https: support tls sni (server name indication) for https urls (issue3090) SNI is a common way of sharing servers across multiple domains using separate SSL certificates. As of Python 2.7.9 SSLContext has been backported from Python 3. This patch changes sslutil's ssl_wrap_socket to use SSLContext and take a server hostname as and argument. It also changes the url module to make use of this argument. The new code for 2.7.9 achieves it's task by attempting to get the SSLContext object from the ssl module. If this fails the try/except goes back to what was there before with the exception that the ssl_wrap_socket functions take a server_hostname argument that doesn't get used. Assuming the SSLContext exists, the arguments to wrap_socket at the module level are emulated on the SSLContext. The SSLContext is initialized with the specified ssl_version. If certfile is not None load_cert_chain is called with certfile and keyfile. keyfile being None is not a problem, load_cert_chain will simply expect the private key to be in the certificate file. verify_mode is set to cert_reqs. If ca_certs is not None load_verify_locations is called with ca_certs as the cafile. Finally the wrap_socket method of the SSLContext is called with the socket and server hostname. Finally, this fails test-check-commit-hg.t because the "new" function ssl_wrap_socket has underscores in its names and underscores in its arguments. All the underscore identifiers are taken from the other functions and as such can't be changed to match naming conventions.