bpo-32008: Prefer client or TLSv1_2 in examples #5797
Conversation
Doc/library/ssl.rst
Outdated
| matches the hostname. Both setting ensure that the server certificate | ||
| was signed with one of the CA certificates and is a valid certificate | ||
| for the given server name. The :data:`PROTOCOL_TLS_CLIENT` protocol | ||
| configures the context for cert and hostname verification. All |
There was a problem hiding this comment.
This sentence seems like it should be the first on in the paragraph, since it's explaining the previous lines of code.
Doc/library/ssl.rst
Outdated
| was signed with one of the CA certificates and is a valid certificate | ||
| for the given server name. The :data:`PROTOCOL_TLS_CLIENT` protocol | ||
| configures the context for cert and hostname verification. All | ||
| remaining protocols are insecure by default:: |
There was a problem hiding this comment.
Also, the words before the colon aren't really explaining the next lines of code anymore.
I'm not sure this paragraph is very helpful anymore, since it's talking about two attributes that aren't used in the example at all.
|
@benjaminp I'll reply after the b2 is out. |
|
@tiran, ping |
|
I removed the " needs backport to 3.6" label, the 3.6 branch no longer accept bugfixes (only security fixes are accepted): https://devguide.python.org/#status-of-python-branches |
|
@tiran, ping |
Signed-off-by: Christian Heimes <christian@python.org>
Doc/library/ssl.rst
Outdated
| @@ -130,6 +130,7 @@ purposes. | |||
| :meth:`SSLContext.load_verify_locations`. If all three are | |||
| :const:`None`, this function can choose to trust the system's default | |||
| CA certificates instead. | |||
| CA certificates instead. | |||
Doc/library/ssl.rst
Outdated
| and :attr:`~SSLContext.check_hostname` validate the server certificate: it | ||
| ensures that the server certificate was signed with one of the CA | ||
| certificates, checks the signature for correctness, and verifies other | ||
| properties like validity and identity of the host:: |
There was a problem hiding this comment.
should be hostname I think
There was a problem hiding this comment.
Thank you @tiran and thank you to @benjaminp for the review.
|
Thanks @tiran for the PR, and @matrixise for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8. |
|
Sorry @tiran and @matrixise, I had trouble checking out the |
|
GH-16026 is a backport of this pull request to the 3.7 branch. |
Prefer client or TLSv1_2 in examples Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 894d0f7) Co-authored-by: Christian Heimes <christian@python.org>
|
GH-16027 is a backport of this pull request to the 3.8 branch. |
Prefer client or TLSv1_2 in examples Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 894d0f7) Co-authored-by: Christian Heimes <christian@python.org>
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue32008