add check_hostname arg to ssl._create_stdlib_context()

diff --git a/Lib/ssl.py b/Lib/ssl.py
index 4c155ea7d4463258474598d1c87e3884752a5c35..08b2df2fc1974c6411cf046ecc20dd91dab2e561 100644 (file)
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -405,7 +405,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
 
 
 def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
-                           purpose=Purpose.SERVER_AUTH,
+                           check_hostname=False, purpose=Purpose.SERVER_AUTH,
                            certfile=None, keyfile=None,
                            cafile=None, capath=None, cadata=None):
     """Create a SSLContext object for Python stdlib modules
@@ -424,6 +424,7 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
 
     if cert_reqs is not None:
         context.verify_mode = cert_reqs
+    context.check_hostname = check_hostname
 
     if keyfile and not certfile:
         raise ValueError("certfile must be specified")

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index ed263c397412676be9854b2f77b43ce452b283c2..4da31e1108794764e999b22f23b9c1084a2598e0 100644 (file)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1032,9 +1032,11 @@ class ContextTests(unittest.TestCase):
         self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
 
         ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
-                                         cert_reqs=ssl.CERT_REQUIRED)
+                                         cert_reqs=ssl.CERT_REQUIRED,
+                                         check_hostname=True)
         self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
         self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+        self.assertTrue(ctx.check_hostname)
         self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
 
         ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)