aboutsummaryrefslogtreecommitdiffstats
path: root/setuptools/ssl_support.py
diff options
context:
space:
mode:
authorGerhard Weis <g.weis@griffith.edu.au>2017-11-09 07:14:51 +1000
committerGerhard Weis <g.weis@griffith.edu.au>2017-11-09 07:17:23 +1000
commite630dfc9d761ef9d61df4eefe16de1368ebf3a42 (patch)
treeaf7a33b9916df600219a15e301e83944031fa779 /setuptools/ssl_support.py
parent403bfce4ab920823cc4ba0b5ca5ac0d1b213513d (diff)
downloadexternal_python_setuptools-e630dfc9d761ef9d61df4eefe16de1368ebf3a42.tar.gz
external_python_setuptools-e630dfc9d761ef9d61df4eefe16de1368ebf3a42.tar.bz2
external_python_setuptools-e630dfc9d761ef9d61df4eefe16de1368ebf3a42.zip
use ssl.create_default_context and SNI if available
Diffstat (limited to 'setuptools/ssl_support.py')
-rw-r--r--setuptools/ssl_support.py11
1 files changed, 8 insertions, 3 deletions
diff --git a/setuptools/ssl_support.py b/setuptools/ssl_support.py
index 72b18ef2..6362f1f4 100644
--- a/setuptools/ssl_support.py
+++ b/setuptools/ssl_support.py
@@ -186,9 +186,14 @@ class VerifyingHTTPSConn(HTTPSConnection):
else:
actual_host = self.host
- self.sock = ssl.wrap_socket(
- sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
- )
+ if hasattr(ssl, 'create_default_context'):
+ ctx = ssl.create_default_context(cafile=self.ca_bundle)
+ self.sock = ctx.wrap_socket(sock, server_hostname=actual_host)
+ else:
+ # This is for python < 2.7.9 and < 3.4?
+ self.sock = ssl.wrap_socket(
+ sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
+ )
try:
match_hostname(self.sock.getpeercert(), actual_host)
except CertificateError:
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-16 03:00:10 +0000