New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove use of ssl.wrap_socket #1347
base: develop
Are you sure you want to change the base?
Remove use of ssl.wrap_socket #1347
Conversation
ssl.wrap_socket() has been deprecated since Python 3.7, and isn't recommended for use, and further, has been removed in Python 3.12. ssl.SSLContext().wrap_socket() is the new path forward, so switch the one callsite and the two test cases to use it instead.
for more information, see https://pre-commit.ci
@@ -42,7 +42,8 @@ | |||
def wrap(self, keyfile: str, certfile: str) -> None: | |||
self.connection.setblocking(True) | |||
self.flush() | |||
self._conn = ssl.wrap_socket( | |||
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT) | |||
self._conn = ssl_context.wrap_socket( |
Check failure
Code scanning / CodeQL
Use of insecure SSL/TLS version High
call to ssl.SSLContext
Insecure SSL/TLS protocol version TLSv1_1 allowed by
call to ssl.SSLContext
@s-t-e-v-e-n-k Thanks for the patch, apologies for no show on GitHub for months. Will include this in the new release this month. |
@s-t-e-v-e-n-k Thank you for the PR, and apologies for delaying the merge, was away from OSS for long. I have restarted the workflows and shall merge once after they passed. Best |
@s-t-e-v-e-n-k https://results.pre-commit.ci/run/github/12228178/1712825888.cSxDle-WSWiDTFOmoJ9xpw
|
|
I think 3.6 should be fine for these changes, based on my reading of https://docs.python.org/3/library/ssl.html -- except I was assuming |
I think a straight forward way would be to:
I was just looking to support Python 3.12, but looks like |
ssl.wrap_socket() has been deprecated since Python 3.7, and isn't recommended for use, and further, has been removed in Python 3.12. ssl.SSLContext().wrap_socket() is the new path forward, so switch the one callsite and the two test cases to use it instead.