set check_hostname attribute after setting verify_mode.

see b96a2e8fa7 (commitcomment-10803153) for detail. refs b96a2e8fa7
2015-04-21 09:15:18 +09:00
parent b96a2e8fa7
commit 578b57dbef
1 changed files with 2 additions and 2 deletions
--- a/websocket/_http.py
+++ b/websocket/_http.py
@@ -125,10 +125,10 @@ def _can_use_sni():
 def _wrap_sni_socket(sock, sslopt, hostname, check_hostname):
    context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_SSLv23))

-    if HAVE_CONTEXT_CHECK_HOSTNAME:
-        context.check_hostname = check_hostname
    context.load_verify_locations(cafile=sslopt.get('ca_certs', None))
    context.verify_mode = sslopt['cert_reqs']
+    if HAVE_CONTEXT_CHECK_HOSTNAME:
+        context.check_hostname = check_hostname
    if 'ciphers' in sslopt:
        context.set_ciphers(sslopt['ciphers'])