From: Bob Halley <halley@dnspython.org>
Date: Fri, 7 Jul 2023 14:29:08 +0000 (-0700)
Subject: In async TLS do not ignore a ssl_context given as an argument [#951].
X-Git-Tag: v2.4.0~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff75996bdd105ea485c0271c71b3c017b92f1de1;p=thirdparty%2Fdnspython.git

In async TLS do not ignore a ssl_context given as an argument [#951].

The async TLS code would always fail if given an ssl_context instead
of making one, as it set the passed paramter to None and then called
into the async socket backend, which would make a regular TCP socket
(i.e. no TLS), which would be rejected by the server as it wasn't
using TLS.

(cherry picked from commit 73badd1e27d54f74a3d7815a3edb911f5db394a0)
---

diff --git a/dns/asyncquery.py b/dns/asyncquery.py
index 54093c17..4e660b53 100644
--- a/dns/asyncquery.py
+++ b/dns/asyncquery.py
@@ -443,9 +443,6 @@ async def tls(
             ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
             if server_hostname is None:
                 ssl_context.check_hostname = False
-        else:
-            ssl_context = None
-            server_hostname = None
         af = dns.inet.af_for_address(where)
         stuple = _source_tuple(af, source, source_port)
         dtuple = (where, port)