From: Ben Darnell <ben@bendarnell.com>
Date: Tue, 15 Feb 2011 04:19:58 +0000 (-0800)
Subject: Last part of certificate validation: check that the hostname matches.
X-Git-Tag: v1.2.0~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab217b6b6f37982f03d304edfcc9559d39c9ce0a;p=thirdparty%2Ftornado.git

Last part of certificate validation: check that the hostname matches.
---

diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
index cf9db3bf3..7f4f64979 100644
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -182,6 +182,10 @@ class _HTTPConnection(object):
             self._timeout = self.io_loop.add_timeout(
                 self.start_time + self.request.request_timeout,
                 self._on_timeout)
+        if (self.request.validate_cert and
+            isinstance(self.stream, SSLIOStream)):
+            match_hostname(self.stream.socket.getpeercert(),
+                           parsed.netloc.partition(":")[0])
         if (self.request.method not in self._SUPPORTED_METHODS and
             not self.request.allow_nonstandard_methods):
             raise KeyError("unknown method %s" % self.request.method)