Search code examples

wrap_socket() got an unexpected keyword argument 'server_hostname'?

I'm trying to use Python to test a web server. I have nearly no experience with Python, but encouraged to use it because its easy to learn and simple to do things with (someone else's opinion, not mine at the moment). The script I am using is:

s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2 = ssl.wrap_socket(s1,

s2.connect( ("localhost", 8443) )

s2.send("GET / ")

The error is:

Traceback (most recent call last):
  File "./", line 10, in <module>
TypeError: wrap_socket() got an unexpected keyword argument 'server_hostname'

I've also tried using servername, name, hostname and sni with no joy.

The Python docs don't mention SNI (TLS/SSL wrapper for socket objects and SSL wiki page). But I know the patch for SNI and server_hostname was incorporated 4 years ago in 2010 (Add a *server_hostname* argument to SSLContext.wrap_socket, changeset 65593:846c0e1342d0).

The equivalent OpenSSL call I need access to is SSL_set_tlsext_host_name.

How do I specify the SNI hostname? (Eventually, I'll need to set it to an arbitrary name because I am testing a proxy).


  • The patch you're mentioning is for Python 3.2, and you're using Python 2.7. Issue 5639 also seems to indicate there is no plan to back-port SNI support for Python 2.7.

    You could wrap the socket with pyOpenSSL instead (its Connection class has a set_tlsext_host_name since version 0.13. (I'm not sure which version comes with Debian 7.3, you might want to set up a virtualenv and upgrade to a newer version locally, if needed.)

    There is an SNI example is the pyOpenSSL repository.

    If you want your usage of wrap_socket to be more compatible with the trick were you replace the value of sock in an httplib connection, you could have a look at how urllib3 does this with pyOpenSSL. Essentially, it creates an OpenSSL.SSL.Connection from an existing socket, but since that connection isn't compatible with a socket, it wraps it into a class that implements the required method.

    (By the way, in Python 2.7, urllib, urllib2 and httpconnection don't do any certificate verification at all, unless you implement it yourself by wrapping their sockets.)


    Here is a version of your code that should work with Python 3.2. Unfortunately, the server_name parameter isn't in the plain ssl.wrap_socket, only in SSLContext.wrap_socket, but you can use SSLSocket directly.

    import socket
    import ssl
    HOST = ""
    s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s2 = ssl.SSLSocket(sock=s1, ca_certs=CA_BUNDLE_FILE,
    s2.connect((HOST, 443))
    s2.send(bytes("GET / HTTP/1.1\n", "UTF-8"))
    # This might need to be modified when using another port
    s2.send(bytes("Host: %s\n" % (HOST,), "UTF-8"))
    s2.send(bytes("\n", "UTF-8"))
    # Certainly not the best way to read the response, but it works.
    while True:
        x =
        if not x: