Merge pull request #1190 from gweis/master

use ssl.create_default_context and SNI if available
author: Jason R. Coombs <jaraco@jaraco.com> 2017-11-19 21:18:03 -0500
committer: GitHub <noreply@github.com> 2017-11-19 21:18:03 -0500
commit: 643bc841375a1caa6917543ca1ced6a36b74cc0a (patch)
tree: 81c7e46a10b6351aea1b8d4c90c7a3057d2e407f
parent: b27fc068fe8eb409851f3f92c1834e36073759c1 (diff)
parent: e630dfc9d761ef9d61df4eefe16de1368ebf3a42 (diff)
download: python-setuptools-git-643bc841375a1caa6917543ca1ced6a36b74cc0a.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/setuptools/ssl_support.py b/setuptools/ssl_support.py
index 72b18ef2..6362f1f4 100644
--- a/setuptools/ssl_support.py
+++ b/setuptools/ssl_support.py
@@ -186,9 +186,14 @@ class VerifyingHTTPSConn(HTTPSConnection):
         else:
             actual_host = self.host
 
-        self.sock = ssl.wrap_socket(
-            sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
-        )
+        if hasattr(ssl, 'create_default_context'):
+            ctx = ssl.create_default_context(cafile=self.ca_bundle)
+            self.sock = ctx.wrap_socket(sock, server_hostname=actual_host)
+        else:
+            # This is for python < 2.7.9 and < 3.4?
+            self.sock = ssl.wrap_socket(
+                sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
+            )
         try:
             match_hostname(self.sock.getpeercert(), actual_host)
         except CertificateError:
author	Jason R. Coombs <jaraco@jaraco.com>	2017-11-19 21:18:03 -0500
committer	GitHub <noreply@github.com>	2017-11-19 21:18:03 -0500
commit	643bc841375a1caa6917543ca1ced6a36b74cc0a (patch)
tree	81c7e46a10b6351aea1b8d4c90c7a3057d2e407f
parent	b27fc068fe8eb409851f3f92c1834e36073759c1 (diff)
parent	e630dfc9d761ef9d61df4eefe16de1368ebf3a42 (diff)
download	python-setuptools-git-643bc841375a1caa6917543ca1ced6a36b74cc0a.tar.gz