New submission from zodalahtathi: http.client.HTTPSConnection has both a check_hostname parameter, and a context parameter to pass an already setup SSL context. When check_hostname is not set and thus is None, and when passing a SSL context set to NOT check hostnames, ie:
import http.client import ssl ssl_context = ssl.create_default_context() ssl_context.check_hostname = False https = http.client.HTTPSConnection(..., context=ssl_context) The https object WILL check hostname. In my opinion the line : https://hg.python.org/cpython/file/3.4/Lib/http/client.py#l1207 will_verify = context.verify_mode != ssl.CERT_NONE Should be changed to: will_verify = (context.verify_mode != ssl.CERT_NONE) and (context.check_hostname) ---------- components: Library (Lib) messages: 231775 nosy: zodalahtathi priority: normal severity: normal status: open title: http.client.HTTPSConnection checks hostname when SSL context has check_hostname==False type: behavior versions: Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22959> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
