Skip to content

Commit 7e2cc4e

Browse files
committed
disable hostname checking for ip addresses
1 parent 6076e99 commit 7e2cc4e

File tree

1 file changed

+17
-7
lines changed

1 file changed

+17
-7
lines changed

src/sasctl/core.py

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -166,13 +166,16 @@ def __str__(self):
166166
class SSLContextAdapter(HTTPAdapter):
167167
"""HTTPAdapter that uses the default SSL context on the machine."""
168168

169-
def init_poolmanager(self, connections, maxsize, block=DEFAULT_POOLBLOCK,
170-
**pool_kwargs):
169+
def __init__(self, *args, assert_hostname=True, **kwargs):
170+
self.assert_hostname = assert_hostname
171+
requests.adapters.HTTPAdapter.__init__(self, *args, **kwargs)
172+
173+
def init_poolmanager(self, *args, **kwargs):
171174
context = ssl.create_default_context()
172-
pool_kwargs['ssl_context'] = context
173-
return super(SSLContextAdapter, self).init_poolmanager(connections,
174-
maxsize, block,
175-
**pool_kwargs)
175+
context.check_hostname = self.assert_hostname
176+
kwargs['ssl_context'] = context
177+
kwargs['assert_hostname'] = self.assert_hostname
178+
return super(SSLContextAdapter, self).init_poolmanager(*args, **kwargs)
176179

177180

178181
class Session(requests.Session):
@@ -236,7 +239,14 @@ def __init__(self, hostname,
236239
# machine's default SSL _settings.
237240
if 'REQUESTS_CA_BUNDLE' not in os.environ:
238241
if verify_ssl:
239-
self.mount('https://', SSLContextAdapter())
242+
# Skip hostname verification if IP address specified instead
243+
# of DNS name. Prevents error from urllib3
244+
from urllib3.util.ssl_ import is_ipaddress
245+
verify_hostname = not is_ipaddress(hostname)
246+
adapter = SSLContextAdapter(assert_hostname=verify_hostname)
247+
248+
self.mount('https://', adapter)
249+
240250
else:
241251
# Every request will generate an InsecureRequestWarning
242252
from urllib3.exceptions import InsecureRequestWarning

0 commit comments

Comments
 (0)