• Christian Heimes's avatar
    bpo-32951: Disable SSLSocket/SSLObject constructor (#5864) · 9d50ab56
    Christian Heimes authored
    Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
    The constructors were never documented, tested, or designed as public
    constructors. The SSLSocket constructor had limitations. For example it was
    not possible to enabled hostname verification except was
    ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.
    
    SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
    to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
    also deprecated.
    
    The only test case for direct instantiation was added a couple of days
    ago for IDNA testing.
    Signed-off-by: default avatarChristian Heimes <christian@python.org>
    9d50ab56
ssl.py 43.3 KB