From f3315dc98db44f28346cdfb44293d4269ed4e8ea Mon Sep 17 00:00:00 2001 From: Chris Earle Date: Tue, 3 Nov 2015 18:43:00 -0500 Subject: [PATCH] Adding assert_hostname and assert_fingerprint parameters to Urllib3HttpConnection --- elasticsearch/connection/http_urllib3.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/elasticsearch/connection/http_urllib3.py b/elasticsearch/connection/http_urllib3.py index fab4c36b..47e422e7 100644 --- a/elasticsearch/connection/http_urllib3.py +++ b/elasticsearch/connection/http_urllib3.py @@ -23,12 +23,15 @@ class Urllib3HttpConnection(Connection): :arg ssl_version: version of the SSL protocol to use. Choices are: SSLv23 (default) SSLv2 SSLv3 TLSv1 (see ``PROTOCOL_*`` constants in the ``ssl`` module for exact options for your environment). + :arg ssl_assert_hostname: use hostname verification if not `False` + :arg ssl_assert_fingerprint: verify the supplied certificate fingerprint if not `None` :arg maxsize: the maximum number of connections which will be kept open to this host. """ def __init__(self, host='localhost', port=9200, http_auth=None, use_ssl=False, verify_certs=False, ca_certs=None, client_cert=None, - ssl_version=None, maxsize=10, **kwargs): + ssl_version=None, ssl_assert_hostname=None, ssl_assert_fingerprint=None, + maxsize=10, **kwargs): super(Urllib3HttpConnection, self).__init__(host=host, port=port, **kwargs) self.headers = urllib3.make_headers(keep_alive=True) @@ -41,12 +44,18 @@ class Urllib3HttpConnection(Connection): kw = {} if use_ssl: pool_class = urllib3.HTTPSConnectionPool - kw['ssl_version'] = ssl_version + kw.update({ + 'ssl_version': ssl_version, + 'assert_hostname': ssl_assert_hostname, + 'assert_fingerprint': ssl_assert_fingerprint, + }) if verify_certs: - kw['cert_reqs'] = 'CERT_REQUIRED' - kw['ca_certs'] = ca_certs - kw['cert_file'] = client_cert + kw.update({ + 'cert_reqs': 'CERT_REQUIRED', + 'ca_certs': ca_certs, + 'cert_file': client_cert, + }) elif ca_certs: raise ImproperlyConfigured("You cannot pass CA certificates when verify SSL is off.") else: