client check-hostname by default

fdfc9245 · Jim Fulton · d5f44000 · fdfc9245 · fdfc9245 · fdfc9245
Commit fdfc9245 authored Jun 24, 2016 by Jim Fulton
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 7 deletions

src/ZEO/component.xml src/ZEO/component.xml +1 -1

src/ZEO/tests/testssl.py src/ZEO/tests/testssl.py +6 -3

src/ZEO/zconfig.py src/ZEO/zconfig.py +1 -3

No files found.
--- a/src/ZEO/component.xml
+++ b/src/ZEO/component.xml
@@ -30,7 +30,7 @@
      </description>
    </key>

-    <key name="check-hostname" datatype="boolean" required="no">
+    <key name="check-hostname" datatype="boolean" required="no" default="true">
      <description>
        Verify the host name in the server certificate is as expected.
      </description>

--- a/src/ZEO/tests/testssl.py
+++ b/src/ZEO/tests/testssl.py
@@ -60,6 +60,7 @@ class SSLConfigTest(ZEOConfigTest):
                certificate {}
                key {}
                authenticate {}
+                server-hostname zodb.org
                </ssl>""".format(client_cert, client_key, server_cert))
        self._client_assertions(client, addr)
        client.close()
@@ -200,6 +201,7 @@ class SSLConfigTest(ZEOConfigTest):
        self.assert_context(
            factory, context, (client_cert, client_key, None),
            capath=here,
+            check_hostname=True,
            )

    @mock.patch('ssl.create_default_context')
@@ -215,6 +217,7 @@ class SSLConfigTest(ZEOConfigTest):
        self.assert_context(
            factory, context, (client_cert, client_key, None),
            cafile=server_cert,
+            check_hostname=True,
            )

    @mock.patch('ssl.create_default_context')
@@ -231,8 +234,8 @@ class SSLConfigTest(ZEOConfigTest):
                         None)
        self.assert_context(
            factory, context, (client_cert, client_key, pwfunc),
-            check_hostname=False,
            cafile=server_cert,
+            check_hostname=True,
            )

    @mock.patch('ssl.create_default_context')
@@ -259,14 +262,14 @@ class SSLConfigTest(ZEOConfigTest):
        ):
        client = ssl_client(
            certificate=client_cert, key=client_key, authenticate=server_cert,
-            check_hostname=True)
+            check_hostname=False)
        context = ClientStorage.call_args[1]['ssl']
        self.assertEqual(ClientStorage.call_args[1]['ssl_server_hostname'],
                         None)
        self.assert_context(
            factory, context, (client_cert, client_key, None),
            cafile=server_cert,
-            check_hostname=True,
+            check_hostname=False,
            )

 def args(*a, **kw):

--- a/src/ZEO/zconfig.py
+++ b/src/ZEO/zconfig.py
@@ -30,9 +30,7 @@ def ssl_config(section, server):
        context.check_hostname = False
        return context

-    context.check_hostname = bool(
-        section.check_hostname is None and (section.server_hostname or not auth)
-        or section.check_hostname)
+    context.check_hostname = section.check_hostname

    return context, section.server_hostname