Don't use legacy ssl hostname validation for python >= 3.12

commit: 23e0e5ce75300451f49727ee438edbc76fcbb372 [log] [tgz]
author: Susanne Lindgren <susanne.lindgren@foi.se> Tue Nov 19 09:44:37 2024 +0100
committer: Jens Geyer <Jens-G@users.noreply.github.com> Wed Nov 20 22:31:06 2024 +0100
tree: a8b9e5a928a5c68d056867864944366aa21ac212
parent: 0f027530d7d46ae25f3ed6d6ee453ca18ca43eb6 [diff]
diff --git a/lib/py/src/transport/sslcompat.py b/lib/py/src/transport/sslcompat.py
index 60616db..54235ec 100644
--- a/lib/py/src/transport/sslcompat.py
+++ b/lib/py/src/transport/sslcompat.py

@@ -92,8 +92,15 @@
         logger.debug('ssl.match_hostname is available')
         match = match_hostname
     except ImportError:
-        logger.warning('using legacy validation callback')
-        match = legacy_validate_callback
+        # https://docs.python.org/3/whatsnew/3.12.html:
+        # "Remove the ssl.match_hostname() function. It was deprecated in Python
+        # 3.7. OpenSSL performs hostname matching since Python 3.7, Python no
+        # longer uses the ssl.match_hostname() function.""
+        if sys.version_info[0] > 3 or (sys.version_info[0] == 3 and sys.version_info[1] >= 12):
+            match = lambda cert, hostname: True
+        else:
+            logger.warning('using legacy validation callback')
+            match = legacy_validate_callback
     return ipaddr, match
commit	23e0e5ce75300451f49727ee438edbc76fcbb372	[log] [tgz]
author	Susanne Lindgren <susanne.lindgren@foi.se>	Tue Nov 19 09:44:37 2024 +0100
committer	Jens Geyer <Jens-G@users.noreply.github.com>	Wed Nov 20 22:31:06 2024 +0100
tree	a8b9e5a928a5c68d056867864944366aa21ac212
parent	0f027530d7d46ae25f3ed6d6ee453ca18ca43eb6 [diff]