Fix compatibility with SSLContext usage >= Python 3.7

For SSL sockets created using the SSLContext class under Python >= 3.7,
eventlet incorrectly passes the context as '_context' to the top
level wrap_socket function in the native ssl module.

This causes:

  wrap_socket() got an unexpected keyword argument '_context'

as the context cannot be passed this way.

If a context is provided, use the underlying sslsocket_class to
wrap the socket, mirroring the implementation of the wrap_socket
method in the native SSLContext class.

Fixes issue #526

Co-authored-by: Tim Burke <tim.burke@gmail.com>

2 files changed, 44 insertions, 11 deletions

diff --git a/eventlet/green/ssl.py b/eventlet/green/ssl.py
index 552afc8..10cff21 100644
--- a/eventlet/green/ssl.py
+++ b/eventlet/green/ssl.py
@@ -64,17 +64,28 @@ class GreenSSLSocket(_original_sslsocket):
             if not isinstance(sock, GreenSocket):
                 sock = GreenSocket(sock)
             with _original_ssl_context():
-                ret = _original_wrap_socket(
-                    sock=sock.fd,
-                    keyfile=keyfile,
-                    certfile=certfile,
-                    server_side=server_side,
-                    cert_reqs=cert_reqs,
-                    ssl_version=ssl_version,
-                    ca_certs=ca_certs,
-                    do_handshake_on_connect=False,
-                    *args, **kw
-                )
+                context = kw.get('_context')
+                if context:
+                    ret = _original_sslsocket._create(
+                        sock=sock.fd,
+                        server_side=server_side,
+                        do_handshake_on_connect=False,
+                        suppress_ragged_eofs=kw.get('suppress_ragged_eofs'),
+                        server_hostname=kw.get('server_hostname'),
+                        context=context,
+                        session=kw.get('session'),
+                    )
+                else:
+                    ret = _original_wrap_socket(
+                        sock=sock.fd,
+                        keyfile=keyfile,
+                        certfile=certfile,
+                        server_side=server_side,
+                        cert_reqs=cert_reqs,
+                        ssl_version=ssl_version,
+                        ca_certs=ca_certs,
+                        do_handshake_on_connect=False,
+                    )
             ret.keyfile = keyfile
             ret.certfile = certfile
             ret.cert_reqs = cert_reqs
diff --git a/tests/ssl_test.py b/tests/ssl_test.py
index d8b7d7e..d3e3780 100644
--- a/tests/ssl_test.py
+++ b/tests/ssl_test.py
@@ -51,6 +51,28 @@ class SSLTest(tests.LimitedTestCase):
         self.assertEqual(client.recv(8192), b'response')
         server_coro.wait()
 
+    def test_ssl_context(self):
+        def serve(listener):
+            sock, addr = listener.accept()
+            sock.recv(8192)
+            sock.sendall(b'response')
+
+        sock = listen_ssl_socket()
+
+        server_coro = eventlet.spawn(serve, sock)
+
+        context = ssl.create_default_context()
+        context.verify_mode = ssl.CERT_REQUIRED
+        context.check_hostname = True
+        context.load_verify_locations(tests.certificate_file)
+
+        client = context.wrap_socket(
+            eventlet.connect(sock.getsockname()),
+            server_hostname='Test')
+        client.sendall(b'line 1\r\nline 2\r\n\r\n')
+        self.assertEqual(client.recv(8192), b'response')
+        server_coro.wait()
+
     def test_ssl_close(self):
         def serve(listener):
             sock, addr = listener.accept()