Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace deprecated ssl.PROTOCOL_TLS in pki/client.py #4517

Merged
merged 1 commit into from
Aug 2, 2023
Merged

Replace deprecated ssl.PROTOCOL_TLS in pki/client.py #4517

merged 1 commit into from
Aug 2, 2023

Conversation

ckelleyRH
Copy link
Contributor

Resolves #4512

I modified the suggested fix as we never used ssl.PROTOCOL_TLSv1_2, we should keep the fall-through behaviour to default to ssl.PROTOCOL_TLS as it does currently and use the newer protocol if available.

@ckelleyRH
Copy link
Contributor Author

Looks like I broke installation, will investigate.

@edewata
Copy link
Contributor

edewata commented Jul 31, 2023

I think it failed because we disabled verification in PKIServer.is_running():
https://github.com/dogtagpki/pki/blob/master/base/server/python/pki/server/__init__.py#L378

@ckelleyRH
Copy link
Contributor Author

I think it failed because we disabled verification in PKIServer.is_running(): https://github.com/dogtagpki/pki/blob/master/base/server/python/pki/server/__init__.py#L378

Yes, I removed the bit that was conditional on self.verify for testing and didn't put anything back in to replace it. As the verification checks are now default on, I inverted the logic of the self.verify check so that we explicitly disable rather than explicitly enable them.

@sonarcloud
Copy link

sonarcloud bot commented Aug 1, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.4% 0.4% Duplication

edewata
edewata approved these changes Aug 1, 2023
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I think we can ignore the unrelated TPS test failure.

@ckelleyRH ckelleyRH merged commit a972f52 into dogtagpki:master Aug 2, 2023
138 of 139 checks passed
@ckelleyRH ckelleyRH deleted the SSL branch August 2, 2023 06:35
@ckelleyRH
Copy link
Contributor Author

Thanks @edewata , I gave it the "old man shouts at test" routine and merged!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edewata edewata edewata approved these changes

@fmarco76 fmarco76 Awaiting requested review from fmarco76

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
2 participants
@ckelleyRH @edewata