Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(3725)

Side by Side Diff: Lib/asyncio/selector_events.py

Issue 19689: ssl.create_default_context()
Patch Set: Created 5 years, 4 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | Lib/ftplib.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 """Event loop using a selector and related classes. 1 """Event loop using a selector and related classes.
2 2
3 A selector is a "notify-when-ready" multiplexer. For a subclass which 3 A selector is a "notify-when-ready" multiplexer. For a subclass which
4 also includes support for signal handling, see the unix_events sub-module. 4 also includes support for signal handling, see the unix_events sub-module.
5 """ 5 """
6 6
7 import collections 7 import collections
8 import errno 8 import errno
9 import socket 9 import socket
10 try: 10 try:
(...skipping 553 matching lines...) Expand 10 before | Expand all | Expand 10 after
564 564
565 if server_side: 565 if server_side:
566 if not sslcontext: 566 if not sslcontext:
567 raise ValueError('Server side ssl needs a valid SSLContext') 567 raise ValueError('Server side ssl needs a valid SSLContext')
568 else: 568 else:
569 if not sslcontext: 569 if not sslcontext:
570 # Client side may pass ssl=True to use a default 570 # Client side may pass ssl=True to use a default
571 # context; in that case the sslcontext passed is None. 571 # context; in that case the sslcontext passed is None.
572 # The default is the same as used by urllib with 572 # The default is the same as used by urllib with
573 # cadefault=True. 573 # cadefault=True.
574 sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) 574 sslcontext = ssl.create_default_context(
575 sslcontext.options |= ssl.OP_NO_SSLv2 575 cert_reqs=ssl.CERT_REQUIRED)
576 sslcontext.set_default_verify_paths()
577 sslcontext.verify_mode = ssl.CERT_REQUIRED
578 576
579 wrap_kwargs = { 577 wrap_kwargs = {
580 'server_side': server_side, 578 'server_side': server_side,
581 'do_handshake_on_connect': False, 579 'do_handshake_on_connect': False,
582 } 580 }
583 if server_hostname and not server_side and ssl.HAS_SNI: 581 if server_hostname and not server_side and ssl.HAS_SNI:
584 wrap_kwargs['server_hostname'] = server_hostname 582 wrap_kwargs['server_hostname'] = server_hostname
585 sslsock = sslcontext.wrap_socket(rawsock, **wrap_kwargs) 583 sslsock = sslcontext.wrap_socket(rawsock, **wrap_kwargs)
586 584
587 super().__init__(loop, sslsock, protocol, extra, server) 585 super().__init__(loop, sslsock, protocol, extra, server)
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after
828 return 826 return
829 except Exception as exc: 827 except Exception as exc:
830 self._fatal_error(exc) 828 self._fatal_error(exc)
831 return 829 return
832 830
833 self._maybe_resume_protocol() # May append to buffer. 831 self._maybe_resume_protocol() # May append to buffer.
834 if not self._buffer: 832 if not self._buffer:
835 self._loop.remove_writer(self._sock_fd) 833 self._loop.remove_writer(self._sock_fd)
836 if self._closing: 834 if self._closing:
837 self._call_connection_lost(None) 835 self._call_connection_lost(None)
OLDNEW
« no previous file with comments | « no previous file | Lib/ftplib.py » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+