add support for TCPConnector param verify_fingerprint

[requiredfield]

Not yet ready to merge but starting a PR now to incorporate any early feedback. Thanks for any review!

[asvetlov]

Please go ahead!
But you need to make tests also

[asvetlov]

Use at least FingerprintMismatch(). Maybe later you'll add info about failing host:port pair -- it is helpful for understanding the source of problem.

[requiredfield]

Good idea. Addressed this in the latest commit. Also storing the expected vs. got fingerprint.

[requiredfield]

@asvetlov Thanks for reviewing! Just pushed a new patch with tests. Would you mind taking a peek at the latest patch?

[requiredfield]

wasn't sure if I needed these two lines with the exc_handler

[requiredfield]

updated changelog

[requiredfield]

Pushed another improved version. Please let me know if there's anything left to do before this is good to merge. Thanks again for reviewing!

[requiredfield]

@asvetlov Do these two lines (502 and 504) look good to you? The conn[0]._sock makes me feel the need to check because of the private member access. As for sock.getpeercert, if sock is a regular socket.socket rather than an SSLSocket this will cause AttributeError, but I think that would only happen if the user tries to use verify_fingerprint with a non-SSL connection. I can code this more defensively though if that would be better.

[asvetlov]

conn is (transport, protocol) pair.
For getting socket object from transport please call transport.get_extra_info('socket').
Also you have skip certificate check for non-ssl socket (request.ssl is False).

[lock]

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.