git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	juhovh <juhovh@iki.fi>
	Sun, 18 Apr 2021 11:11:48 +0000 (21:11 +1000)
committer	GitHub <noreply@github.com>
	Sun, 18 Apr 2021 11:11:48 +0000 (04:11 -0700)
commit	49fdf118aeda891401d638ac32296c7d55d54678
tree	28b2e0df7618d9934e70d4a72019bcfbff08d18b	tree \| snapshot
parent	2798f247c0747d28cb857fa80803797b24696cb6	commit \| diff

bpo-36076: Add SNI support to ssl.get_server_certificate. (GH-16820)

Many servers in the cloud environment require SNI to be used during the
SSL/TLS handshake, therefore it is not possible to fetch their certificates
using the ssl.get_server_certificate interface.

This change adds an additional optional hostname argument that can be used to
set the SNI. Note that it is intentionally a separate argument instead of
using the host part of the addr tuple, because one might want to explicitly
fetch the default certificate or fetch a certificate from a specific IP
address with the specified SNI hostname. A separate argument also works better
for backwards compatibility.

Automerge-Triggered-By: GH:tiran

Lib/ssl.py		diff \| blob \| blame \| history
Lib/test/test_ssl.py		diff \| blob \| blame \| history
Misc/ACKS		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2019-10-16-17-21-53.bpo-36076.FGeQQT.rst	[new file with mode: 0644]	blob