1 files changed, 0 insertions, 373 deletions
diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/connection.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/connection.py
deleted file mode 100644
index 67090e3..0000000
--- a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/connection.py
+++ /dev/null
@@ -1,373 +0,0 @@
-from __future__ import absolute_import
-import datetime
-import logging
-import os
-import sys
-import socket
-from socket import error as SocketError, timeout as SocketTimeout
-import warnings
-from .packages import six
-from .packages.six.moves.http_client import HTTPConnection as _HTTPConnection
-from .packages.six.moves.http_client import HTTPException  # noqa: F401
-try:  # Compiled with SSL?
-    import ssl
-    BaseSSLError = ssl.SSLError
-except (ImportError, AttributeError):  # Platform-specific: No SSL.
-    ssl = None
-    class BaseSSLError(BaseException):
-        pass
-try:  # Python 3:
-    # Not a no-op, we're adding this to the namespace so it can be imported.
-    ConnectionError = ConnectionError
-except NameError:  # Python 2:
-    class ConnectionError(Exception):
-        pass
-from .exceptions import (
-    NewConnectionError,
-    ConnectTimeoutError,
-    SubjectAltNameWarning,
-    SystemTimeWarning,
-)
-from .packages.ssl_match_hostname import match_hostname, CertificateError
-from .util.ssl_ import (
-    resolve_cert_reqs,
-    resolve_ssl_version,
-    assert_fingerprint,
-    create_urllib3_context,
-    ssl_wrap_socket
-)
-from .util import connection
-from ._collections import HTTPHeaderDict
-log = logging.getLogger(__name__)
-port_by_scheme = {
-    'http': 80,
-    'https': 443,
-}
-# When updating RECENT_DATE, move it to
-# within two years of the current date, and no
-# earlier than 6 months ago.
-RECENT_DATE = datetime.date(2016, 1, 1)
-class DummyConnection(object):
-    """Used to detect a failed ConnectionCls import."""
-    pass
-class HTTPConnection(_HTTPConnection, object):
-    """
-    Based on httplib.HTTPConnection but provides an extra constructor
-    backwards-compatibility layer between older and newer Pythons.
-    Additional keyword parameters are used to configure attributes of the connection.
-    Accepted parameters include:
-      - ``strict``: See the documentation on :class:`urllib3.connectionpool.HTTPConnectionPool`
-      - ``source_address``: Set the source address for the current connection.
-        .. note:: This is ignored for Python 2.6. It is only applied for 2.7 and 3.x
-      - ``socket_options``: Set specific options on the underlying socket. If not specified, then
-        defaults are loaded from ``HTTPConnection.default_socket_options`` which includes disabling
-        Nagle's algorithm (sets TCP_NODELAY to 1) unless the connection is behind a proxy.
-        For example, if you wish to enable TCP Keep Alive in addition to the defaults,
-        you might pass::
-            HTTPConnection.default_socket_options + [
-                (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1),
-            ]
-        Or you may want to disable the defaults by passing an empty list (e.g., ``[]``).
-    """
-    default_port = port_by_scheme['http']
-    #: Disable Nagle's algorithm by default.
-    #: ``[(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)]``
-    default_socket_options = [(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)]
-    #: Whether this connection verifies the host's certificate.
-    is_verified = False
-    def __init__(self, *args, **kw):
-        if six.PY3:  # Python 3
-            kw.pop('strict', None)
-        # Pre-set source_address in case we have an older Python like 2.6.
-        self.source_address = kw.get('source_address')
-        if sys.version_info < (2, 7):  # Python 2.6
-            # _HTTPConnection on Python 2.6 will balk at this keyword arg, but
-            # not newer versions. We can still use it when creating a
-            # connection though, so we pop it *after* we have saved it as
-            # self.source_address.
-            kw.pop('source_address', None)
-        #: The socket options provided by the user. If no options are
-        #: provided, we use the default options.
-        self.socket_options = kw.pop('socket_options', self.default_socket_options)
-        # Superclass also sets self.source_address in Python 2.7+.
-        _HTTPConnection.__init__(self, *args, **kw)
-    def _new_conn(self):
-        """ Establish a socket connection and set nodelay settings on it.
-        :return: New socket connection.
-        """
-        extra_kw = {}
-        if self.source_address:
-            extra_kw['source_address'] = self.source_address
-        if self.socket_options:
-            extra_kw['socket_options'] = self.socket_options
-        try:
-            conn = connection.create_connection(
-                (self.host, self.port), self.timeout, **extra_kw)
-        except SocketTimeout as e:
-            raise ConnectTimeoutError(
-                self, "Connection to %s timed out. (connect timeout=%s)" %
-                (self.host, self.timeout))
-        except SocketError as e:
-            raise NewConnectionError(
-                self, "Failed to establish a new connection: %s" % e)
-        return conn
-    def _prepare_conn(self, conn):
-        self.sock = conn
-        # the _tunnel_host attribute was added in python 2.6.3 (via
-        # http://hg.python.org/cpython/rev/0f57b30a152f) so pythons 2.6(0-2) do
-        # not have them.
-        if getattr(self, '_tunnel_host', None):
-            # TODO: Fix tunnel so it doesn't depend on self.sock state.
-            self._tunnel()
-            # Mark this connection as not reusable
-            self.auto_open = 0
-    def connect(self):
-        conn = self._new_conn()
-        self._prepare_conn(conn)
-    def request_chunked(self, method, url, body=None, headers=None):
-        """
-        Alternative to the common request method, which sends the
-        body with chunked encoding and not as one block
-        """
-        headers = HTTPHeaderDict(headers if headers is not None else {})
-        skip_accept_encoding = 'accept-encoding' in headers
-        skip_host = 'host' in headers
-        self.putrequest(
-            method,
-            url,
-            skip_accept_encoding=skip_accept_encoding,
-            skip_host=skip_host
-        )
-        for header, value in headers.items():
-            self.putheader(header, value)
-        if 'transfer-encoding' not in headers:
-            self.putheader('Transfer-Encoding', 'chunked')
-        self.endheaders()
-        if body is not None:
-            stringish_types = six.string_types + (six.binary_type,)
-            if isinstance(body, stringish_types):
-                body = (body,)
-            for chunk in body:
-                if not chunk:
-                    continue
-                if not isinstance(chunk, six.binary_type):
-                    chunk = chunk.encode('utf8')
-                len_str = hex(len(chunk))[2:]
-                self.send(len_str.encode('utf-8'))
-                self.send(b'\r\n')
-                self.send(chunk)
-                self.send(b'\r\n')
-        # After the if clause, to always have a closed body
-        self.send(b'0\r\n\r\n')
-class HTTPSConnection(HTTPConnection):
-    default_port = port_by_scheme['https']
-    ssl_version = None
-    def __init__(self, host, port=None, key_file=None, cert_file=None,
-                 strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
-                 ssl_context=None, **kw):
-        HTTPConnection.__init__(self, host, port, strict=strict,
-                                timeout=timeout, **kw)
-        self.key_file = key_file
-        self.cert_file = cert_file
-        self.ssl_context = ssl_context
-        # Required property for Google AppEngine 1.9.0 which otherwise causes
-        # HTTPS requests to go out as HTTP. (See Issue #356)
-        self._protocol = 'https'
-    def connect(self):
-        conn = self._new_conn()
-        self._prepare_conn(conn)
-        if self.ssl_context is None:
-            self.ssl_context = create_urllib3_context(
-                ssl_version=resolve_ssl_version(None),
-                cert_reqs=resolve_cert_reqs(None),
-            )
-        self.sock = ssl_wrap_socket(
-            sock=conn,
-            keyfile=self.key_file,
-            certfile=self.cert_file,
-            ssl_context=self.ssl_context,
-        )
-class VerifiedHTTPSConnection(HTTPSConnection):
-    """
-    Based on httplib.HTTPSConnection but wraps the socket with
-    SSL certification.
-    """
-    cert_reqs = None
-    ca_certs = None
-    ca_cert_dir = None
-    ssl_version = None
-    assert_fingerprint = None
-    def set_cert(self, key_file=None, cert_file=None,
-                 cert_reqs=None, ca_certs=None,
-                 assert_hostname=None, assert_fingerprint=None,
-                 ca_cert_dir=None):
-        """
-        This method should only be called once, before the connection is used.
-        """
-        # If cert_reqs is not provided, we can try to guess. If the user gave
-        # us a cert database, we assume they want to use it: otherwise, if
-        # they gave us an SSL Context object we should use whatever is set for
-        # it.
-        if cert_reqs is None:
-            if ca_certs or ca_cert_dir:
-                cert_reqs = 'CERT_REQUIRED'
-            elif self.ssl_context is not None:
-                cert_reqs = self.ssl_context.verify_mode
-        self.key_file = key_file
-        self.cert_file = cert_file
-        self.cert_reqs = cert_reqs
-        self.assert_hostname = assert_hostname
-        self.assert_fingerprint = assert_fingerprint
-        self.ca_certs = ca_certs and os.path.expanduser(ca_certs)
-        self.ca_cert_dir = ca_cert_dir and os.path.expanduser(ca_cert_dir)
-    def connect(self):
-        # Add certificate verification
-        conn = self._new_conn()
-        hostname = self.host
-        if getattr(self, '_tunnel_host', None):
-            # _tunnel_host was added in Python 2.6.3
-            # (See: http://hg.python.org/cpython/rev/0f57b30a152f)
-            self.sock = conn
-            # Calls self._set_hostport(), so self.host is
-            # self._tunnel_host below.
-            self._tunnel()
-            # Mark this connection as not reusable
-            self.auto_open = 0
-            # Override the host with the one we're requesting data from.
-            hostname = self._tunnel_host
-        is_time_off = datetime.date.today() < RECENT_DATE
-        if is_time_off:
-            warnings.warn((
-                'System time is way off (before {0}). This will probably '
-                'lead to SSL verification errors').format(RECENT_DATE),
-                SystemTimeWarning
-            )
-        # Wrap socket using verification with the root certs in
-        # trusted_root_certs
-        if self.ssl_context is None:
-            self.ssl_context = create_urllib3_context(
-                ssl_version=resolve_ssl_version(self.ssl_version),
-                cert_reqs=resolve_cert_reqs(self.cert_reqs),
-            )
-        context = self.ssl_context
-        context.verify_mode = resolve_cert_reqs(self.cert_reqs)
-        self.sock = ssl_wrap_socket(
-            sock=conn,
-            keyfile=self.key_file,
-            certfile=self.cert_file,
-            ca_certs=self.ca_certs,
-            ca_cert_dir=self.ca_cert_dir,
-            server_hostname=hostname,
-            ssl_context=context)
-        if self.assert_fingerprint:
-            assert_fingerprint(self.sock.getpeercert(binary_form=True),
-                               self.assert_fingerprint)
-        elif context.verify_mode != ssl.CERT_NONE \
-                and not getattr(context, 'check_hostname', False) \
-                and self.assert_hostname is not False:
-            # While urllib3 attempts to always turn off hostname matching from
-            # the TLS library, this cannot always be done. So we check whether
-            # the TLS Library still thinks it's matching hostnames.
-            cert = self.sock.getpeercert()
-            if not cert.get('subjectAltName', ()):
-                warnings.warn((
-                    'Certificate for {0} has no `subjectAltName`, falling back to check for a '
-                    '`commonName` for now. This feature is being removed by major browsers and '
-                    'deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 '
-                    'for details.)'.format(hostname)),
-                    SubjectAltNameWarning
-                )
-            _match_hostname(cert, self.assert_hostname or hostname)
-        self.is_verified = (
-            context.verify_mode == ssl.CERT_REQUIRED or
-            self.assert_fingerprint is not None
-        )
-def _match_hostname(cert, asserted_hostname):
-    try:
-        match_hostname(cert, asserted_hostname)
-    except CertificateError as e:
-        log.error(
-            'Certificate did not match expected hostname: %s. '
-            'Certificate: %s', asserted_hostname, cert
-        )
-        # Add cert to exception and reraise so client code can inspect
-        # the cert when catching the exception, if they want to
-        e._peer_cert = cert
-        raise
-if ssl:
-    # Make a copy for testing.
-    UnverifiedHTTPSConnection = HTTPSConnection
-    HTTPSConnection = VerifiedHTTPSConnection
-else:
-    HTTPSConnection = DummyConnection

diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/connection.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/connection.py deleted file mode 100644 index 67090e3..0000000 --- a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/connection.py +++ /dev/null
@@ -1,373 +0,0 @@
1	from __future__ import absolute_import
2	import datetime
3	import logging
4	import os
5	import sys
6	import socket
7	from socket import error as SocketError, timeout as SocketTimeout
8	import warnings
9	from .packages import six
10	from .packages.six.moves.http_client import HTTPConnection as _HTTPConnection
11	from .packages.six.moves.http_client import HTTPException # noqa: F401
12
13	try: # Compiled with SSL?
14	import ssl
15	BaseSSLError = ssl.SSLError
16	except (ImportError, AttributeError): # Platform-specific: No SSL.
17	ssl = None
18
19	class BaseSSLError(BaseException):
20	pass
21
22
23	try: # Python 3:
24	# Not a no-op, we're adding this to the namespace so it can be imported.
25	ConnectionError = ConnectionError
26	except NameError: # Python 2:
27	class ConnectionError(Exception):
28	pass
29
30
31	from .exceptions import (
32	NewConnectionError,
33	ConnectTimeoutError,
34	SubjectAltNameWarning,
35	SystemTimeWarning,
36	)
37	from .packages.ssl_match_hostname import match_hostname, CertificateError
38
39	from .util.ssl_ import (
40	resolve_cert_reqs,
41	resolve_ssl_version,
42	assert_fingerprint,
43	create_urllib3_context,
44	ssl_wrap_socket
45	)
46
47
48	from .util import connection
49
50	from ._collections import HTTPHeaderDict
51
52	log = logging.getLogger(__name__)
53
54	port_by_scheme = {
55	'http': 80,
56	'https': 443,
57	}
58
59	# When updating RECENT_DATE, move it to
60	# within two years of the current date, and no
61	# earlier than 6 months ago.
62	RECENT_DATE = datetime.date(2016, 1, 1)
63
64
65	class DummyConnection(object):
66	"""Used to detect a failed ConnectionCls import."""
67	pass
68
69
70	class HTTPConnection(_HTTPConnection, object):
71	"""
72	Based on httplib.HTTPConnection but provides an extra constructor
73	backwards-compatibility layer between older and newer Pythons.
74
75	Additional keyword parameters are used to configure attributes of the connection.
76	Accepted parameters include:
77
78	- ``strict``: See the documentation on :class:`urllib3.connectionpool.HTTPConnectionPool`
79	- ``source_address``: Set the source address for the current connection.
80
81	.. note:: This is ignored for Python 2.6. It is only applied for 2.7 and 3.x
82
83	- ``socket_options``: Set specific options on the underlying socket. If not specified, then
84	defaults are loaded from ``HTTPConnection.default_socket_options`` which includes disabling
85	Nagle's algorithm (sets TCP_NODELAY to 1) unless the connection is behind a proxy.
86
87	For example, if you wish to enable TCP Keep Alive in addition to the defaults,
88	you might pass::
89
90	HTTPConnection.default_socket_options + [
91	(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1),
92	]
93
94	Or you may want to disable the defaults by passing an empty list (e.g., ``[]``).
95	"""
96
97	default_port = port_by_scheme['http']
98
99	#: Disable Nagle's algorithm by default.
100	#: ``[(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)]``
101	default_socket_options = [(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)]
102
103	#: Whether this connection verifies the host's certificate.
104	is_verified = False
105
106	def __init__(self, args, *kw):
107	if six.PY3: # Python 3
108	kw.pop('strict', None)
109
110	# Pre-set source_address in case we have an older Python like 2.6.
111	self.source_address = kw.get('source_address')
112
113	if sys.version_info < (2, 7): # Python 2.6
114	# _HTTPConnection on Python 2.6 will balk at this keyword arg, but
115	# not newer versions. We can still use it when creating a
116	# connection though, so we pop it after we have saved it as
117	# self.source_address.
118	kw.pop('source_address', None)
119
120	#: The socket options provided by the user. If no options are
121	#: provided, we use the default options.
122	self.socket_options = kw.pop('socket_options', self.default_socket_options)
123
124	# Superclass also sets self.source_address in Python 2.7+.
125	_HTTPConnection.__init__(self, args, *kw)
126
127	def _new_conn(self):
128	""" Establish a socket connection and set nodelay settings on it.
129
130	:return: New socket connection.
131	"""
132	extra_kw = {}
133	if self.source_address:
134	extra_kw['source_address'] = self.source_address
135
136	if self.socket_options:
137	extra_kw['socket_options'] = self.socket_options
138
139	try:
140	conn = connection.create_connection(
141	(self.host, self.port), self.timeout, **extra_kw)
142
143	except SocketTimeout as e:
144	raise ConnectTimeoutError(
145	self, "Connection to %s timed out. (connect timeout=%s)" %
146	(self.host, self.timeout))
147
148	except SocketError as e:
149	raise NewConnectionError(
150	self, "Failed to establish a new connection: %s" % e)
151
152	return conn
153
154	def _prepare_conn(self, conn):
155	self.sock = conn
156	# the _tunnel_host attribute was added in python 2.6.3 (via
157	# http://hg.python.org/cpython/rev/0f57b30a152f) so pythons 2.6(0-2) do
158	# not have them.
159	if getattr(self, '_tunnel_host', None):
160	# TODO: Fix tunnel so it doesn't depend on self.sock state.
161	self._tunnel()
162	# Mark this connection as not reusable
163	self.auto_open = 0
164
165	def connect(self):
166	conn = self._new_conn()
167	self._prepare_conn(conn)
168
169	def request_chunked(self, method, url, body=None, headers=None):
170	"""
171	Alternative to the common request method, which sends the
172	body with chunked encoding and not as one block
173	"""
174	headers = HTTPHeaderDict(headers if headers is not None else {})
175	skip_accept_encoding = 'accept-encoding' in headers
176	skip_host = 'host' in headers
177	self.putrequest(
178	method,
179	url,
180	skip_accept_encoding=skip_accept_encoding,
181	skip_host=skip_host
182	)
183	for header, value in headers.items():
184	self.putheader(header, value)
185	if 'transfer-encoding' not in headers:
186	self.putheader('Transfer-Encoding', 'chunked')
187	self.endheaders()
188
189	if body is not None:
190	stringish_types = six.string_types + (six.binary_type,)
191	if isinstance(body, stringish_types):
192	body = (body,)
193	for chunk in body:
194	if not chunk:
195	continue
196	if not isinstance(chunk, six.binary_type):
197	chunk = chunk.encode('utf8')
198	len_str = hex(len(chunk))[2:]
199	self.send(len_str.encode('utf-8'))
200	self.send(b'\r\n')
201	self.send(chunk)
202	self.send(b'\r\n')
203
204	# After the if clause, to always have a closed body
205	self.send(b'0\r\n\r\n')
206
207
208	class HTTPSConnection(HTTPConnection):
209	default_port = port_by_scheme['https']
210
211	ssl_version = None
212
213	def __init__(self, host, port=None, key_file=None, cert_file=None,
214	strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
215	ssl_context=None, **kw):
216
217	HTTPConnection.__init__(self, host, port, strict=strict,
218	timeout=timeout, **kw)
219
220	self.key_file = key_file
221	self.cert_file = cert_file
222	self.ssl_context = ssl_context
223
224	# Required property for Google AppEngine 1.9.0 which otherwise causes
225	# HTTPS requests to go out as HTTP. (See Issue #356)
226	self._protocol = 'https'
227
228	def connect(self):
229	conn = self._new_conn()
230	self._prepare_conn(conn)
231
232	if self.ssl_context is None:
233	self.ssl_context = create_urllib3_context(
234	ssl_version=resolve_ssl_version(None),
235	cert_reqs=resolve_cert_reqs(None),
236	)
237
238	self.sock = ssl_wrap_socket(
239	sock=conn,
240	keyfile=self.key_file,
241	certfile=self.cert_file,
242	ssl_context=self.ssl_context,
243	)
244
245
246	class VerifiedHTTPSConnection(HTTPSConnection):
247	"""
248	Based on httplib.HTTPSConnection but wraps the socket with
249	SSL certification.
250	"""
251	cert_reqs = None
252	ca_certs = None
253	ca_cert_dir = None
254	ssl_version = None
255	assert_fingerprint = None
256
257	def set_cert(self, key_file=None, cert_file=None,
258	cert_reqs=None, ca_certs=None,
259	assert_hostname=None, assert_fingerprint=None,
260	ca_cert_dir=None):
261	"""
262	This method should only be called once, before the connection is used.
263	"""
264	# If cert_reqs is not provided, we can try to guess. If the user gave
265	# us a cert database, we assume they want to use it: otherwise, if
266	# they gave us an SSL Context object we should use whatever is set for
267	# it.
268	if cert_reqs is None:
269	if ca_certs or ca_cert_dir:
270	cert_reqs = 'CERT_REQUIRED'
271	elif self.ssl_context is not None:
272	cert_reqs = self.ssl_context.verify_mode
273
274	self.key_file = key_file
275	self.cert_file = cert_file
276	self.cert_reqs = cert_reqs
277	self.assert_hostname = assert_hostname
278	self.assert_fingerprint = assert_fingerprint
279	self.ca_certs = ca_certs and os.path.expanduser(ca_certs)
280	self.ca_cert_dir = ca_cert_dir and os.path.expanduser(ca_cert_dir)
281
282	def connect(self):
283	# Add certificate verification
284	conn = self._new_conn()
285
286	hostname = self.host
287	if getattr(self, '_tunnel_host', None):
288	# _tunnel_host was added in Python 2.6.3
289	# (See: http://hg.python.org/cpython/rev/0f57b30a152f)
290
291	self.sock = conn
292	# Calls self._set_hostport(), so self.host is
293	# self._tunnel_host below.
294	self._tunnel()
295	# Mark this connection as not reusable
296	self.auto_open = 0
297
298	# Override the host with the one we're requesting data from.
299	hostname = self._tunnel_host
300
301	is_time_off = datetime.date.today() < RECENT_DATE
302	if is_time_off:
303	warnings.warn((
304	'System time is way off (before {0}). This will probably '
305	'lead to SSL verification errors').format(RECENT_DATE),
306	SystemTimeWarning
307	)
308
309	# Wrap socket using verification with the root certs in
310	# trusted_root_certs
311	if self.ssl_context is None:
312	self.ssl_context = create_urllib3_context(
313	ssl_version=resolve_ssl_version(self.ssl_version),
314	cert_reqs=resolve_cert_reqs(self.cert_reqs),
315	)
316
317	context = self.ssl_context
318	context.verify_mode = resolve_cert_reqs(self.cert_reqs)
319	self.sock = ssl_wrap_socket(
320	sock=conn,
321	keyfile=self.key_file,
322	certfile=self.cert_file,
323	ca_certs=self.ca_certs,
324	ca_cert_dir=self.ca_cert_dir,
325	server_hostname=hostname,
326	ssl_context=context)
327
328	if self.assert_fingerprint:
329	assert_fingerprint(self.sock.getpeercert(binary_form=True),
330	self.assert_fingerprint)
331	elif context.verify_mode != ssl.CERT_NONE \
332	and not getattr(context, 'check_hostname', False) \
333	and self.assert_hostname is not False:
334	# While urllib3 attempts to always turn off hostname matching from
335	# the TLS library, this cannot always be done. So we check whether
336	# the TLS Library still thinks it's matching hostnames.
337	cert = self.sock.getpeercert()
338	if not cert.get('subjectAltName', ()):
339	warnings.warn((
340	'Certificate for {0} has no `subjectAltName`, falling back to check for a '
341	'`commonName` for now. This feature is being removed by major browsers and '
342	'deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 '
343	'for details.)'.format(hostname)),
344	SubjectAltNameWarning
345	)
346	_match_hostname(cert, self.assert_hostname or hostname)
347
348	self.is_verified = (
349	context.verify_mode == ssl.CERT_REQUIRED or
350	self.assert_fingerprint is not None
351	)
352
353
354	def _match_hostname(cert, asserted_hostname):
355	try:
356	match_hostname(cert, asserted_hostname)
357	except CertificateError as e:
358	log.error(
359	'Certificate did not match expected hostname: %s. '
360	'Certificate: %s', asserted_hostname, cert
361	)
362	# Add cert to exception and reraise so client code can inspect
363	# the cert when catching the exception, if they want to
364	e._peer_cert = cert
365	raise
366
367
368	if ssl:
369	# Make a copy for testing.
370	UnverifiedHTTPSConnection = HTTPSConnection
371	HTTPSConnection = VerifiedHTTPSConnection
372	else:
373	HTTPSConnection = DummyConnection