Python 3.12: do not use ssl.wrap_socket
The ssl.wrap_socket method has been removed in 3.12. SSLContext.wrap_socket should now be used. Change-Id: I89ebcff1888ed95dd0ac7fd41bd9f050115307db
This commit is contained in:
parent
0af6771362
commit
16874adf0d
@ -271,11 +271,6 @@ class VerifiedHTTPSConnection(http_client.HTTPSConnection):
|
||||
"""Connect to a host on a given (SSL) port.
|
||||
|
||||
If ca_file is pointing somewhere, use it to check Server Certificate.
|
||||
|
||||
Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
|
||||
This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to
|
||||
ssl.wrap_socket(), which forces SSL to check server certificate against
|
||||
our client certificate.
|
||||
"""
|
||||
sock = socket.create_connection((self.host, self.port), self.timeout)
|
||||
|
||||
@ -283,17 +278,21 @@ class VerifiedHTTPSConnection(http_client.HTTPSConnection):
|
||||
self.sock = sock
|
||||
self._tunnel()
|
||||
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
|
||||
if self.insecure is True:
|
||||
kwargs = {'cert_reqs': ssl.CERT_NONE}
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
else:
|
||||
kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}
|
||||
context.load_verify_locations(self.ca_file)
|
||||
|
||||
if self.cert_file:
|
||||
kwargs['certfile'] = self.cert_file
|
||||
if self.key_file:
|
||||
kwargs['keyfile'] = self.key_file
|
||||
context.load_cert_chain(self.cert_file, self.key_file)
|
||||
else:
|
||||
context.load_cert_chain(self.cert_file)
|
||||
|
||||
self.sock = ssl.wrap_socket(sock, **kwargs)
|
||||
self.sock = context.wrap_socket(sock)
|
||||
|
||||
@staticmethod
|
||||
def get_system_ca_file():
|
||||
|
Loading…
x
Reference in New Issue
Block a user