Martin Panter added the comment: The code fragment you posted looks like it is from HTTPSConnection.connect() <https://hg.python.org/cpython/file/v2.7.11/Lib/httplib.py#l1272>. But _get_hostport() is already called to set self.host in __init__(), and to set self._tunnel_host in set_tunnel(). So I do not understand what you are proposing. Can you provide a patch?
Failing that, can you give a demonstration where the SNI and “request ServerName” (is this the Host header field?) mismatch? The only potential bug I can see is if you specify the host by IP address, the IP address is sent as the SNI, when RFC 6066 seems to say a literal IP address is not permitted. Client (run in Python 2.7.11): >>> conn = HTTPSConnection("127.0.0.1:44300", >>> context=ssl._create_unverified_context()) >>> conn.request("GET", "/") Server (run in Python 3.6): >>> server = socket() >>> server.bind(("localhost", 44300)) >>> server.listen() >>> context = SSLContext(PROTOCOL_SSLv23) >>> @context.set_servername_callback ... def callback(conn, name, context): ... print(f"Requested server name {name!r}") ... context = SSLContext(PROTOCOL_SSLv23) ... context.load_cert_chain("Lib/test/keycert.pem") ... conn.context = context ... >>> [conn, _] = server.accept() >>> wrapped = context.wrap_socket(conn, server_side=True) Requested server name '127.0.0.1' My understanding is the client shouldn’t use SNI here, in which case the server name would be None. ---------- nosy: +martin.panter stage: -> test needed _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26238> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com