mirror of
https://github.com/Mikaela/Limnoria.git
synced 2024-11-29 14:19:25 +01:00
net: remove fallback implementation of ssl_wrap_socket.
We no longer support Python < 3.4.
This commit is contained in:
parent
2924845de4
commit
b4df468b3a
@ -160,7 +160,6 @@ def check_certificate_fingerprint(conn, trusted_fingerprints):
|
||||
return
|
||||
raise ssl.CertificateError('No matching fingerprint.')
|
||||
|
||||
if hasattr(ssl, 'create_default_context'):
|
||||
def ssl_wrap_socket(conn, hostname, logger, certfile=None,
|
||||
trusted_fingerprints=None, verify=True, ca_file=None,
|
||||
**kwargs):
|
||||
@ -177,27 +176,5 @@ if hasattr(ssl, 'create_default_context'):
|
||||
if verify and trusted_fingerprints:
|
||||
check_certificate_fingerprint(conn, trusted_fingerprints)
|
||||
return conn
|
||||
else:
|
||||
def ssl_wrap_socket(conn, hostname, logger, verify=True,
|
||||
certfile=None,
|
||||
ca_file=None, trusted_fingerprints=None):
|
||||
# TLSv1.0 is the only TLS version Python < 2.7.9 supports
|
||||
# (besides SSLv2 and v3, which are known to be insecure)
|
||||
try:
|
||||
conn = ssl.wrap_socket(conn,
|
||||
server_hostname=hostname,
|
||||
certfile=certfile, ca_certs=ca_file,
|
||||
ssl_version=ssl.PROTOCOL_TLSv1)
|
||||
except TypeError: # server_hostname is not supported
|
||||
conn = ssl.wrap_socket(conn,
|
||||
certfile=certfile, ca_certs=ca_file,
|
||||
ssl_version=ssl.PROTOCOL_TLSv1)
|
||||
if trusted_fingerprints:
|
||||
check_certificate_fingerprint(conn, trusted_fingerprints)
|
||||
elif verify:
|
||||
logger.critical('This Python version does not support SSL/TLS '
|
||||
'certification authority verification, which makes your '
|
||||
'connection vulnerable to man-in-the-middle attacks. See: '
|
||||
'<http://docs.limnoria.net/en/latest/use/security.html#ssl-python-versions>')
|
||||
return conn
|
||||
|
||||
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79:
|
||||
|
Loading…
Reference in New Issue
Block a user