From 3cb70725844195cefebe33701f5bda00fcc42846 Mon Sep 17 00:00:00 2001
From: Jason Scholl <jason.e.scholl@gmail.com>
Date: Wed, 26 Jul 2017 10:22:32 -0700
Subject: Fix certificate validation when using a proxy

---
 https_wrapper.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'https_wrapper.py')

diff --git a/https_wrapper.py b/https_wrapper.py
index 94c0c8a..d798513 100644
--- a/https_wrapper.py
+++ b/https_wrapper.py
@@ -118,7 +118,8 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
                                 ca_certs=self.ca_certs)
     if self.cert_reqs & ssl.CERT_REQUIRED:
       cert = self.sock.getpeercert()
-      hostname = self.host.split(':', 0)[0]
+      cert_validation_host = self._tunnel_host or self.host
+      hostname = cert_validation_host.split(':', 0)[0]
       if not self._ValidateCertificateHostname(cert, hostname):
         raise InvalidCertificateException(hostname, cert, 'hostname mismatch')
 
-- 
cgit v1.2.3