add check_hostname arg to ssl._create_stdlib_context()

Lib/ssl.py

@@ -405,7 +405,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
 
 
 def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
-                           purpose=Purpose.SERVER_AUTH,
+                           check_hostname=False, purpose=Purpose.SERVER_AUTH,
                            certfile=None, keyfile=None,
                            cafile=None, capath=None, cadata=None):
     """Create a SSLContext object for Python stdlib modules
@@ -424,6 +424,7 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
 
     if cert_reqs is not None:
         context.verify_mode = cert_reqs
+    context.check_hostname = check_hostname
 
     if keyfile and not certfile:
         raise ValueError("certfile must be specified")

Lib/test/test_ssl.py

@@ -1032,9 +1032,11 @@ class ContextTests(unittest.TestCase):
         self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
 
         ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
-                                         cert_reqs=ssl.CERT_REQUIRED)
+                                         cert_reqs=ssl.CERT_REQUIRED,
+                                         check_hostname=True)
         self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
         self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+        self.assertTrue(ctx.check_hostname)
         self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
 
         ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)