Automatically detect if ipv4/ipv6 is used for cert_expiry (#18916)

* Automatically detect if ipv4/ipv6 is used for cert_expiry

Fixes #18818
Python sockets use ipv4 per default. If the domain which should be checked
only has an ipv6 record, socket creation errors out with
`[Errno -2] Name or service not known`
This fix tries to guess the protocol family and creates the socket
with the correct family type

* Fix line length violation
This commit is contained in:
speedmann 2018-12-07 11:08:41 +01:00 committed by Pascal Vizeli
parent 5bf6951311
commit 7edd241059

View File

@ -85,8 +85,10 @@ class SSLCertificate(Entity):
"""Fetch the certificate information."""
try:
ctx = ssl.create_default_context()
host_info = socket.getaddrinfo(self.server_name, self.server_port)
family = host_info[0][0]
sock = ctx.wrap_socket(
socket.socket(), server_hostname=self.server_name)
socket.socket(family=family), server_hostname=self.server_name)
sock.settimeout(TIMEOUT)
sock.connect((self.server_name, self.server_port))
except socket.gaierror: