[issue23843] ssl.wrap_socket doesn't handle virtual TLS hosts

Changes by Giampaolo Rodola' : -- nosy: -giampaolo.rodola ___ Python tracker ___ ___

[issue23843] ssl.wrap_socket doesn't handle virtual TLS hosts

Christian Heimes added the comment: ssl.wrap_socket() will be deprecated in 3.6. Please use a context. You can still inspect the server cert with a context. In fact ssl.wrap_socket() uses a context internally. -- resolution: -> wont fix status: open -> closed versions: +Python 3.6

[issue23843] ssl.wrap_socket doesn't handle virtual TLS hosts

John Nagle added the comment: I'm using wrap_socket because I want to read the details of a server's SSL certificate. Starting from Python 3.2, it can be more flexible to use SSLContext.wrap_socket() instead does not convey that ssl.wrap_socket() will fail to connect to some servers

[issue23843] ssl.wrap_socket doesn't handle virtual TLS hosts

Antoine Pitrou added the comment: Not sure why you're using wrap_socket() directly. Most of the time you should be using a higher-level library instead (for example a HTTP(S) library). In any case, the doc already mentions that Starting from Python 3.2, it can be more flexible to use

[issue23843] ssl.wrap_socket doesn't handle virtual TLS hosts

New submission from John Nagle: ssl.wrap_socket() always uses the SSL certificate associated with the raw IP address, rather than using the server_host feature of TLS. Even when wrap_socket is used before calling connect(port, host), the host parameter isn't used by TLS. To get proper TLS