def _verify_cert(self, peer_cert):
"""Returns True if peercert is valid according to the configured
validation mode and hostname.
The ssl handshake already tested the certificate for a valid
CA signature; the only thing that remains is to check
the hostname.
"""
verify_mode = self.ssl_options.verify_mode
assert verify_mode in (ssl.CERT_NONE, ssl.CERT_REQUIRED, ssl.CERT_OPTIONAL)
if verify_mode == ssl.CERT_NONE or self.host is None:
return True
if peer_cert is None and verify_mode == ssl.CERT_REQUIRED:
logger.warning("No SSL certificate given")
return False
try:
ssl_match_hostname(peer_cert, self.host)
except SSLCertificateError:
logger.warning("Invalid SSL certificate", exc_info=True)
return False
else:
return True
评论列表
文章目录
