Fix DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
Since python 3.10 ssl.PROTOCOL_TLS has been deprecated. We are expected to use ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER depending on how the sockets are to be used. Switch over to these new constants to avoid the DeprecationWarning. One thing to note is that PROTOCOL_TLS_CLIENT has default behaviors around cert verification and hostname checking. Zuul is already explicitly setting those options the way it wants to and I've left that alone to avoid trouble if the defaults change later. Finally, this doesn't fix the occurence of this error that happens within kazoo. A separate PR has been made upstream to kazoo and this should be fixed in the next kazoo release. Change-Id: Ib41640f1d33d60503066464c8c98f865a74f003a
This commit is contained in:
parent
045bb270c0
commit
2747ea6f56
@ -165,7 +165,7 @@ class TestStreamingBase(tests.base.AnsibleZuulTestCase):
|
||||
self.streaming_data[name] = ''
|
||||
with socket.create_connection(gateway_address) as s:
|
||||
if self.fingergw_use_ssl:
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = False
|
||||
context.load_cert_chain(
|
||||
|
@ -71,7 +71,7 @@ class RequestHandler(streamer_utils.BaseFingerRequestHandler):
|
||||
'''
|
||||
with socket.create_connection((server, port), timeout=10) as s:
|
||||
if use_ssl:
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = self.fingergw.tls_verify_hostnames
|
||||
context.load_cert_chain(self.fingergw.tls_cert,
|
||||
|
@ -168,7 +168,7 @@ class CustomThreadingTCPServer(socketserver.ThreadingTCPServer):
|
||||
|
||||
if all([self.server_ssl_key, self.server_ssl_cert,
|
||||
self.server_ssl_ca]):
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
||||
context.load_cert_chain(self.server_ssl_cert, self.server_ssl_key)
|
||||
context.load_verify_locations(self.server_ssl_ca)
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
|
@ -395,7 +395,7 @@ class LogStreamer(object):
|
||||
self.finger_socket = socket.create_connection(
|
||||
(server, port), timeout=10)
|
||||
if use_ssl:
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = self.zuulweb.finger_tls_verify_hostnames
|
||||
context.load_cert_chain(
|
||||
|
Loading…
x
Reference in New Issue
Block a user