Previous patches had unconditinonally disabled hostname checking.
Also adds some debugs to this area.
... | ... |
@@ -112,22 +112,29 @@ class http_connection(object): |
112 | 112 |
|
113 | 113 |
@staticmethod |
114 | 114 |
def _https_connection(hostname, port=None): |
115 |
+ check_hostname = True |
|
115 | 116 |
try: |
116 | 117 |
context = http_connection._ssl_context() |
117 | 118 |
# S3's wildcart certificate doesn't work with DNS-style named buckets. |
118 |
- if (hostname.endswith('.amazonaws.com') or hostname.endswith('.amazonaws.com.cn')) and context: |
|
119 |
+ if (hostname.endswith('.amazonaws.com') or hostname.endswith('.amazonaws.com.cn')): |
|
119 | 120 |
# this merely delays running the hostname check until |
120 | 121 |
# after the connection is made and we get control |
121 | 122 |
# back. We then run the same check, relaxed for S3's |
122 | 123 |
# wildcard certificates. |
123 |
- context.check_hostname = False |
|
124 |
- conn = httplib.HTTPSConnection(hostname, port, context=context, check_hostname=False) |
|
124 |
+ check_context = False |
|
125 |
+ if context: |
|
126 |
+ context.check_hostname = False |
|
127 |
+ debug(u'Recognized AWS S3 host, disabling initial SSL hostname check') |
|
128 |
+ conn = httplib.HTTPSConnection(hostname, port, context=context, check_hostname=check_hostname) |
|
125 | 129 |
except TypeError: |
130 |
+ debug(u'python-libs missing either or both httplib.HTTPSConnection() context or check_hostname') |
|
126 | 131 |
try: |
127 | 132 |
# in case check_hostname parameter is not present try again |
133 |
+ debug(u'python-libs maybe missing httplib.HTTPSConnection() check_hostname') |
|
128 | 134 |
conn = httplib.HTTPSConnection(hostname, port, context=context) |
129 | 135 |
except TypeError: |
130 | 136 |
# in case even context parameter is not present try one last time |
137 |
+ debug(u'python-libs missing both httplib.HTTPSConnection() context and check_hostname') |
|
131 | 138 |
conn = httplib.HTTPSConnection(hostname, port) |
132 | 139 |
return conn |
133 | 140 |
|