname) + except Exception as exc: + self._sock.close() + if self._waiter is not None: + self._waiter.set_exception(exc) + return + # Add extra info that becomes available after handshake. - self._extra.update(peercert=self._sock.getpeercert(), + self._extra.update(peercert=peercert, cipher=self._sock.cipher(), compression=self._sock.compression(), ) |