From: Brian Wellington <bwelling@xbill.org>
Date: Mon, 30 Sep 2019 19:39:18 +0000 (-0700)
Subject: Add server_hostname to dns.query.tls()
X-Git-Tag: v2.0.0rc1~351^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d273a03ca085ce1df58505cf01d45765c1a6ba5;p=thirdparty%2Fdnspython.git

Add server_hostname to dns.query.tls()
---

diff --git a/dns/query.py b/dns/query.py
index 8eeadbb6..65149762 100644
--- a/dns/query.py
+++ b/dns/query.py
@@ -517,7 +517,7 @@ def tcp(q, where, timeout=None, port=53, af=None, source=None, source_port=0,
 
 def tls(q, where, timeout=None, port=853, af=None, source=None, source_port=0,
         one_rr_per_rrset=False, ignore_trailing=False,
-        ssl_context=None):
+        ssl_context=None, server_hostname=None):
     """Return the response obtained after sending a query via TLS.
 
     *q*, a ``dns.message.Message``, the query to send
@@ -551,6 +551,10 @@ def tls(q, where, timeout=None, port=853, af=None, source=None, source_port=0,
     a TLS connection. If ``None``, the default, creates one with the default
     configuration.
 
+    *server_hostname*, a ``text`` containing the server's hostname.  The
+    default is ``None``, which means that no hostname is known, and if an
+    SSL context is created, hostname checking will be disabled.
+
     Returns a ``dns.message.Message``.
     """
 
@@ -569,7 +573,10 @@ def tls(q, where, timeout=None, port=853, af=None, source=None, source_port=0,
         _connect(s, destination, expiration)
         if ssl_context is None:
             ssl_context = ssl.create_default_context()
-        s = ssl_context.wrap_socket(s, do_handshake_on_connect=False)
+            if server_hostname is None:
+                ssl_context.check_hostname = False
+        s = ssl_context.wrap_socket(s, do_handshake_on_connect=False,
+                                    server_hostname=server_hostname)
         while True:
             try:
                 s.do_handshake()