fix _ssl and has_sni

sleepyStick · sleepyStick · commit 74ca8be03fdc · 2025-04-23T11:57:56.000-07:00
diff --git a/pymongo/pool_shared.py b/pymongo/pool_shared.py
@@ -38,7 +38,7 @@
 )
 from pymongo.network_layer import AsyncNetworkingInterface, NetworkingInterface, PyMongoProtocol
 from pymongo.pool_options import PoolOptions
-from pymongo.ssl_support import HAS_SNI, PYSSLError, SSLError
+from pymongo.ssl_support import PYSSLError, SSLError, _has_sni
 
 SSLErrors = (PYSSLError, SSLError)
 if TYPE_CHECKING:
@@ -280,7 +280,7 @@ async def _async_configured_socket(
     try:
         # We have to pass hostname / ip address to wrap_socket
         # to use SSLContext.check_hostname.
-        if HAS_SNI:
+        if _has_sni(False):
             loop = asyncio.get_running_loop()
             ssl_sock = await loop.run_in_executor(
                 None,
@@ -459,7 +459,7 @@ def _configured_socket(address: _Address, options: PoolOptions) -> Union[socket.
     try:
         # We have to pass hostname / ip address to wrap_socket
         # to use SSLContext.check_hostname.
-        if HAS_SNI:
+        if _has_sni(True):
             ssl_sock = ssl_context.wrap_socket(sock, server_hostname=host)  # type: ignore[assignment, misc, unused-ignore]
         else:
             ssl_sock = ssl_context.wrap_socket(sock)  # type: ignore[assignment, misc, unused-ignore]
@@ -508,7 +508,7 @@ def _configured_socket_interface(address: _Address, options: PoolOptions) -> Net
     try:
         # We have to pass hostname / ip address to wrap_socket
         # to use SSLContext.check_hostname.
-        if HAS_SNI:
+        if _has_sni(True):
             ssl_sock = ssl_context.wrap_socket(sock, server_hostname=host)
         else:
             ssl_sock = ssl_context.wrap_socket(sock)
diff --git a/pymongo/ssl_support.py b/pymongo/ssl_support.py
@@ -55,11 +55,6 @@
     IPADDR_SAFE = True
 
     if HAVE_PYSSL:
-        # # We have to pass hostname / ip address to wrap_socket
-        # # to use SSLContext.check_hostname.
-        # if ssl_context.has_sni:
-        #     ...
-        HAS_SNI = _pyssl.HAS_SNI and _ssl.HAS_SNI
         PYSSLError: Any = _pyssl.SSLError
         BLOCKING_IO_ERRORS: tuple = _pyssl.BLOCKING_IO_ERRORS + _ssl.BLOCKING_IO_ERRORS
         BLOCKING_IO_READ_ERROR: tuple = (
@@ -71,14 +66,18 @@
             _ssl.BLOCKING_IO_WRITE_ERROR,
         )
     else:
-        HAS_SNI = _ssl.HAS_SNI
         PYSSLError = _ssl.SSLError
         BLOCKING_IO_ERRORS = _ssl.BLOCKING_IO_ERRORS
         BLOCKING_IO_READ_ERROR = (_ssl.BLOCKING_IO_READ_ERROR,)
         BLOCKING_IO_WRITE_ERROR = (_ssl.BLOCKING_IO_WRITE_ERROR,)
     SSLError = _ssl.SSLError
     BLOCKING_IO_LOOKUP_ERROR = BLOCKING_IO_READ_ERROR
 
+    def _has_sni(is_sync: bool) -> bool:
+        if is_sync and HAVE_PYSSL:
+            return _pyssl.HAS_SNI
+        return _ssl.HAS_SNI
+
     def get_ssl_context(
         certfile: Optional[str],
         passphrase: Optional[str],
@@ -92,6 +91,8 @@ def get_ssl_context(
         """Create and return an SSLContext object."""
         if is_sync and HAVE_PYSSL:
             _ssl: types.ModuleType = _pyssl
+        else:
+            _ssl = globals()["_ssl"]
         verify_mode = CERT_NONE if allow_invalid_certificates else CERT_REQUIRED
         ctx = _ssl.SSLContext(_ssl.PROTOCOL_SSLv23)
         if verify_mode != CERT_NONE:
@@ -132,10 +133,12 @@ def get_ssl_context(
     class SSLError(Exception):  # type: ignore
         pass
 
-    HAS_SNI = False
     IPADDR_SAFE = False
     BLOCKING_IO_ERRORS = ()
 
+    def _has_sni(is_sync: bool) -> bool:  # noqa: ARG001
+        return False
+
     def get_ssl_context(*dummy):  # type: ignore
         """No ssl module, raise ConfigurationError."""
         raise ConfigurationError("The ssl module is not available")
