net: remove fallback implementation of ssl_wrap_socket.

We no longer support Python < 3.4.
This commit is contained in:
Valentin Lorentz 2020-05-26 22:46:28 +02:00
parent 2924845de4
commit b4df468b3a

View File

@ -160,7 +160,6 @@ def check_certificate_fingerprint(conn, trusted_fingerprints):
return
raise ssl.CertificateError('No matching fingerprint.')
if hasattr(ssl, 'create_default_context'):
def ssl_wrap_socket(conn, hostname, logger, certfile=None,
trusted_fingerprints=None, verify=True, ca_file=None,
**kwargs):
@ -177,27 +176,5 @@ if hasattr(ssl, 'create_default_context'):
if verify and trusted_fingerprints:
check_certificate_fingerprint(conn, trusted_fingerprints)
return conn
else:
def ssl_wrap_socket(conn, hostname, logger, verify=True,
certfile=None,
ca_file=None, trusted_fingerprints=None):
# TLSv1.0 is the only TLS version Python < 2.7.9 supports
# (besides SSLv2 and v3, which are known to be insecure)
try:
conn = ssl.wrap_socket(conn,
server_hostname=hostname,
certfile=certfile, ca_certs=ca_file,
ssl_version=ssl.PROTOCOL_TLSv1)
except TypeError: # server_hostname is not supported
conn = ssl.wrap_socket(conn,
certfile=certfile, ca_certs=ca_file,
ssl_version=ssl.PROTOCOL_TLSv1)
if trusted_fingerprints:
check_certificate_fingerprint(conn, trusted_fingerprints)
elif verify:
logger.critical('This Python version does not support SSL/TLS '
'certification authority verification, which makes your '
'connection vulnerable to man-in-the-middle attacks. See: '
'<http://docs.limnoria.net/en/latest/use/security.html#ssl-python-versions>')
return conn
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: