src/untangle/untangle.py: use cleaner way of disabling verification. master
authorMichael Orlitzky <michael@orlitzky.com>
Sat, 21 Aug 2021 03:26:55 +0000 (23:26 -0400)
committerMichael Orlitzky <michael@orlitzky.com>
Sat, 21 Aug 2021 03:26:55 +0000 (23:26 -0400)
In the past, the internal _create_unverified_context() method of the
ssl module was used to create a context that doesn't verify
certificates. However, (now?) there is a cleaner way: by setting the
context's "check_hostname" member to False and its "verify_mode"
member to ssl.CERT_NONE. Which is exactly what this commit does.

src/untangle/untangle.py

index 570e89667ce329b0fd0b3c82a465ef7672ca702c..8ce4fb7f39b3017c49cfdd0295787ac047319862 100644 (file)
@@ -68,10 +68,10 @@ class Untangle:
 
         # SSL mumbo jumbo to make it ignore the certificate's hostname
         # when verify_cert = False.
-        if self.verify_cert:
-            ssl_ctx = ssl.create_default_context()
-        else:
-            ssl_ctx = ssl._create_unverified_context()
+        ssl_ctx = ssl.create_default_context()
+        if not self.verify_cert:
+            ssl_ctx.check_hostname = False
+            ssl_ctx.verify_mode = ssl.CERT_NONE
 
         https_handler = urllib.request.HTTPSHandler(context=ssl_ctx)