Show More
| @@ -20,7 +20,17 b' try:' | |||||
| 20 |
|
20 | |||
| 21 | def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE, |
|
21 | def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE, | |
| 22 | ca_certs=None, serverhostname=None): |
|
22 | ca_certs=None, serverhostname=None): | |
| 23 | sslcontext = ssl.SSLContext(PROTOCOL_TLSv1) |
|
23 | # Allow any version of SSL starting with TLSv1 and | |
|
|
24 | # up. Note that specifying TLSv1 here prohibits use of | |||
|
|
25 | # newer standards (like TLSv1_2), so this is the right way | |||
|
|
26 | # to do this. Note that in the future it'd be better to | |||
|
|
27 | # support using ssl.create_default_context(), which sets | |||
|
|
28 | # up a bunch of things in smart ways (strong ciphers, | |||
|
|
29 | # protocol versions, etc) and is upgraded by Python | |||
|
|
30 | # maintainers for us, but that breaks too many things to | |||
|
|
31 | # do it in a hurry. | |||
|
|
32 | sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) | |||
|
|
33 | sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3 | |||
| 24 | if certfile is not None: |
|
34 | if certfile is not None: | |
| 25 | sslcontext.load_cert_chain(certfile, keyfile) |
|
35 | sslcontext.load_cert_chain(certfile, keyfile) | |
| 26 | sslcontext.verify_mode = cert_reqs |
|
36 | sslcontext.verify_mode = cert_reqs | |
General Comments 0
You need to be logged in to leave comments.
Login now