Issue #19783: nntplib now supports SSLContext.check_hostname and server name

indication for TLS/SSL connections.

Issue #19783: nntplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
216d463b · Christian Heimes · 1bc7068d · 216d463b · 216d463b · 216d463b
Kaydet (Commit) 216d463b authored Ara 02, 2013 tarafından Christian Heimes
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 4 deletions

nntplib.rst Doc/library/nntplib.rst +8 -0

nntplib.py Lib/nntplib.py +5 -4

NEWS Misc/NEWS +3 -0

No files found.
--- a/Doc/library/nntplib.rst
+++ b/Doc/library/nntplib.rst
@@ -102,6 +102,10 @@ The module itself defines the following classes:
   .. versionadded:: 3.2
+   .. versionchanged:: 3.4
+      The class now supports hostname check with
+      :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
+      :data:`~ssl.HAS_SNI`).
 .. exception:: NNTPError
@@ -241,6 +245,10 @@ tuples or objects that the method normally returns will be empty.
   .. versionadded:: 3.2
+   .. versionchanged:: 3.4
+      The method now supports hostname check with
+      :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
+      :data:`~ssl.HAS_SNI`).
 .. method:: NNTP.newgroups(date, *, file=None)

--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py
@@ -279,7 +279,7 @@ def _unparse_datetime(dt, legacy=False):
 if _have_ssl:
-    def _encrypt_on(sock, context):
+    def _encrypt_on(sock, context, hostname):
        """Wrap a socket in SSL/TLS. Arguments:
        - sock: Socket to wrap
        - context: SSL context to use for the encrypted connection
@@ -289,7 +289,8 @@ if _have_ssl:
        # Generate a default SSL context if none was passed.
        if context is None:
            context = ssl._create_stdlib_context()
-        return context.wrap_socket(sock)
+        server_hostname = hostname if ssl.HAS_SNI else None
+        return context.wrap_socket(sock, server_hostname=server_hostname)
 # The classes themselves
@@ -1005,7 +1006,7 @@ class _NNTPBase:
            resp = self._shortcmd('STARTTLS')
            if resp.startswith('382'):
                self.file.close()
-                self.sock = _encrypt_on(self.sock, context)
+                self.sock = _encrypt_on(self.sock, context, self.host)
                self.file = self.sock.makefile("rwb")
                self.tls_on = True
                # Capabilities may change after TLS starts up, so ask for them
@@ -1065,7 +1066,7 @@ if _have_ssl:
            in default port and the `ssl_context` argument for SSL connections.
            """
            self.sock = socket.create_connection((host, port), timeout)
-            self.sock = _encrypt_on(self.sock, ssl_context)
+            self.sock = _encrypt_on(self.sock, ssl_context, host)
            file = self.sock.makefile("rwb")
            _NNTPBase.__init__(self, file, host,
                               readermode=readermode, timeout=timeout)

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,9 @@ Library
 - Issue #19784: poplib now supports SSLContext.check_hostname and server name
  indication for TLS/SSL connections.
+- Issue #19783: nntplib now supports SSLContext.check_hostname and server name
+  indication for TLS/SSL connections.
 - Issue #19782: imaplib now supports SSLContext.check_hostname and server name
  indication for TLS/SSL connections.