Martin Panter added the comment:
The code fragment you posted looks like it is from HTTPSConnection.connect()
<https://hg.python.org/cpython/file/v2.7.11/Lib/httplib.py#l1272>. But
_get_hostport() is already called to set self.host in __init__(), and to set
self._tunnel_host in set_tunnel(). So I do not understand what you are
proposing. Can you provide a patch?
Failing that, can you give a demonstration where the SNI and “request
ServerName” (is this the Host header field?) mismatch?
The only potential bug I can see is if you specify the host by IP address, the
IP address is sent as the SNI, when RFC 6066 seems to say a literal IP address
is not permitted.
Client (run in Python 2.7.11):
>>> conn = HTTPSConnection("127.0.0.1:44300",
>>> context=ssl._create_unverified_context())
>>> conn.request("GET", "/")
Server (run in Python 3.6):
>>> server = socket()
>>> server.bind(("localhost", 44300))
>>> server.listen()
>>> context = SSLContext(PROTOCOL_SSLv23)
>>> @context.set_servername_callback
... def callback(conn, name, context):
... print(f"Requested server name {name!r}")
... context = SSLContext(PROTOCOL_SSLv23)
... context.load_cert_chain("Lib/test/keycert.pem")
... conn.context = context
...
>>> [conn, _] = server.accept()
>>> wrapped = context.wrap_socket(conn, server_side=True)
Requested server name '127.0.0.1'
My understanding is the client shouldn’t use SNI here, in which case the server
name would be None.
----------
nosy: +martin.panter
stage: -> test needed
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue26238>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
