From adc7b7cc0b996fc1de11a421458ee082176967a4 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Mon, 21 Feb 2022 13:04:26 +0300 Subject: [PATCH] pylint: Skip deprecated-method for match_hostname Python3.7 switched to `X509_VERIFY_PARAM_set1_host`/`X509_VERIFY_PARAM_set1_ip` and deprecated `match_hostname` without replacement. Probably, on removal `match_hostname` the similar functionality may be implemented on IPA side. https://docs.python.org/3/library/ssl.html#ssl.match_hostname Fixes: https://pagure.io/freeipa/issue/9117 Signed-off-by: Stanislav Levin Reviewed-By: Rob Crittenden --- ipalib/x509.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipalib/x509.py b/ipalib/x509.py index be649033b..05b15dad7 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -397,7 +397,10 @@ class IPACertificate: for value in values: match_san.append(('DNS', value)) - ssl.match_hostname(match_cert, DNSName(hostname).ToASCII()) + # deprecated in Python3.7 without replacement + ssl.match_hostname( # pylint: disable=deprecated-method + match_cert, DNSName(hostname).ToASCII() + ) def load_pem_x509_certificate(data):