Christian Heimes added the comment:
You are still ignoring my remarks about TLS SNI. :)
Python uses server_hostname for two different but related parts of the TLS/SSL.
1) When server_hostname is set, the client sends the hostname to the server
during the TLS handshake in the ClientHello message.  Without a TLS SNI
extension your client may talk to the wrong service. TLS SNI not limited to
HTTPS, although HTTPS virtual hosting is the biggest user of SNI. You should
only omit the argument if you directly connect to an IP address.
2) Python uses server_hostname to verify that the certificate matches the
hostname. Hostname matching can be disabled with a custom SSLContext that has
check hostname disabled.
server_hostname='' should not bypass hostname verification. That's a bug.
Python tracker <rep...@bugs.python.org>
Python-bugs-list mailing list