Description: fix ssl_wrap removed from python 3.12's ssl.py Author: Rene Luria Forwarded: no Bug-Debian: https://bugs.debian.org/1058411 Last-Update: 2023-12-19 Index: python-pykmip/kmip/services/kmip_client.py =================================================================== --- python-pykmip.orig/kmip/services/kmip_client.py +++ python-pykmip/kmip/services/kmip_client.py @@ -285,13 +285,20 @@ class KMIPProxy(object): six.reraise(*last_error) def _create_socket(self, sock): - self.socket = ssl.wrap_socket( + context = ssl.SSLContext(self.ssl_version) + + if self.certfile or self.keyfile: + context.load_cert_chain( + certfile=self.certfile, + keyfile=self.keyfile, + ) + if self.ca_certs: + context.load_verify_locations(self.ca_certs) + + context.options |= self.cert_reqs + + self.socket = context.wrap_socket( sock, - keyfile=self.keyfile, - certfile=self.certfile, - cert_reqs=self.cert_reqs, - ssl_version=self.ssl_version, - ca_certs=self.ca_certs, do_handshake_on_connect=self.do_handshake_on_connect, suppress_ragged_eofs=self.suppress_ragged_eofs) self.socket.settimeout(self.timeout) Index: python-pykmip/kmip/services/server/server.py =================================================================== --- python-pykmip.orig/kmip/services/server/server.py +++ python-pykmip/kmip/services/server/server.py @@ -287,17 +287,22 @@ class KmipServer(object): for cipher in auth_suite_ciphers: self._logger.debug(cipher) - self._socket = ssl.wrap_socket( + context = ssl.SSLContext(self.auth_suite.protocol if self.auth_suite.protocol else ssl.PROTOCOL_TLS_SERVER) + if self.config.settings.get('key_path') or self.config.settings.get('certificate_path'): + context.load_cert_chain( + certfile=self.config.settings.get('key_path'), + keyfile=self.config.settings.get('certificate_path'), + ) + if self.config.settings.get('ca_path'): + context.load_verify_locations(self.config.settings.get('ca_path')) + context.set_ciphers(self.auth_suite.ciphers) + context.verify_mode = ssl.CERT_REQUIRED + + self._socket = context.wrap_socket( self._socket, - keyfile=self.config.settings.get('key_path'), - certfile=self.config.settings.get('certificate_path'), server_side=True, - cert_reqs=ssl.CERT_REQUIRED, - ssl_version=self.auth_suite.protocol, - ca_certs=self.config.settings.get('ca_path'), do_handshake_on_connect=False, suppress_ragged_eofs=True, - ciphers=self.auth_suite.ciphers ) try: Index: python-pykmip/kmip/tests/unit/services/server/test_server.py =================================================================== --- python-pykmip.orig/kmip/tests/unit/services/server/test_server.py +++ python-pykmip/kmip/tests/unit/services/server/test_server.py @@ -168,7 +168,7 @@ class TestKmipServer(testtools.TestCase) # Test that in ideal cases no errors are generated and the right # log messages are. with mock.patch('socket.socket') as socket_mock: - with mock.patch('ssl.wrap_socket') as ssl_mock: + with mock.patch('ssl.SSLContext.wrap_socket') as ssl_mock: socket_mock.return_value = a_mock ssl_mock.return_value = b_mock @@ -229,7 +229,7 @@ class TestKmipServer(testtools.TestCase) # Test that a NetworkingError is generated if the socket bind fails. with mock.patch('socket.socket') as socket_mock: - with mock.patch('ssl.wrap_socket') as ssl_mock: + with mock.patch('ssl.SSLContext.wrap_socket') as ssl_mock: socket_mock.return_value = a_mock ssl_mock.return_value = b_mock