Programming with Sockets
If the CA certificate parameter has been presented with a certificate path, the
load_verify_locations() method is used to load the CA certificate files.
This will be used to verify the peer server certificates. If you'd like to use the
default certificate path on your system, you'd probably call another context
method; load_default_certs(purpose=Purpose.SERVER_AUTH).
When we operate on server side, usually the load_cert_chain() method is used
to load the key and certificate file so that clients can verify the server's authenticity.
Finally, the wrap_socket() method is called to return an SSL wrapped socket. Note
that, if OpenSSL library comes with Server Name Indication (SNI) support enabled,
you can pass the remote server's host name while wrapping the socket. This is useful
when the remote server uses different SSL certificates for different secure services
using a single IP address, for example, name-based virtual hosting.
If you run the preceding SSL client code, you will see the various properties of the
SSL certificate of the remote server, as shown in the following screenshot. This is
used to verify the authenticity of the remote server by calling the getpeercert()
method and comparing it with the returned hostname.