Include host in TLS setup

CendioOssman · CendioOssman · commit b6c02b13e3ce · 2024-07-30T09:21:03.000+02:00
This enabled SNI, and allows it to check the certificate for the correct
host.
diff --git a/websockify/websocket.py b/websockify/websocket.py
@@ -140,7 +140,8 @@ def connect(self, uri, origin=None, protocols=[]):
 
             if uri.scheme in ("wss", "https"):
                 context = ssl.create_default_context()
-                self.socket = context.wrap_socket(self.socket)
+                self.socket = context.wrap_socket(self.socket,
+                                                  server_hostname=uri.hostname)
                 self._state = "ssl_handshake"
             else:
                 self._state = "headers"
diff --git a/websockify/websockifyserver.py b/websockify/websockifyserver.py
@@ -471,7 +471,7 @@ def socket(host, port=None, connect=False, prefer_ipv6=False,
                 sock.connect(addrs[0][4])
                 if use_ssl:
                     context = ssl.create_default_context()
-                    sock = context.wrap_socket(sock)
+                    sock = context.wrap_socket(sock, server_hostname=host)
             else:
                 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                 sock.bind(addrs[0][4])
