Christian Heimes added the comment:

You are still ignoring my remarks about TLS SNI. :)

Python uses server_hostname for two different but related parts of the TLS/SSL.

1) When server_hostname is set, the client sends the hostname to the server 
during the TLS handshake in the ClientHello message. [1] Without a TLS SNI 
extension your client may talk to the wrong service. TLS SNI not limited to 
HTTPS, although HTTPS virtual hosting is the biggest user of SNI. You should 
only omit the argument if you directly connect to an IP address.

2) Python uses server_hostname to verify that the certificate matches the 
hostname. Hostname matching can be disabled with a custom SSLContext that has 
check hostname disabled.

server_hostname='' should not bypass hostname verification. That's a bug.


Python tracker <>
Python-bugs-list mailing list

Reply via email to