Replace deprecated ssl.PROTOCOL_TLS in pki/client.py

Resolves #4512
dogtagpki · Jul 31, 2023 · 745af6e · 745af6e
1 parent cb798fc
commit 745af6e
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/base/common/python/pki/client.py b/base/common/python/pki/client.py
@@ -95,9 +95,9 @@ def __init__(self, pool_connections=DEFAULT_POOLSIZE,
 
     def init_poolmanager(self, connections, maxsize,
                          block=adapters.DEFAULT_POOLBLOCK, **pool_kwargs):
-        context = ssl.SSLContext(
-            ssl.PROTOCOL_TLS  # pylint: disable=no-member
-        )
+
+        tls_version = ssl.PROTOCOL_TLS_CLIENT if hasattr(ssl, "PROTOCOL_TLS_CLIENT") else ssl.PROTOCOL_TLS
+        context = ssl.SSLContext(tls_version)
 
         # Enable post handshake authentication for TLS 1.3
         if getattr(context, "post_handshake_auth", None) is not None:
@@ -116,9 +116,7 @@ def init_poolmanager(self, connections, maxsize,
         for capath in self.capaths:
             context.load_verify_locations(capath=capath)
 
-        if self.verify:
-            # Enable certificate verification
-            context.verify_mode = ssl.VerifyMode.CERT_REQUIRED  # pylint: disable=no-member
+        context.verify_mode = ssl.VerifyMode.CERT_REQUIRED  # pylint: disable=no-member
 
         pool_kwargs['ssl_context'] = context
         return super().init_poolmanager(