diff options
author | Clark Boylan <clark.boylan@gmail.com> | 2023-02-07 16:37:20 -0800 |
---|---|---|
committer | Clark Boylan <clark.boylan@gmail.com> | 2023-02-07 16:37:20 -0800 |
commit | 2747ea6f56137bf675acb15614041c654375a7b5 (patch) | |
tree | 0a5564b9b62cfa38a74db4e5a42ccde3fd4df20a | |
parent | 045bb270c0ab3e39eaab6462d77f6e9494a8fe3d (diff) | |
download | zuul-2747ea6f56137bf675acb15614041c654375a7b5.tar.gz |
Fix DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
Since python 3.10 ssl.PROTOCOL_TLS has been deprecated. We are expected
to use ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER depending on
how the sockets are to be used. Switch over to these new constants to
avoid the DeprecationWarning.
One thing to note is that PROTOCOL_TLS_CLIENT has default behaviors
around cert verification and hostname checking. Zuul is already
explicitly setting those options the way it wants to and I've left that
alone to avoid trouble if the defaults change later.
Finally, this doesn't fix the occurence of this error that happens
within kazoo. A separate PR has been made upstream to kazoo and this
should be fixed in the next kazoo release.
Change-Id: Ib41640f1d33d60503066464c8c98f865a74f003a
-rw-r--r-- | tests/unit/test_streaming.py | 2 | ||||
-rw-r--r-- | zuul/lib/fingergw.py | 2 | ||||
-rw-r--r-- | zuul/lib/streamer_utils.py | 2 | ||||
-rwxr-xr-x | zuul/web/__init__.py | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/tests/unit/test_streaming.py b/tests/unit/test_streaming.py index 12b33e5c6..7e6a2e635 100644 --- a/tests/unit/test_streaming.py +++ b/tests/unit/test_streaming.py @@ -165,7 +165,7 @@ class TestStreamingBase(tests.base.AnsibleZuulTestCase): self.streaming_data[name] = '' with socket.create_connection(gateway_address) as s: if self.fingergw_use_ssl: - context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.verify_mode = ssl.CERT_REQUIRED context.check_hostname = False context.load_cert_chain( diff --git a/zuul/lib/fingergw.py b/zuul/lib/fingergw.py index bd947f113..184c9762d 100644 --- a/zuul/lib/fingergw.py +++ b/zuul/lib/fingergw.py @@ -71,7 +71,7 @@ class RequestHandler(streamer_utils.BaseFingerRequestHandler): ''' with socket.create_connection((server, port), timeout=10) as s: if use_ssl: - context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.verify_mode = ssl.CERT_REQUIRED context.check_hostname = self.fingergw.tls_verify_hostnames context.load_cert_chain(self.fingergw.tls_cert, diff --git a/zuul/lib/streamer_utils.py b/zuul/lib/streamer_utils.py index 04de4b8cb..a50fb4142 100644 --- a/zuul/lib/streamer_utils.py +++ b/zuul/lib/streamer_utils.py @@ -168,7 +168,7 @@ class CustomThreadingTCPServer(socketserver.ThreadingTCPServer): if all([self.server_ssl_key, self.server_ssl_cert, self.server_ssl_ca]): - context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) context.load_cert_chain(self.server_ssl_cert, self.server_ssl_key) context.load_verify_locations(self.server_ssl_ca) context.verify_mode = ssl.CERT_REQUIRED diff --git a/zuul/web/__init__.py b/zuul/web/__init__.py index 7f27cd970..47226fd7d 100755 --- a/zuul/web/__init__.py +++ b/zuul/web/__init__.py @@ -395,7 +395,7 @@ class LogStreamer(object): self.finger_socket = socket.create_connection( (server, port), timeout=10) if use_ssl: - context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.verify_mode = ssl.CERT_REQUIRED context.check_hostname = self.zuulweb.finger_tls_verify_hostnames context.load_cert_chain( |