From 42e831da09bd196068aeb7fe6bfe380bb46b846c Mon Sep 17 00:00:00 2001 From: Julien Rische Date: Wed, 19 Jul 2023 13:43:17 +0200 Subject: [PATCH] Replace ssl.wrap_socket() for tests The ssl.wrap_socket() function was deprecated in Python 3.7 and is removed in Python 3.12. The ssl.SSLContext.wrap_socket() method replaces it. Bump the required Python version for tests to 3.4 for ssl.create_default_context(). [ghudson@mit.edu: changed minimum Python version] (cherry picked from commit 0ceab6c363e65fb21d3312a663f2b9b569ecc415) --- src/configure.ac | 9 ++++----- src/util/wsgiref-kdcproxy.py | 4 +++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/configure.ac b/src/configure.ac index 2561e917a2..487f393146 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1157,10 +1157,9 @@ AC_SUBST(PKINIT) # for lib/apputils AC_REPLACE_FUNCS(daemon) -# For Python tests. Python version 3.2.4 is required as prior -# versions do not accept string input to subprocess.Popen.communicate -# when universal_newlines is set. -PYTHON_MINVERSION=3.2.4 +# For Python tests. Python version 3.4 is required for +# ssl.create_default_context(). +PYTHON_MINVERSION=3.4 AC_SUBST(PYTHON_MINVERSION) AC_CHECK_PROG(PYTHON,python3,python3) if test x"$PYTHON" = x; then @@ -1168,7 +1167,7 @@ if test x"$PYTHON" = x; then fi HAVE_PYTHON=no if test x"$PYTHON" != x; then - wantver="(sys.hexversion >= 0x30204F0)" + wantver="(sys.hexversion >= 0x30400F0)" if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then HAVE_PYTHON=yes fi diff --git a/src/util/wsgiref-kdcproxy.py b/src/util/wsgiref-kdcproxy.py index 58759696b6..d1d10d733c 100755 --- a/src/util/wsgiref-kdcproxy.py +++ b/src/util/wsgiref-kdcproxy.py @@ -14,6 +14,8 @@ else: pem = '*' server = make_server('localhost', port, kdcproxy.Application()) -server.socket = ssl.wrap_socket(server.socket, certfile=pem, server_side=True) +sslctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH) +sslctx.load_cert_chain(certfile=pem) +server.socket = sslctx.wrap_socket(server.socket, server_side=True) os.write(sys.stdout.fileno(), b'proxy server ready\n') server.serve_forever() -- 2.41.0