On Sun, 01 Dec 2013 02:53:32 +0100 Christian Heimes <christ...@python.org> wrote: > Am 30.11.2013 23:51, schrieb Antoine Pitrou: > > Small nit: what happens if the server_hostname is None (i.e. wasn't > > passed to context.wrap_socket())? > > The code will raise an exception. My patch already implements a more > verbose ValueError that explains the cause of the problem. It's flaw in > code, that calls context.wrap_socket. Erroneous code will no longer pass > silently. > > The patch also ensures a valid combination of verify_mode and > check_hostname: > > >>> context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) > >>> context.check_hostname = True > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > ValueError: check_hostname needs a SSL context with either CERT_OPTIONAL > or CERT_REQUIRED > >>> context.verify_mode = ssl.CERT_REQUIRED > >>> context.check_hostname = True > >>> context.verify_mode = ssl.CERT_NONE > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is > enabled.
So I have to set attributes in a given order? I find this silly. Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
