Last part of certificate validation: check that the hostname matches.

author Ben Darnell <ben@bendarnell.com>

Tue, 15 Feb 2011 04:19:58 +0000 (20:19 -0800)

committer Ben Darnell <ben@bendarnell.com>

Tue, 15 Feb 2011 04:19:58 +0000 (20:19 -0800)
author Ben Darnell <ben@bendarnell.com>
Tue, 15 Feb 2011 04:19:58 +0000 (20:19 -0800)
committer Ben Darnell <ben@bendarnell.com>
Tue, 15 Feb 2011 04:19:58 +0000 (20:19 -0800)
diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py

index cf9db3bf32eab2418eefad79377d33a6124ba9ca..7f4f64979032179efbe10a5e715b3f5cbc8dd688 100644 (file)
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -182,6 +182,10 @@ class _HTTPConnection(object):
              self._timeout = self.io_loop.add_timeout(
                  self.start_time + self.request.request_timeout,
                  self._on_timeout)
+        if (self.request.validate_cert and
+            isinstance(self.stream, SSLIOStream)):
+            match_hostname(self.stream.socket.getpeercert(),
+                           parsed.netloc.partition(":")[0])
          if (self.request.method not in self._SUPPORTED_METHODS and
              not self.request.allow_nonstandard_methods):
              raise KeyError("unknown method %s" % self.request.method)
author	Ben Darnell <ben@bendarnell.com>
	Tue, 15 Feb 2011 04:19:58 +0000 (20:19 -0800)
committer	Ben Darnell <ben@bendarnell.com>
	Tue, 15 Feb 2011 04:19:58 +0000 (20:19 -0800)