[Python-checkins] gh-94172: urllib.request avoids deprecated key_file/cert_file (#94232)
vstinner
webhook-mailer at python.org
Sun Jun 26 04:43:25 EDT 2022
https://github.com/python/cpython/commit/37118fa2e3af133b0cf4935b008c7be7f5d07f68
commit: 37118fa2e3af133b0cf4935b008c7be7f5d07f68
branch: main
author: Victor Stinner <vstinner at python.org>
committer: vstinner <vstinner at python.org>
date: 2022-06-26T10:43:21+02:00
summary:
gh-94172: urllib.request avoids deprecated key_file/cert_file (#94232)
The urllib.request module no longer uses the deprecated key_file and
cert_file parameter of the http.client module.
files:
M Lib/urllib/request.py
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index 7878daacb52d0..1761e951e6246 100644
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -1990,9 +1990,17 @@ def http_error_default(self, url, fp, errcode, errmsg, headers):
if _have_ssl:
def _https_connection(self, host):
- return http.client.HTTPSConnection(host,
- key_file=self.key_file,
- cert_file=self.cert_file)
+ if self.key_file or self.cert_file:
+ http_version = http.client.HTTPSConnection._http_vsn
+ context = http.client._create_https_context(http_version)
+ context.load_cert_chain(self.cert_file, self.key_file)
+ # cert and key file means the user wants to authenticate.
+ # enable TLS 1.3 PHA implicitly even for custom contexts.
+ if context.post_handshake_auth is not None:
+ context.post_handshake_auth = True
+ else:
+ context = None
+ return http.client.HTTPSConnection(host, context=context)
def open_https(self, url, data=None):
"""Use HTTPS protocol."""
More information about the Python-checkins
mailing list