Made sure SSL SNI will not affect using redis-py in versions older than 2.7.9

1 files changed, 17 insertions, 9 deletions

diff --git a/redis/connection.py b/redis/connection.py
index 7d466d1..5192c9e 100755
--- a/redis/connection.py
+++ b/redis/connection.py
@@ -729,15 +729,23 @@ class SSLConnection(Connection):
     def _connect(self):
         "Wrap the socket with SSL support"
         sock = super(SSLConnection, self)._connect()
-        context = ssl.create_default_context()
-        context.check_hostname = False
-        context.verify_mode = self.cert_reqs
-        if self.certfile and self.keyfile:
-            context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
-        if self.ca_certs:
-            context.load_verify_locations(self.ca_certs)
-        sock = context.wrap_socket(sock,
-                               server_hostname=self.host)
+        if hasattr(ssl, "create_default_context"):
+            context = ssl.create_default_context()
+            context.check_hostname = False
+            context.verify_mode = self.cert_reqs
+            if self.certfile and self.keyfile:
+                context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
+            if self.ca_certs:
+                context.load_verify_locations(self.ca_certs)
+            sock = context.wrap_socket(sock,
+                                   server_hostname=self.host)
+        else:
+            # In case this code runs in a version which is older than 2.7.9, we want to fall back to old code
+            sock = ssl.wrap_socket(sock,
+                                   cert_reqs=self.cert_reqs,
+                                   keyfile=self.keyfile,
+                                   certfile=self.certfile,
+                                   ca_certs=self.ca_certs)
         return sock