bpo-43880: Show DeprecationWarnings for deprecated ssl module feature… · python/cpython@2875c60 (original) (raw)
`@@ -381,6 +381,11 @@ def match_hostname(cert, hostname):
`
381
381
` CertificateError is raised on failure. On success, the function
`
382
382
` returns nothing.
`
383
383
` """
`
``
384
`+
warnings.warn(
`
``
385
`+
"ssl module: match_hostname() is deprecated",
`
``
386
`+
category=DeprecationWarning,
`
``
387
`+
stacklevel=2
`
``
388
`+
)
`
384
389
`if not cert:
`
385
390
`raise ValueError("empty or no certificate, match_hostname needs a "
`
386
391
`"SSL socket or SSL context with either "
`
`@@ -479,7 +484,15 @@ class SSLContext(_SSLContext):
`
479
484
`sslsocket_class = None # SSLSocket is assigned later.
`
480
485
`sslobject_class = None # SSLObject is assigned later.
`
481
486
``
482
``
`-
def new(cls, protocol=PROTOCOL_TLS, *args, **kwargs):
`
``
487
`+
def new(cls, protocol=None, *args, **kwargs):
`
``
488
`+
if protocol is None:
`
``
489
`+
warnings.warn(
`
``
490
`+
"ssl module: "
`
``
491
`+
"SSLContext() without protocol argument is deprecated.",
`
``
492
`+
category=DeprecationWarning,
`
``
493
`+
stacklevel=2
`
``
494
`+
)
`
``
495
`+
protocol = PROTOCOL_TLS
`
483
496
`self = _SSLContext.new(cls, protocol)
`
484
497
`return self
`
485
498
``
`@@ -518,6 +531,7 @@ def wrap_bio(self, incoming, outgoing, server_side=False,
`
518
531
` )
`
519
532
``
520
533
`def set_npn_protocols(self, npn_protocols):
`
``
534
`+
warnings.warn("NPN is deprecated, use ALPN instead", stacklevel=2)
`
521
535
`protos = bytearray()
`
522
536
`for protocol in npn_protocols:
`
523
537
`b = bytes(protocol, 'ascii')
`
`@@ -734,12 +748,15 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
`
734
748
`# SSLContext sets OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION,
`
735
749
`# OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE
`
736
750
`# by default.
`
737
``
`-
context = SSLContext(PROTOCOL_TLS)
`
738
``
-
739
751
`if purpose == Purpose.SERVER_AUTH:
`
740
752
`# verify certs and host name in client mode
`
``
753
`+
context = SSLContext(PROTOCOL_TLS_CLIENT)
`
741
754
`context.verify_mode = CERT_REQUIRED
`
742
755
`context.check_hostname = True
`
``
756
`+
elif purpose == Purpose.CLIENT_AUTH:
`
``
757
`+
context = SSLContext(PROTOCOL_TLS_SERVER)
`
``
758
`+
else:
`
``
759
`+
raise ValueError(purpose)
`
743
760
``
744
761
`if cafile or capath or cadata:
`
745
762
`context.load_verify_locations(cafile, capath, cadata)
`
`@@ -755,7 +772,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
`
755
772
`context.keylog_filename = keylogfile
`
756
773
`return context
`
757
774
``
758
``
`-
def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=CERT_NONE,
`
``
775
`+
def _create_unverified_context(protocol=None, *, cert_reqs=CERT_NONE,
`
759
776
`check_hostname=False, purpose=Purpose.SERVER_AUTH,
`
760
777
`certfile=None, keyfile=None,
`
761
778
`cafile=None, capath=None, cadata=None):
`
`@@ -772,10 +789,18 @@ def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=CERT_NONE,
`
772
789
`# SSLContext sets OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION,
`
773
790
`# OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE
`
774
791
`# by default.
`
775
``
`-
context = SSLContext(protocol)
`
``
792
`+
if purpose == Purpose.SERVER_AUTH:
`
``
793
`+
verify certs and host name in client mode
`
``
794
`+
if protocol is None:
`
``
795
`+
protocol = PROTOCOL_TLS_CLIENT
`
``
796
`+
elif purpose == Purpose.CLIENT_AUTH:
`
``
797
`+
if protocol is None:
`
``
798
`+
protocol = PROTOCOL_TLS_SERVER
`
``
799
`+
else:
`
``
800
`+
raise ValueError(purpose)
`
776
801
``
777
``
`-
if not check_hostname:
`
778
``
`-
context.check_hostname = False
`
``
802
`+
context = SSLContext(protocol)
`
``
803
`+
context.check_hostname = check_hostname
`
779
804
`if cert_reqs is not None:
`
780
805
`context.verify_mode = cert_reqs
`
781
806
`if check_hostname:
`
`@@ -909,6 +934,9 @@ def selected_npn_protocol(self):
`
909
934
``` """Return the currently selected NPN protocol as a string, or None
`910`
`935`
` if a next protocol was not negotiated or if NPN is not supported by one
`
`911`
`936`
` of the peers."""
`
``
`937`
`+
warnings.warn(
`
``
`938`
`+
"ssl module: NPN is deprecated, use ALPN instead", stacklevel=2
`
``
`939`
`+
)
`
`912`
`940`
``
`913`
`941`
`def selected_alpn_protocol(self):
`
`914`
`942`
``` """Return the currently selected ALPN protocol as a string, or ``None``
`@@ -1123,6 +1151,9 @@ def getpeercert(self, binary_form=False):
`
1123
1151
`@_sslcopydoc
`
1124
1152
`def selected_npn_protocol(self):
`
1125
1153
`self._checkClosed()
`
``
1154
`+
warnings.warn(
`
``
1155
`+
"ssl module: NPN is deprecated, use ALPN instead", stacklevel=2
`
``
1156
`+
)
`
1126
1157
`return None
`
1127
1158
``
1128
1159
`@_sslcopydoc
`
`@@ -1382,7 +1413,11 @@ def wrap_socket(sock, keyfile=None, certfile=None,
`
1382
1413
`do_handshake_on_connect=True,
`
1383
1414
`suppress_ragged_eofs=True,
`
1384
1415
`ciphers=None):
`
1385
``
-
``
1416
`+
warnings.warn(
`
``
1417
`+
"ssl module: wrap_socket is deprecated, use SSLContext.wrap_socket()",
`
``
1418
`+
category=DeprecationWarning,
`
``
1419
`+
stacklevel=2
`
``
1420
`+
)
`
1386
1421
`if server_side and not certfile:
`
1387
1422
`raise ValueError("certfile must be specified for server-side "
`
1388
1423
`"operations")
`
`@@ -1460,7 +1495,7 @@ def PEM_cert_to_DER_cert(pem_cert_string):
`
1460
1495
`d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
`
1461
1496
`return base64.decodebytes(d.encode('ASCII', 'strict'))
`
1462
1497
``
1463
``
`-
def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
`
``
1498
`+
def get_server_certificate(addr, ssl_version=PROTOCOL_TLS_CLIENT, ca_certs=None):
`
1464
1499
`"""Retrieve the certificate from the server at the specified address,
`
1465
1500
` and return it as a PEM-encoded string.
`
1466
1501
` If 'ca_certs' is specified, validate the server cert against it.
`