diff options
| -rw-r--r-- | netlib/tcp.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py index 47ce8c0e..5c4094d7 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -518,6 +518,13 @@ class TCPClient(_Connection): self.connection.do_handshake() except SSL.Error as v: raise NetLibError("SSL handshake error: %s" % repr(v)) + + # Fix for pre v1.0 OpenSSL, which doesn't throw an exception on + # certificate validation failure + verification_mode = sslctx_kwargs.get('verify_options', None) + if self.ssl_verification_error is not None and verification_mode == SSL.VERIFY_PEER: + raise NetLibError("SSL handshake error: certificate verify failed") + self.ssl_established = True self.cert = certutils.SSLCert(self.connection.get_peer_certificate()) self.rfile.set_descriptor(self.connection) |