commit a170fa162dc03f0a014373349e548954fff2e567
author Christian Heimes <christian@python.org> Fri Sep 15 20:27:30 2017 +0200
committer GitHub <noreply@github.com> Fri Sep 15 20:27:30 2017 +0200
tree ed08062f8462d8b9e98e38b7832e39a85881b4e3
parent 4df60f18c64ba2835e68bf3eed08d8002a00f4ac

bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)

Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and
PROTOCOL_TLS_SERVER.

Signed-off-by: Christian Heimes <christian@python.org>

Lib/ssl.py

diff --git a/Lib/ssl.py b/Lib/ssl.py
index 2849dee..24f24b1 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -522,7 +522,7 @@
         context.load_default_certs(purpose)
     return context
 
-def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None,
+def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=CERT_NONE,
                            check_hostname=False, purpose=Purpose.SERVER_AUTH,
                            certfile=None, keyfile=None,
                            cafile=None, capath=None, cadata=None):
@@ -541,9 +541,12 @@
     # by default.
     context = SSLContext(protocol)
 
+    if not check_hostname:
+        context.check_hostname = False
     if cert_reqs is not None:
         context.verify_mode = cert_reqs
-    context.check_hostname = check_hostname
+    if check_hostname:
+        context.check_hostname = True
 
     if keyfile and not certfile:
         raise ValueError("certfile must be specified")