Pass server_hostname to wrap_socket for SSL connections

[mattpm-aweber]

Problem

All amqps:// connections fail on Python 3.12+ with:

ValueError: check_hostname requires server_hostname

_get_ssl_context() creates an SSLContext(ssl.PROTOCOL_TLS_CLIENT), which sets check_hostname=True by default. However, _create_socket() calls context.wrap_socket(sock=sock) without passing server_hostname, which Python's SSL module requires when hostname verification is enabled.

Fix

Pass server_hostname=self._host to wrap_socket(). self._host is already set from the parsed AMQP URL at init time.

Reproducer

import rabbitpy
rabbitpy.Connection('amqps://guest:guest@localhost:5671/')
# ValueError: check_hostname requires server_hostname

Summary by CodeRabbit

• Bug Fixes
  • Improved SSL/TLS socket handling by including the server hostname when wrapping sockets, enabling proper Server Name Indication and certificate validation for more reliable secure connections.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e451b8ff-592b-49e9-a298-cb1d17ea034b

📥 Commits

Reviewing files that changed from the base of the PR and between 63933b0 and d29c139.

📒 Files selected for processing (1)

• rabbitpy/io.py

🚧 Files skipped from review as they are similar to previous changes (1)

• rabbitpy/io.py

---

📝 Walkthrough

Walkthrough

The _create_socket() function in rabbitpy/io.py now passes server_hostname=self._host to SSLContext.wrap_socket() when SSL is enabled; the non-SSL path is unchanged.

Changes

Cohort / File(s)	Summary
SSL Socket Configuration rabbitpy/io.py	Wraps SSL sockets with SSLContext.wrap_socket(sock=sock, server_hostname=self._host) to enable SNI during the SSL handshake; no other changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A nimble hop, a tiny fix,
Hostname tucked into SSL's mix,
SNI hums within the night,
Securely snug, everything's right.
Hop hop! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: passing server_hostname parameter to wrap_socket for SSL connections, which directly addresses the core fix in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}