From a132da3976a2449f50c2e3d97e64573ed581feb8 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Fri, 20 Aug 2021 23:26:55 -0400
Subject: [PATCH] src/untangle/untangle.py: use cleaner way of disabling
 verification.

In the past, the internal _create_unverified_context() method of the
ssl module was used to create a context that doesn't verify
certificates. However, (now?) there is a cleaner way: by setting the
context's "check_hostname" member to False and its "verify_mode"
member to ssl.CERT_NONE. Which is exactly what this commit does.
---
 src/untangle/untangle.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/untangle/untangle.py b/src/untangle/untangle.py
index 570e896..8ce4fb7 100644
--- a/src/untangle/untangle.py
+++ b/src/untangle/untangle.py
@@ -68,10 +68,10 @@ class Untangle:
 
         # SSL mumbo jumbo to make it ignore the certificate's hostname
         # when verify_cert = False.
-        if self.verify_cert:
-            ssl_ctx = ssl.create_default_context()
-        else:
-            ssl_ctx = ssl._create_unverified_context()
+        ssl_ctx = ssl.create_default_context()
+        if not self.verify_cert:
+            ssl_ctx.check_hostname = False
+            ssl_ctx.verify_mode = ssl.CERT_NONE
 
         https_handler = urllib.request.HTTPSHandler(context=ssl_ctx)
 
-- 
2.43.2