From: Christian Heimes <christian@cheimes.de>
Date: Thu, 5 Dec 2013 06:51:17 +0000 (+0100)
Subject: Issue 19509: Don't call match_hostname() twice in http.client.
X-Git-Tag: v3.4.0b2~335
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f723c711d3a798793af1505f7bdaf1bf622ef88e;p=thirdparty%2FPython%2Fcpython.git

Issue 19509: Don't call match_hostname() twice in http.client.
---

diff --git a/Lib/http/client.py b/Lib/http/client.py
index 5c52ba349ac0..56f548a1a7e0 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -1204,13 +1204,13 @@ else:
             server_hostname = self.host if ssl.HAS_SNI else None
             self.sock = self._context.wrap_socket(sock,
                                                   server_hostname=server_hostname)
-            try:
-                if self._check_hostname:
+            if not self._context.check_hostname and self._check_hostname:
+                try:
                     ssl.match_hostname(self.sock.getpeercert(), self.host)
-            except Exception:
-                self.sock.shutdown(socket.SHUT_RDWR)
-                self.sock.close()
-                raise
+                except Exception:
+                    self.sock.shutdown(socket.SHUT_RDWR)
+                    self.sock.close()
+                    raise
 
     __all__.append("HTTPSConnection")