.. versionadded:: 3.2
+ .. versionchanged:: 3.4
+ The class now supports hostname check with
+ :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
+ :data:`~ssl.HAS_SNI`).
.. exception:: NNTPError
.. versionadded:: 3.2
+ .. versionchanged:: 3.4
+ The method now supports hostname check with
+ :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see
+ :data:`~ssl.HAS_SNI`).
.. method:: NNTP.newgroups(date, *, file=None)
if _have_ssl:
- def _encrypt_on(sock, context):
+ def _encrypt_on(sock, context, hostname):
"""Wrap a socket in SSL/TLS. Arguments:
- sock: Socket to wrap
- context: SSL context to use for the encrypted connection
# Generate a default SSL context if none was passed.
if context is None:
context = ssl._create_stdlib_context()
- return context.wrap_socket(sock)
+ server_hostname = hostname if ssl.HAS_SNI else None
+ return context.wrap_socket(sock, server_hostname=server_hostname)
# The classes themselves
resp = self._shortcmd('STARTTLS')
if resp.startswith('382'):
self.file.close()
- self.sock = _encrypt_on(self.sock, context)
+ self.sock = _encrypt_on(self.sock, context, self.host)
self.file = self.sock.makefile("rwb")
self.tls_on = True
# Capabilities may change after TLS starts up, so ask for them
in default port and the `ssl_context` argument for SSL connections.
"""
self.sock = socket.create_connection((host, port), timeout)
- self.sock = _encrypt_on(self.sock, ssl_context)
+ self.sock = _encrypt_on(self.sock, ssl_context, host)
file = self.sock.makefile("rwb")
_NNTPBase.__init__(self, file, host,
readermode=readermode, timeout=timeout)
- Issue #19784: poplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
+- Issue #19783: nntplib now supports SSLContext.check_hostname and server name
+ indication for TLS/SSL connections.
+
- Issue #19782: imaplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
projects / python / commitdiff