ssl.SSLContext.check_hostname

SSLContext.check_hostname

Whether to match the peer cert’s hostname with match_hostname() in SSLSocket.do_handshake(). The context’s verify_mode must be set to CERT_OPTIONAL or CERT_REQUIRED, and you must pass server_hostname to wrap_socket() in order to match the hostname.

Example:

import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_default_certs()

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = context.wrap_socket(s, server_hostname='www.verisign.com')
ssl_sock.connect(('www.verisign.com', 443))

New in version 3.4.

Note

This features requires OpenSSL 0.9.8f or newer.

Links:

https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.check_hostname

doc_python

2016-10-07 17:42:50

Comments