Hi Pere,I have a slightly different patch. I have been able to eliminate the error and also replace the old method with new one while keeping all the old behavior. I have tested that it was able to connect successfully to the server. However, I don't have credits in my account. Please help test it further. If it looks good, we can make a release of the package.
Thank you, -- Sunil
diff --git a/sockschain/__init__.py b/sockschain/__init__.py
index 0849fdf..0794d8d 100755
--- a/sockschain/__init__.py
+++ b/sockschain/__init__.py
@@ -196,23 +196,23 @@ except ImportError:
verify_names=None):
if DEBUG: DEBUG('*** TLS is provided by native Python ssl')
reqs = (verify_names and ssl.CERT_REQUIRED or ssl.CERT_NONE)
+
+ context = ssl.SSLContext(protocol=ctx.method)
+ context.verify_mode = reqs
+ context.load_verify_locations(cafile=ctx.ca_certs)
+ if ctx.certchain_file:
+ context.load_cert_chain(certfile=ctx.certchain_file,
+ keyfile=ctx.privatekey_file)
+
try:
- fd = ssl.wrap_socket(sock, keyfile=ctx.privatekey_file,
- certfile=ctx.certchain_file,
- cert_reqs=reqs,
- ca_certs=ctx.ca_certs,
- do_handshake_on_connect=False,
- ssl_version=ctx.method,
- ciphers=ctx.ciphers,
- server_side=server_side)
- except:
- fd = ssl.wrap_socket(sock, keyfile=ctx.privatekey_file,
- certfile=ctx.certchain_file,
- cert_reqs=reqs,
- ca_certs=ctx.ca_certs,
- do_handshake_on_connect=False,
- ssl_version=ctx.method,
- server_side=server_side)
+ if ctx.ciphers:
+ context.set_ciphers(ctx.ciphers)
+ except ssl.SSLError:
+ if DEBUG: DEBUG('No cipher could be selected')
+
+ fd = context.wrap_socket(sock,
+ do_handshake_on_connect=False,
+ server_side=server_side)
if verify_names:
fd.do_handshake()
OpenPGP_0x36C361440C9BC971.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature

