IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipalib/util.py: switch to ssl.PROTOCOL_TLS_CLIENT by default

Browse Source 
Python 3.10 deprecated ssl.PROTOCOL_TLS and ssl.PROTOCOL_SSLv23
constants which were aliases to each other. Use of them now causes a
warning to be displayed:

/usr/lib/python3.10/site-packages/ipalib/util.py:347: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
  ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

Use ssl.PROTOCOL_TLS_CLIENT instead, this constant is available since
Python 3.6.

Fixes: https://pagure.io/freeipa/issue/9129

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy 2022-03-17 09:55:02 +02:00 committed by Rob Crittenden
parent fe9be8c4a1
commit d237c40b2c
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipalib/util.py
View File

@ -339,8 +339,10 @@ def create_https_connection(
# official Python documentation states that the best option to get # official Python documentation states that the best option to get
# TLSv1 and later is to setup SSLContext with PROTOCOL_SSLv23 # TLSv1 and later is to setup SSLContext with PROTOCOL_SSLv23
# and then negate the insecure SSLv2 and SSLv3 # and then negate the insecure SSLv2 and SSLv3. However, with Python 3.10
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) # PROTOCOL_SSLv23 is deprecated as well as PROTOCOL_TLS. We should use
# PROTOCOL_TLS_CLIENT since Python 3.6
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ctx.options |= ( ctx.options |= (
ssl.OP_ALL | ssl.OP_NO_COMPRESSION | ssl.OP_SINGLE_DH_USE | ssl.OP_ALL | ssl.OP_NO_COMPRESSION | ssl.OP_SINGLE_DH_USE |
ssl.OP_SINGLE_ECDH_USE ssl.OP_SINGLE_ECDH_USE