Jens-G opened a new pull request, #3413: URL: https://github.com/apache/thrift/pull/3413
## Summary `TSSLSocket.py` defined `_match_hostname` as a module-level no-op lambda, shadowing the more complete implementation already exported by the companion `sslcompat` module. The `sslcompat` module exists specifically to abstract over Python version differences in `ssl.match_hostname`: it provides the real implementation on Python < 3.12 and a no-op on Python 3.12+ (where `ssl.match_hostname` was removed and hostname verification is handled entirely by OpenSSL via `check_hostname=True`). This change: - **`lib/py/src/transport/TSSLSocket.py`**: imports `_match_hostname` from `sslcompat` alongside the existing `_match_has_ipaddress` import; removes the inline no-op lambda definition. Tests added in `lib/py/test/test_sslsocket.py` (`TestMatchHostname` class): - `test_match_hostname_is_from_sslcompat`: asserts `TSSLSocket._match_hostname is sslcompat._match_hostname`. - `test_match_hostname_rejects_mismatch`: on Python < 3.12, verifies a hostname mismatch raises an exception (skipped on 3.12+ where `ssl.match_hostname` no longer exists). ## Test plan - [ ] `python3 lib/py/test/test_sslsocket.py -v` — two new matcher tests pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
