Update VerifiedHTTPSConnection for Python >= 3.12
For Python >= 3.12 the previously deprecated key_file and cert_file parameters to HTTPSConnection have been dropped; rework the VerifiedHTTPSConnection class to pass SSL configuration via a SSLContext instead. These parameters where deprecated for Python >= 3.6. Change-Id: Ie9e5b27c1ee745618618235f52c0a3004b2e50dd
This commit is contained in:
parent
65e0403dc5
commit
5d8fd38400
@ -270,9 +270,7 @@ class VerifiedHTTPSConnection(http_client.HTTPSConnection):
|
|||||||
|
|
||||||
def __init__(self, host, port, key_file=None, cert_file=None,
|
def __init__(self, host, port, key_file=None, cert_file=None,
|
||||||
ca_file=None, timeout=None, insecure=False):
|
ca_file=None, timeout=None, insecure=False):
|
||||||
http_client.HTTPSConnection.__init__(self, host, port,
|
http_client.HTTPSConnection.__init__(self, host, port)
|
||||||
key_file=key_file,
|
|
||||||
cert_file=cert_file)
|
|
||||||
self.key_file = key_file
|
self.key_file = key_file
|
||||||
self.cert_file = cert_file
|
self.cert_file = cert_file
|
||||||
if ca_file is not None:
|
if ca_file is not None:
|
||||||
@ -293,22 +291,23 @@ class VerifiedHTTPSConnection(http_client.HTTPSConnection):
|
|||||||
our client certificate.
|
our client certificate.
|
||||||
"""
|
"""
|
||||||
sock = socket.create_connection((self.host, self.port), self.timeout)
|
sock = socket.create_connection((self.host, self.port), self.timeout)
|
||||||
|
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||||
|
|
||||||
if self._tunnel_host:
|
if self._tunnel_host:
|
||||||
self.sock = sock
|
self.sock = sock
|
||||||
self._tunnel()
|
self._tunnel()
|
||||||
|
|
||||||
if self.insecure is True:
|
if self.insecure is True:
|
||||||
kwargs = {'cert_reqs': ssl.CERT_NONE}
|
context.check_hostname = False
|
||||||
|
context.verify_mode = ssl.CERT_NONE
|
||||||
else:
|
else:
|
||||||
kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}
|
context.verify_mode = ssl.CERT_REQUIRED
|
||||||
|
context.load_verify_locations(self.ca_file)
|
||||||
|
|
||||||
if self.cert_file:
|
if self.cert_file:
|
||||||
kwargs['certfile'] = self.cert_file
|
context.load_cert_chain(self.cert_file, self.key_file)
|
||||||
if self.key_file:
|
|
||||||
kwargs['keyfile'] = self.key_file
|
|
||||||
|
|
||||||
self.sock = ssl.wrap_socket(sock, **kwargs)
|
self.sock = context.wrap_socket(sock)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_system_ca_file():
|
def get_system_ca_file():
|
||||||
|
Loading…
Reference in New Issue
Block a user