@@ -1409,56 +1409,38 @@ async def _configured_stream(
14091409 # sock.settimeout(options.socket_timeout)
14101410 return reader , writer
14111411
1412- # host = address[0]
1413- # try:
1414- # # We have to pass hostname / ip address to wrap_socket
1415- # # to use SSLContext.check_hostname.
1416- # if HAS_SNI:
1417- # if _IS_SYNC:
1418- # ssl_sock = ssl_context.wrap_socket(sock, server_hostname=host)
1419- # else:
1420- # if hasattr(ssl_context, "a_wrap_socket"):
1421- # ssl_sock = await ssl_context.a_wrap_socket(sock, server_hostname=host) # type: ignore[assignment, misc]
1422- # else:
1423- # loop = asyncio.get_running_loop()
1424- # ssl_sock = await loop.run_in_executor(
1425- # None,
1426- # functools.partial(ssl_context.wrap_socket, sock, server_hostname=host), # type: ignore[assignment, misc]
1427- # )
1428- # else:
1429- # if _IS_SYNC:
1430- # ssl_sock = ssl_context.wrap_socket(sock)
1431- # else:
1432- # if hasattr(ssl_context, "a_wrap_socket"):
1433- # ssl_sock = await ssl_context.a_wrap_socket(sock) # type: ignore[assignment, misc]
1434- # else:
1435- # loop = asyncio.get_running_loop()
1436- # ssl_sock = await loop.run_in_executor(None, ssl_context.wrap_socket, sock) # type: ignore[assignment, misc]
1437- # except _CertificateError:
1438- # sock.close()
1439- # # Raise _CertificateError directly like we do after match_hostname
1440- # # below.
1441- # raise
1442- # except (OSError, SSLError) as exc:
1443- # sock.close()
1444- # # We raise AutoReconnect for transient and permanent SSL handshake
1445- # # failures alike. Permanent handshake failures, like protocol
1446- # # mismatch, will be turned into ServerSelectionTimeoutErrors later.
1447- # details = _get_timeout_details(options)
1448- # _raise_connection_failure(address, exc, "SSL handshake failed: ", timeout_details=details)
1449- # if (
1450- # ssl_context.verify_mode
1451- # and not ssl_context.check_hostname
1452- # and not options.tls_allow_invalid_hostnames
1453- # ):
1454- # try:
1455- # ssl.match_hostname(ssl_sock.getpeercert(), hostname=host) # type:ignore[attr-defined]
1456- # except _CertificateError:
1457- # ssl_sock.close()
1458- # raise
1459- #
1460- # ssl_sock.settimeout(options.socket_timeout)
1461- # return ssl_sock
1412+ host = address [0 ]
1413+ try :
1414+ # We have to pass hostname / ip address to wrap_socket
1415+ # to use SSLContext.check_hostname.
1416+ await writer .start_tls (ssl_context , server_hostname = host )
1417+ except _CertificateError :
1418+ writer .close ()
1419+ await writer .wait_closed ()
1420+ # Raise _CertificateError directly like we do after match_hostname
1421+ # below.
1422+ raise
1423+ except (OSError , SSLError ) as exc :
1424+ writer .close ()
1425+ await writer .wait_closed ()
1426+ # We raise AutoReconnect for transient and permanent SSL handshake
1427+ # failures alike. Permanent handshake failures, like protocol
1428+ # mismatch, will be turned into ServerSelectionTimeoutErrors later.
1429+ details = _get_timeout_details (options )
1430+ _raise_connection_failure (address , exc , "SSL handshake failed: " , timeout_details = details )
1431+ if (
1432+ ssl_context .verify_mode
1433+ and not ssl_context .check_hostname
1434+ and not options .tls_allow_invalid_hostnames
1435+ ):
1436+ try :
1437+ ssl .match_hostname (writer .get_extra_info ("peercert" ), hostname = host ) # type:ignore[attr-defined]
1438+ except _CertificateError :
1439+ writer .close ()
1440+ await writer .wait_closed ()
1441+ raise
1442+
1443+ return reader , writer
14621444
14631445
14641446async def _configured_socket (
0 commit comments