diff options
| author | Zuul <zuul@review.opendev.org> | 2019-06-17 16:17:30 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2019-06-17 16:17:30 +0000 |
| commit | 483ab492a86907b4509b154d978af62266e814c8 (patch) | |
| tree | 00a421d6b1009144161fb9868834360c9531acfa | |
| parent | 8d3ea4bcff35ffa75230f621e6335a8129a4ed5d (diff) | |
| parent | 58b2f277b7108c5da841631b9d6f7946f1a08c82 (diff) | |
| download | gear-483ab492a86907b4509b154d978af62266e814c8.tar.gz | |
Merge "Add support for server name indication"0.14.0
| -rw-r--r-- | gear/__init__.py | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/gear/__init__.py b/gear/__init__.py index 56d1126..d436274 100644 --- a/gear/__init__.py +++ b/gear/__init__.py @@ -205,11 +205,12 @@ class Connection(object): if self.use_ssl: self.log.debug("Using SSL") - s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1, - cert_reqs=ssl.CERT_REQUIRED, - keyfile=self.ssl_key, - certfile=self.ssl_cert, - ca_certs=self.ssl_ca) + context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + context.verify_mode = ssl.CERT_REQUIRED + context.check_hostname = False + context.load_cert_chain(self.ssl_cert, self.ssl_key) + context.load_verify_locations(self.ssl_ca) + s = context.wrap_socket(s, server_hostname=self.host) try: s.connect(sa) @@ -2851,12 +2852,11 @@ class Server(BaseClientServer): self.log.debug("Accepting new connection") c, addr = self.socket.accept() if self.use_ssl: - c = ssl.wrap_socket(c, server_side=True, - keyfile=self.ssl_key, - certfile=self.ssl_cert, - ca_certs=self.ssl_ca, - cert_reqs=ssl.CERT_REQUIRED, - ssl_version=ssl.PROTOCOL_TLSv1) + context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + context.verify_mode = ssl.CERT_REQUIRED + context.load_cert_chain(self.ssl_cert, self.ssl_key) + context.load_verify_locations(self.ssl_ca) + c = context.wrap_socket(c, server_side=True) conn = ServerConnection(addr, c, self.use_ssl, self.client_id) self.log.info("Accepted connection %s" % (conn,)) |