diff options
| author | Christian Heimes <christian@python.org> | 2018-02-27 09:17:30 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-27 09:17:30 (GMT) |
| commit | 9d50ab563df6307cabbcc9883cb8c52c614b0f22 (patch) | |
| tree | c3e294b7e97d43152f87b00255ff5b875635448b /Misc | |
| parent | 90f05a527c7d439f1d0cba80f2eb32e60ee20fc3 (diff) | |
| download | cpython-9d50ab563df6307cabbcc9883cb8c52c614b0f22.zip cpython-9d50ab563df6307cabbcc9883cb8c52c614b0f22.tar.gz cpython-9d50ab563df6307cabbcc9883cb8c52c614b0f22.tar.bz2 | |
bpo-32951: Disable SSLSocket/SSLObject constructor (#5864)
Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
The constructors were never documented, tested, or designed as public
constructors. The SSLSocket constructor had limitations. For example it was
not possible to enabled hostname verification except was
ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.
SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
also deprecated.
The only test case for direct instantiation was added a couple of days
ago for IDNA testing.
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS.d/next/Library/2018-02-25-18-22-01.bpo-32951.gHrCXq.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2018-02-25-18-22-01.bpo-32951.gHrCXq.rst b/Misc/NEWS.d/next/Library/2018-02-25-18-22-01.bpo-32951.gHrCXq.rst new file mode 100644 index 0000000..9c038cf --- /dev/null +++ b/Misc/NEWS.d/next/Library/2018-02-25-18-22-01.bpo-32951.gHrCXq.rst @@ -0,0 +1,3 @@ +Direct instantiation of SSLSocket and SSLObject objects is now prohibited. +The constructors were never documented, tested, or designed as public +constructors. Users were suppose to use ssl.wrap_socket() or SSLContext. |