55# Use of this source is governed by a 3-clause BSD-style license, see LICENSE file.
66
77import json , logging , logging .handlers , time
8+ import ssl
89import http .client
910from urllib .parse import urlparse
1011from urllib .parse import urlencode
@@ -277,15 +278,23 @@ def log_err(self, err, prio=logging.ERROR):
277278 if isinstance (err , Error ):
278279 err .log (self .logger , prio )
279280 return err
280-
281+
281282 def connect (self ):
282-
283283 try :
284284 if self .url .scheme == 'https' :
285+ context = ssl .create_default_context (ssl .Purpose .SERVER_AUTH )
286+ context .check_hostname = True
287+ context .verify_mode = ssl .CERT_REQUIRED
288+ if self .cafile :
289+ context .load_verify_locations (self .cafile )
290+ if self .keyfile and self .certfile :
291+ context .load_cert_chain (certfile = self .certfile , keyfile = self .keyfile )
292+ if self .ciphers :
293+ context .set_ciphers (self .ciphers )
294+
285295 conn = http .client .HTTPSConnection (
286296 self .url .netloc ,
287- key_file = self .keyfile ,
288- cert_file = self .certfile ,
297+ context = context ,
289298 timeout = self .timeout ,
290299 )
291300 elif self .url .scheme == 'http' :
@@ -294,8 +303,7 @@ def connect(self):
294303 )
295304 else :
296305 return Error (
297- message = 'Don\' t know how to connect to "%s"'
298- % self .url .scheme ,
306+ message = 'Don\' t know how to connect to "%s"' % self .url .scheme ,
299307 url = self .url .geturl (),
300308 )
301309 except Exception :
@@ -309,7 +317,7 @@ def connect(self):
309317 cafile = self .cafile ,
310318 ciphers = self .ciphers ,
311319 )
312-
320+
313321 return conn
314322
315323 def sendRequest (self , func = '' , payload = None , ** kwargs ):
0 commit comments