Commit 9d01717f authored by Victor Stinner's avatar Victor Stinner

Issue #20896, #22935: The ssl.get_server_certificate() function now uses the

ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum
compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is
disabled.
parent 5819cfa5
...@@ -922,7 +922,7 @@ def PEM_cert_to_DER_cert(pem_cert_string): ...@@ -922,7 +922,7 @@ def PEM_cert_to_DER_cert(pem_cert_string):
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
return base64.decodebytes(d.encode('ASCII', 'strict')) return base64.decodebytes(d.encode('ASCII', 'strict'))
def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
"""Retrieve the certificate from the server at the specified address, """Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string. and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it. If 'ca_certs' is specified, validate the server cert against it.
......
...@@ -44,6 +44,11 @@ Core and Builtins ...@@ -44,6 +44,11 @@ Core and Builtins
Library Library
------- -------
- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
:data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
where :data:`~ssl.PROTOCOL_SSLv3` support is disabled.
- Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol - Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol
version. version.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment