server certificate validation

websocket.py

@@ -25,6 +25,7 @@ import socket
 try:
     import ssl
     from ssl import SSLError
+    from backports.ssl_match_hostname import match_hostname
     HAVE_SSL = True
 except ImportError:
     # dummy class of SSLError for ssl none-support environment.
@@ -444,11 +445,11 @@ class WebSocket(object):
         self.sock.connect((hostname, port))
         if is_secure:
             if HAVE_SSL:
-                if self.sslopt is None:
-                    sslopt = {}
-                else:
-                    sslopt = self.sslopt
+                sslopt = dict(cert_reqs=ssl.CERT_REQUIRED,
+                              ca_certs=os.path.join(os.path.dirname(__file__), "cacert.pem"))
+                sslopt.update(self.sslopt)
                 self.sock = ssl.wrap_socket(self.sock, **sslopt)
+                match_hostname(self.sock.getpeercert(), hostname)
             else:
                 raise WebSocketException("SSL not available.")