krb5 commit: Replace ssl.wrap_socket() for tests

ghudson at mit.edu ghudson at mit.edu
Thu Jul 27 21:44:03 EDT 2023 

https://github.com/krb5/krb5/commit/0ceab6c363e65fb21d3312a663f2b9b569ecc415
commit 0ceab6c363e65fb21d3312a663f2b9b569ecc415
Author: Julien Rische <jrische at redhat.com>
Date:   Wed Jul 19 13:43:17 2023 +0200

    Replace ssl.wrap_socket() for tests
    
    The ssl.wrap_socket() function was deprecated in Python 3.7 and is
    removed in Python 3.12.  The ssl.SSLContext.wrap_socket() method
    replaces it.
    
    Bump the required Python version for tests to 3.4 for
    ssl.create_default_context().
    
    [ghudson at mit.edu: changed minimum Python version]

 src/configure.ac             | 9 ++++-----
 src/util/wsgiref-kdcproxy.py | 4 +++-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/configure.ac b/src/configure.ac
index 77be7a202..ca57e8a6e 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -1157,10 +1157,9 @@ AC_SUBST(PKINIT)
 # for lib/apputils
 AC_REPLACE_FUNCS(daemon)
 
-# For Python tests.  Python version 3.2.4 is required as prior
-# versions do not accept string input to subprocess.Popen.communicate
-# when universal_newlines is set.
-PYTHON_MINVERSION=3.2.4
+# For Python tests.  Python version 3.4 is required for
+# ssl.create_default_context().
+PYTHON_MINVERSION=3.4
 AC_SUBST(PYTHON_MINVERSION)
 AC_CHECK_PROG(PYTHON,python3,python3)
 if test x"$PYTHON" = x; then
@@ -1168,7 +1167,7 @@ if test x"$PYTHON" = x; then
 fi
 HAVE_PYTHON=no
 if test x"$PYTHON" != x; then
-	wantver="(sys.hexversion >= 0x30204F0)"
+	wantver="(sys.hexversion >= 0x30400F0)"
 	if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
 		HAVE_PYTHON=yes
 	fi
diff --git a/src/util/wsgiref-kdcproxy.py b/src/util/wsgiref-kdcproxy.py
index 58759696b..d1d10d733 100755
--- a/src/util/wsgiref-kdcproxy.py
+++ b/src/util/wsgiref-kdcproxy.py
@@ -14,6 +14,8 @@ else:
     pem = '*'
 
 server = make_server('localhost', port, kdcproxy.Application())
-server.socket = ssl.wrap_socket(server.socket, certfile=pem, server_side=True)
+sslctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+sslctx.load_cert_chain(certfile=pem)
+server.socket = sslctx.wrap_socket(server.socket, server_side=True)
 os.write(sys.stdout.fileno(), b'proxy server ready\n')
 server.serve_forever()

More information about the cvs-krb5 mailing list