Update VerifiedHTTPSConnection for Python >= 3.12
For Python >= 3.12 the previously deprecated key_file and cert_file parameters to HTTPSConnection have been dropped; rework the VerifiedHTTPSConnection class to pass SSL configuration via a SSLContext instead. This parameters where deprecated for Python >= 3.6. Change-Id: Ie9e5b27c1ee745618618235f52c0a3004b2e50dd
This commit is contained in:
James Page
parent
aa0d180dda
commit
460ee24359
|
|
@ -270,9 +270,7 @@ class VerifiedHTTPSConnection(http_client.HTTPSConnection):
|
|||
|
||||
def __init__(self, host, port, key_file=None, cert_file=None,
|
||||
ca_file=None, timeout=None, insecure=False):
|
||||
http_client.HTTPSConnection.__init__(self, host, port,
|
||||
key_file=key_file,
|
||||
cert_file=cert_file)
|
||||
http_client.HTTPSConnection.__init__(self, host, port)
|
||||
self.key_file = key_file
|
||||
self.cert_file = cert_file
|
||||
if ca_file is not None:
|
||||
|
|
@ -293,22 +291,22 @@ class VerifiedHTTPSConnection(http_client.HTTPSConnection):
|
|||
our client certificate.
|
||||
"""
|
||||
sock = socket.create_connection((self.host, self.port), self.timeout)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
|
||||
if self._tunnel_host:
|
||||
self.sock = sock
|
||||
self._tunnel()
|
||||
|
||||
if self.insecure is True:
|
||||
kwargs = {'cert_reqs': ssl.CERT_NONE}
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
else:
|
||||
kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.load_verify_locations(self.ca_file)
|
||||
|
||||
if self.cert_file:
|
||||
kwargs['certfile'] = self.cert_file
|
||||
if self.key_file:
|
||||
kwargs['keyfile'] = self.key_file
|
||||
context.load_cert_chain(self.cert_file, self.key_file)
|
||||
|
||||
self.sock = ssl.wrap_socket(sock, **kwargs)
|
||||
self.sock = context.wrap_socket(sock)
|
||||
|
||||
@staticmethod
|
||||
def get_system_ca_file():
|
||||
|
|
|
|||
Loading…
Reference in New Issue