From 2d4d387e6a6452d275ac7ccb3e386595b2dbdc90 Mon Sep 17 00:00:00 2001
From: KenjiTakahashi <wozniakk@gmail.com>
Date: Sun, 12 Apr 2015 02:12:46 +0200
Subject: [PATCH 1/2] Use SSLContext for socket wrapping when possible

Works for Python 2.7.9+ and 3.2+.
Enables usage of modern SSL extensions, like SNI.
---
 websocket/_http.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/websocket/_http.py b/websocket/_http.py
index e456264..a962eb8 100644
--- a/websocket/_http.py
+++ b/websocket/_http.py
@@ -24,6 +24,7 @@ import six
 import socket
 import errno
 import os
+import sys
 
 if six.PY3:
     from base64 import encodebytes as base64encode
@@ -125,7 +126,22 @@ def _ssl_socket(sock, user_sslopt, hostname):
         sslopt['ca_certs'] = certPath
     sslopt.update(user_sslopt)
     check_hostname = sslopt.pop('check_hostname', True)
-    sock = ssl.wrap_socket(sock, **sslopt)
+
+    if sys.version_info[2] >= 9 or (six.PY3 and sys.version_info[2] >= 2):
+        context = ssl.create_default_context(cafile=sslopt.get('ca_certs', None))
+        context.options = sslopt.get('ssl_version', context.options)
+        context.verify_mode = sslopt['cert_reqs']
+        if 'ciphers' in sslopt:
+            context.set_ciphers(sslopt['ciphers'])
+        sock = context.wrap_socket(
+            sock,
+            do_handshake_on_connect=sslopt.get('do_handshake_on_connect', True),
+            suppress_ragged_eofs=sslopt.get('suppress_ragged_eofs', True),
+            server_hostname=hostname,
+        )
+    else:
+        sock = ssl.wrap_socket(sock, **sslopt)
+
     if (sslopt["cert_reqs"] != ssl.CERT_NONE and check_hostname):
         match_hostname(sock.getpeercert(), hostname)
 

From 31f65bda025f0e444c719be9dc0184695c4ae513 Mon Sep 17 00:00:00 2001
From: KenjiTakahashi <wozniakk@gmail.com>
Date: Mon, 13 Apr 2015 16:05:33 +0200
Subject: [PATCH 2/2] Mention SNI support in FAQ

---
 README.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.rst b/README.rst
index d953e4b..495a043 100644
--- a/README.rst
+++ b/README.rst
@@ -158,6 +158,12 @@ WebSocket sample::
     ws.connect("wss://echo.websocket.org")
 
 
+How to enable `SNI <http://en.wikipedia.org/wiki/Server_Name_Indication>`_?
+------------------
+
+SNI support is available for Python 2.7.9+ and 3.2+. It will be enabled automatically whenever possible.
+
+
 Sub Protocols.
 ----------------------------------------