Mikaela/Limnoria
1
0
Fork 0
mirror of https://github.com/Mikaela/Limnoria.git synced 2024-11-02 17:29:22 +01:00
Code Issues Projects Releases Wiki Activity

Try to provide Server Name Indication even if Python does not have SSLContext.

Browse Source
This commit is contained in:
Valentin Lorentz 2016-07-20 20:42:30 +02:00
parent 9c29652697
commit dc4afb45a0
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/utils/net.py
View File

@ -180,7 +180,14 @@ else:
ca_file=None, trusted_fingerprints=None): ca_file=None, trusted_fingerprints=None):
# TLSv1.0 is the only TLS version Python < 2.7.9 supports # TLSv1.0 is the only TLS version Python < 2.7.9 supports
# (besides SSLv2 and v3, which are known to be insecure) # (besides SSLv2 and v3, which are known to be insecure)
conn = ssl.wrap_socket(conn, certfile=certfile, ca_certs=ca_file, try:
conn = ssl.wrap_socket(conn,
server_hostname=hostname,
certfile=certfile, ca_certs=ca_file,
ssl_version=ssl.PROTOCOL_TLSv1)
except TypeError: # server_hostname is not supported
conn = ssl.wrap_socket(conn,
certfile=certfile, ca_certs=ca_file,
ssl_version=ssl.PROTOCOL_TLSv1) ssl_version=ssl.PROTOCOL_TLSv1)
if trusted_fingerprints: if trusted_fingerprints:
check_certificate_fingerprint(conn, trusted_fingerprints) check_certificate_fingerprint(conn, trusted_fingerprints)