Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove deprecated ssl.wrap_socket, use SSLContext.wrap_socket instead #12

Merged
merged 1 commit into from
Jan 16, 2024

Conversation

pfrayer
Copy link

@pfrayer pfrayer commented Jan 15, 2024

ssl.wrap_socket is deprecated since Python 3.7, and has been removed in Python 3.12: https://docs.python.org/3/whatsnew/3.12.html

Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its ssl.SSLContext.wrap_socket method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates server hostname. Code is subject to CWE-295: Improper Certificate Validation. (Contributed by Victor Stinner in gh-94199.)

Also in 3.12, setuptools is not installed by default anymore:

Important deprecations, removals or restrictions:
Do not pre-install setuptools in virtual environments created with venv. This means that distutils, setuptools, pkg_resources, and easy_install will no longer available by default; to access these run pip install setuptools in the activated virtual environment.

@pfrayer pfrayer force-pushed the dev/pierre.frayer/wrap_socket branch from a5c53d9 to 6754c14 Compare January 16, 2024 09:54
@pfrayer pfrayer force-pushed the dev/pierre.frayer/wrap_socket branch from 6754c14 to ad1bc69 Compare January 16, 2024 10:42
@pfrayer pfrayer requested review from cdumay and pdepaepe January 16, 2024 10:44
@cdumay cdumay merged commit f5f9730 into master Jan 16, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants