def patched_connect(self):
# Add certificate verification
try:
sock = socket.create_connection(address=(self.host, self.port),
timeout=self.timeout)
except SocketTimeout:
raise ConnectTimeoutError(
self, "Connection to %s timed out. (connect timeout=%s)" %
(self.host, self.timeout))
resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs)
resolved_ssl_version = resolve_ssl_version(self.ssl_version)
if self._tunnel_host:
self.sock = sock
# Calls self._set_hostport(), so self.host is
# self._tunnel_host below.
self._tunnel()
# Wrap socket using verification with the root certs in
# trusted_root_certs
self.sock = ssl_wrap_socket(sock,
self.key_file,
self.cert_file,
cert_reqs=resolved_cert_reqs,
ca_certs=self.ca_certs,
server_hostname=self.host,
ssl_version=resolved_ssl_version)
if self.assert_fingerprint:
assert_fingerprint(self.sock.getpeercert(binary_form=True),
self.assert_fingerprint)
elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False:
match_hostname(self.sock.getpeercert(), self.assert_hostname
or self.host)
def patched_connect(self):
# Add certificate verification
try:
sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout)
except SocketTimeout:
raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout))
resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs)
resolved_ssl_version = resolve_ssl_version(self.ssl_version)
if self._tunnel_host:
self.sock = sock
# Calls self._set_hostport(), so self.host is
# self._tunnel_host below.
self._tunnel()
# Wrap socket using verification with the root certs in
# trusted_root_certs
self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file,
cert_reqs=resolved_cert_reqs,
ca_certs=self.ca_certs,
server_hostname=self.host,
ssl_version=resolved_ssl_version)
if self.assert_fingerprint:
assert_fingerprint(self.sock.getpeercert(binary_form=True),
self.assert_fingerprint)
elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False:
match_hostname(self.sock.getpeercert(),
self.assert_hostname or self.host)
def ssl_wrap_localhost_no_sni(*args, **kwargs):
"""Prevent SSLError: bad handshake on localhost requests."""
if 'server_hostname' in kwargs and '127.0.0.1' == kwargs['server_hostname']:
orig_has_sni = urllib3_util.HAS_SNI
urllib3_util.HAS_SNI = False
try:
return urllib3_util.ssl_wrap_socket(*args, **kwargs)
finally:
urllib3_util.HAS_SNI = orig_has_sni
return orig_ssl_wrap(*args, **kwargs)
def ssl_wrap_localhost_no_sni(*args, **kwargs):
"""Prevent SSLError: bad handshake on localhost requests."""
if 'server_hostname' in kwargs and '127.0.0.1' == kwargs['server_hostname']:
orig_has_sni = urllib3_util.HAS_SNI
urllib3_util.HAS_SNI = False
try:
return urllib3_util.ssl_wrap_socket(*args, **kwargs)
finally:
urllib3_util.HAS_SNI = orig_has_sni
return orig_ssl_wrap(*args, **kwargs)
