diff options
author | Christian Heimes <christian@python.org> | 2016-09-05 23:19:05 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2019-12-29 11:51:49 +0100 |
commit | acbe1e815bf3567e818b86d9a47990d6c16b5294 (patch) | |
tree | 96fb244b067bc0450300a88199becbaf7ea044e0 /Lib/ssl.py | |
parent | Don't use getentropy() on Linux (diff) | |
download | cpython-acbe1e815bf3567e818b86d9a47990d6c16b5294.tar.gz cpython-acbe1e815bf3567e818b86d9a47990d6c16b5294.tar.bz2 cpython-acbe1e815bf3567e818b86d9a47990d6c16b5294.zip |
Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.gentoo-3.4.10
(rebased for 3.4.10)
Diffstat (limited to 'Lib/ssl.py')
-rw-r--r-- | Lib/ssl.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py index 873aa4798bb..359809a020f 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -51,6 +51,7 @@ The following constants identify various SSL protocol variants: PROTOCOL_SSLv2 PROTOCOL_SSLv3 PROTOCOL_SSLv23 +PROTOCOL_TLS PROTOCOL_TLSv1 PROTOCOL_TLSv1_1 PROTOCOL_TLSv1_2 @@ -348,13 +349,13 @@ class SSLContext(_SSLContext): __slots__ = ('protocol', '__weakref__') _windows_cert_stores = ("CA", "ROOT") - def __new__(cls, protocol, *args, **kwargs): + def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs): self = _SSLContext.__new__(cls, protocol) if protocol != _SSLv2_IF_EXISTS: self.set_ciphers(_DEFAULT_CIPHERS) return self - def __init__(self, protocol): + def __init__(self, protocol=PROTOCOL_TLS): self.protocol = protocol def wrap_socket(self, sock, server_side=False, @@ -408,7 +409,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, if not isinstance(purpose, _ASN1Object): raise TypeError(purpose) - context = SSLContext(PROTOCOL_SSLv23) + context = SSLContext(PROTOCOL_TLS) # SSLv2 considered harmful. context.options |= OP_NO_SSLv2 @@ -445,7 +446,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, context.load_default_certs(purpose) return context -def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None, +def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None, check_hostname=False, purpose=Purpose.SERVER_AUTH, certfile=None, keyfile=None, cafile=None, capath=None, cadata=None): @@ -501,7 +502,7 @@ class SSLSocket(socket): def __init__(self, sock=None, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, - ssl_version=PROTOCOL_SSLv23, ca_certs=None, + ssl_version=PROTOCOL_TLS, ca_certs=None, do_handshake_on_connect=True, family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, @@ -883,7 +884,7 @@ class SSLSocket(socket): def wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, - ssl_version=PROTOCOL_SSLv23, ca_certs=None, + ssl_version=PROTOCOL_TLS, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None): @@ -930,7 +931,7 @@ def PEM_cert_to_DER_cert(pem_cert_string): d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): +def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): """Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. |