eventlet
SSL: make sure SNI is supported on CPython 2.7.9+
https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
wrap_socket(sock, ..., server_hostname='foo.bar')
On Py3 it also doesn't work.
These two examples work differently:
#1 (w/o eventlet)
import ssl import socket myhostname = "my.host.com" myctx = ssl.create_default_context() myctx.check_hostname = False myctx.verify_mode = ssl.CERT_NONE myctx.load_cert_chain(certfile="/path/to/cert.pem", keyfile="/path/to/key/cert_key.pem", password="xxx") s = myctx.wrap_socket(socket.socket(), server_hostname=myhostname) s.connect((myhostname, 6443)) cert = s.getpeercert(binary_form=True) ssl.DER_cert_to_PEM_cert(cert)
#2 (with eventlet)
import eventlet.green.ssl as ssl import socket myhostname = "my.host.com" myctx = ssl.create_default_context() myctx.check_hostname = False myctx.verify_mode = ssl.CERT_NONE myctx.load_cert_chain(certfile="/path/to/cert.pem", keyfile="/path/to/cert_key.pem", password="xxx") s = myctx.wrap_socket(socket.socket(), server_hostname=myhostname) s.connect((myhostname, 6443)) cert = s.getpeercert(binary_form=True) ssl.DER_cert_to_PEM_cert(cert)
The problem is that the eventlet "green" version of "wrap_socket" doesn't take "server_hostname" into account. If we pass "self.server_hostname" in https://github.com/eventlet/eventlet/blob/master/eventlet/green/ssl.py#L356 explicitly it'll work.
Can you please address that?
Thanks
