add check_hostname arg to ssl._create_stdlib_context()

2025-11-03 23:21:29 +00:00 · 2013-12-02 20:59:28 +01:00 · 2013-12-02 20:59:28 +01:00 · a02c69a73b
commit a02c69a73b
parent a5768f7292
2 changed files with 5 additions and 2 deletions
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@ -405,7 +405,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,


 def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
-                           purpose=Purpose.SERVER_AUTH,
+                           check_hostname=False, purpose=Purpose.SERVER_AUTH,
                           certfile=None, keyfile=None,
                           cafile=None, capath=None, cadata=None):
    """Create a SSLContext object for Python stdlib modules
@ -424,6 +424,7 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,

    if cert_reqs is not None:
        context.verify_mode = cert_reqs
+    context.check_hostname = check_hostname

    if keyfile and not certfile:
        raise ValueError("certfile must be specified")
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -1032,9 +1032,11 @@ def test__create_stdlib_context(self):
        self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)

        ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
-                                         cert_reqs=ssl.CERT_REQUIRED)
+                                         cert_reqs=ssl.CERT_REQUIRED,
+                                         check_hostname=True)
        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
        self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+        self.assertTrue(ctx.check_hostname)
        self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)

        ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)