From 0a831b3cabfad5f0ea58aa6b722ab42abdd278d6 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Thu, 13 Sep 2018 11:57:58 +0200
Subject: [PATCH] Use SSLContext if available so we send SNI

Fixes https://github.com/imaplib2/imaplib2/issues/5

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
---
 offlineimap/bundled_imaplib2.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/offlineimap/bundled_imaplib2.py b/offlineimap/bundled_imaplib2.py
index dbb8cd0..f0ed96b 100755
--- a/offlineimap/bundled_imaplib2.py
+++ b/offlineimap/bundled_imaplib2.py
@@ -545,7 +545,16 @@ class IMAP4(object):
 
             ssl_version =  TLS_MAP[self.tls_level][self.ssl_version]
 
-            self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version)
+            if getattr(ssl, 'HAS_SNI', False):
+                ctx = ssl.SSLContext(ssl_version)
+                ctx.verify_mode = cert_reqs
+                if self.ca_certs is not None:
+                    ctx.load_verify_locations(self.ca_certs)
+                if self.certfile or self.keyfile:
+                    ctx.load_cert_chain(self.certfile, self.keyfile)
+                self.sock = ctx.wrap_socket(self.sock, server_hostname=self.host)
+            else:
+                self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version)
             ssl_exc = ssl.SSLError
             self.read_fd = self.sock.fileno()
         except ImportError: