use ssl.create_default_context and SNI if available

e630dfc9 · Gerhard Weis · 403bfce4 · e630dfc9
Commit e630dfc9 authored Nov 09, 2017 by Gerhard Weis
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 3 deletions

setuptools/ssl_support.py setuptools/ssl_support.py +8 -3

No files found.
--- a/setuptools/ssl_support.py
+++ b/setuptools/ssl_support.py
@@ -186,9 +186,14 @@ class VerifyingHTTPSConn(HTTPSConnection):
        else:
            actual_host = self.host
-        self.sock = ssl.wrap_socket(
+        if hasattr(ssl, 'create_default_context'):
-            sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
+            ctx = ssl.create_default_context(cafile=self.ca_bundle)
-        )
+            self.sock = ctx.wrap_socket(sock, server_hostname=actual_host)
+        else:
+            # This is for python < 2.7.9 and < 3.4?
+            self.sock = ssl.wrap_socket(
+                sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle
+            )
        try:
            match_hostname(self.sock.getpeercert(), actual_host)
        except CertificateError: