granicus.if.org Git - python/commit

author	Christian Heimes <christian@python.org>
	Tue, 27 Feb 2018 10:17:32 +0000 (11:17 +0100)
committer	GitHub <noreply@github.com>
	Tue, 27 Feb 2018 10:17:32 +0000 (11:17 +0100)
commit	89c2051a554d2053ac87b0adbf11ed0f1bb65db3
tree	eb47cd7a5da6ae5458f952197151d528c6f7193c	tree \| snapshot
parent	102d5204add249248d1a0fa1dd3f673e884b06b4	commit \| diff

[3.7] bpo-32951: Disable SSLSocket/SSLObject constructor (GH-5864) (#5925)

Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
The constructors were never documented, tested, or designed as public
constructors. The SSLSocket constructor had limitations. For example it was
not possible to enabled hostname verification except was
ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.

SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
also deprecated.

The only test case for direct instantiation was added a couple of days
ago for IDNA testing.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 9d50ab563df6307cabbcc9883cb8c52c614b0f22)

Co-authored-by: Christian Heimes <christian@python.org>

Doc/library/ssl.rst		diff \| blob \| history
Doc/whatsnew/3.7.rst		diff \| blob \| history
Lib/ssl.py		diff \| blob \| history
Lib/test/test_ssl.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2018-02-25-18-22-01.bpo-32951.gHrCXq.rst	[new file with mode: 0644]	blob