Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit07bed79

Browse files
committed
Fix deprecation warnings for Python 3.10 ssl module
1 parentd725a9b commit07bed79

File tree

4 files changed

+38
-11
lines changed

4 files changed

+38
-11
lines changed

‎src/urllib3/contrib/pyopenssl.py‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ class UnsupportedExtension(Exception):
7676

7777
from ..importutil
7878
from ..packagesimportsix
79+
from ..util.ssl_importPROTOCOL_TLS_CLIENT
7980

8081
__all__= ["inject_into_urllib3","extract_from_urllib3"]
8182

@@ -85,6 +86,7 @@ class UnsupportedExtension(Exception):
8586
# Map from urllib3 to PyOpenSSL compatible parameter-values.
8687
_openssl_versions= {
8788
util.PROTOCOL_TLS:OpenSSL.SSL.SSLv23_METHOD,
89+
PROTOCOL_TLS_CLIENT:OpenSSL.SSL.SSLv23_METHOD,
8890
ssl.PROTOCOL_TLSv1:OpenSSL.SSL.TLSv1_METHOD,
8991
}
9092

‎src/urllib3/contrib/securetransport.py‎

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@
6767
importsix
6868

6969
from ..importutil
70+
from ..util.ssl_importPROTOCOL_TLS_CLIENT
7071
from ._securetransport.bindingsimportCoreFoundation,Security,SecurityConst
7172
from ._securetransport.low_levelimport (
7273
_assert_no_error,
@@ -154,7 +155,8 @@
154155
# TLSv1 and a high of TLSv1.2. For everything else, we pin to that version.
155156
# TLSv1 to 1.2 are supported on macOS 10.8+
156157
_protocol_to_min_max= {
157-
util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1,SecurityConst.kTLSProtocol12)
158+
util.PROTOCOL_TLS: (SecurityConst.kTLSProtocol1,SecurityConst.kTLSProtocol12),
159+
PROTOCOL_TLS_CLIENT: (SecurityConst.kTLSProtocol1,SecurityConst.kTLSProtocol12),
158160
}
159161

160162
ifhasattr(ssl,"PROTOCOL_SSLv2"):

‎src/urllib3/packages/ssl_match_hostname/__init__.py‎

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
importsys
22

33
try:
4-
# Our match_hostname function is the same as 3.5's, so we only want to
4+
# Our match_hostname function is the same as 3.10's, so we only want to
55
# import the match_hostname function if it's at least that good.
6-
ifsys.version_info< (3,5):
6+
# We also fallback on Python 3.10+ because our code doesn't emit
7+
# deprecation warnings and is the same as Python 3.10 otherwise.
8+
ifsys.version_info< (3,5)orsys.version_info>= (3,10):
79
raiseImportError("Fallback to vendored code")
810

911
fromsslimportCertificateError,match_hostname

‎src/urllib3/util/ssl_.py‎

Lines changed: 29 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,11 @@ def _const_compare_digest_backport(a, b):
7171
exceptImportError:
7272
PROTOCOL_SSLv23=PROTOCOL_TLS=2
7373

74+
try:
75+
fromsslimportPROTOCOL_TLS_CLIENT
76+
exceptImportError:
77+
PROTOCOL_TLS_CLIENT=PROTOCOL_TLS
78+
7479

7580
try:
7681
fromsslimportOP_NO_COMPRESSION,OP_NO_SSLv2,OP_NO_SSLv3
@@ -278,7 +283,11 @@ def create_urllib3_context(
278283
Constructed SSLContext object with specified options
279284
:rtype: SSLContext
280285
"""
281-
context=SSLContext(ssl_versionorPROTOCOL_TLS)
286+
# PROTOCOL_TLS is deprecated in Python 3.10
287+
ifnotssl_versionorssl_version==PROTOCOL_TLS:
288+
ssl_version=PROTOCOL_TLS_CLIENT
289+
290+
context=SSLContext(ssl_version)
282291

283292
context.set_ciphers(ciphersorDEFAULT_CIPHERS)
284293

@@ -313,13 +322,25 @@ def create_urllib3_context(
313322
)isnotNone:
314323
context.post_handshake_auth=True
315324

316-
context.verify_mode=cert_reqs
317-
if (
318-
getattr(context,"check_hostname",None)isnotNone
319-
):# Platform-specific: Python 3.2
320-
# We do our own verification, including fingerprints and alternative
321-
# hostnames. So disable it here
322-
context.check_hostname=False
325+
defdisable_check_hostname():
326+
if (
327+
getattr(context,"check_hostname",None)isnotNone
328+
):# Platform-specific: Python 3.2
329+
# We do our own verification, including fingerprints and alternative
330+
# hostnames. So disable it here
331+
context.check_hostname=False
332+
333+
# The order of the below lines setting verify_mode and check_hostname
334+
# matter due to safe-guards SSLContext has to prevent an SSLContext with
335+
# check_hostname=True, verify_mode=NONE/OPTIONAL. This is made even more
336+
# complex because we don't know whether PROTOCOL_TLS_CLIENT will be used
337+
# or not so we don't know the initial state of the freshly created SSLContext.
338+
ifcert_reqs==ssl.CERT_REQUIRED:
339+
context.verify_mode=cert_reqs
340+
disable_check_hostname()
341+
else:
342+
disable_check_hostname()
343+
context.verify_mode=cert_reqs
323344

324345
# Enable logging of TLS session keys via defacto standard environment variable
325346
# 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp