@@ -150,6 +150,7 @@ def __init__(self, protocol, server_side=None):
150150 self .protocol = protocol
151151 self ._server_side = server_side
152152 self ._verify_mode = None
153+ self ._check_hostname = False
153154 self .native_object = _lib .wolfSSL_CTX_new (method .native_object )
154155
155156 # wolfSSL_CTX_new() takes ownership of the method.
@@ -188,6 +189,23 @@ def verify_mode(self, value):
188189 self ._verify_mode ,
189190 _ffi .NULL )
190191
192+ @property
193+ def check_hostname (self ):
194+ """
195+ Whether to match the peer certificate's hostname with match_hostname()
196+ in SSLSocket.do_handshake(). Context's verify mode must be set to
197+ CERT_REQUIRED, and the server hostname must be passed to wrap_socket()
198+ in order to match the hostname.
199+ """
200+ return self ._check_hostname
201+
202+ @check_hostname .setter
203+ def check_hostname (self , value ):
204+ if value is not True and value is not False :
205+ raise ValueError ("check_hostname must be either True or False" )
206+
207+ self ._check_hostname = value
208+
191209 def get_options (self ):
192210 """
193211 Wrap native wolfSSL_CTX_get_options() function.
@@ -431,6 +449,12 @@ def __init__(self, sock=None, keyfile=None, certfile=None,
431449 self ._release_native_object ()
432450 raise ValueError ("Unnable to set fd to ssl object" )
433451
452+ # match domain name / host name if set in context
453+ if server_hostname is not None :
454+ if self ._context .check_hostname :
455+ _lib .wolfSSL_check_domain_name (self .native_object ,
456+ server_hostname )
457+
434458 if connected :
435459 try :
436460 if do_handshake_on_connect :
0 commit comments