Merge pull request #310 from growbots/ssl-python-2.7.0

Allow old version of Python 2.7 to use TLS
mjs · Nov 14, 2017 · 2abdac6 · 2abdac6
2 parents 92564f7 + fe4339f
commit 2abdac6
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 14 deletions.
diff --git a/doc/src/concepts.rst b/doc/src/concepts.rst
@@ -89,6 +89,13 @@ When constructing a custom context it is usually best to start with
 the default context, created by the ``ssl`` module, and modify it to
 suit your needs.
 
+.. warning::
+
+  Users of Python 2.7.0 - 2.7.8 can use TLS but cannot configure
+  the settings via an ``ssl.SSLContext``. These Python versions are
+  also not capable of proper certification verification. It is highly
+  encouraged to upgrade to a more recent version of Python.
+
 The following example shows how to to disable certification
 verification and certificate host name checks if required.
 
@@ -112,18 +119,6 @@ The above examples show some of the most common TLS parameter
 customisations but there are many other tweaks are possible. Consult
 the Python 3 :py:mod:`ssl` package documentation for further options.
 
-Old pyOpenSSL Versions
-+++++++++++++++++++++++
-
-IMAPClient's TLS functionality will not behaviour correctly if an
-out-of-date version of pyOpenSSL is used. On some systems
-(particularly OS X) the system installed version of pyOpenSSL will
-take precedence over any user installed version. Use of virtualenvs is
-strongly encouraged to work around this.
-
-IMAPClient checks the installed pyOpenSSL version at import time and
-will fail early if an old pyOpenSSL version is found.
-
 Using gevent with IMAPClient
 ++++++++++++++++++++++++++++
 Some extra monkey patching is required so that the gevent_ package can

diff --git a/imapclient/tls.py b/imapclient/tls.py
@@ -13,6 +13,19 @@
 
 
 def wrap_socket(sock, ssl_context, host):
+
+    if not hasattr(ssl, 'create_default_context'):
+        # Python 2.7.0 - 2.7.8 do not have the concept of ssl contexts.
+        # Thus we have to use the less flexible and legacy way of wrapping the
+        # socket
+        if ssl_context is not None:
+            raise RuntimeError(
+                "Cannot precisely configure the SSL connection, upgrade to "
+                "Python >= 2.7.9 to fine tune the settings."
+            )
+
+        return ssl.wrap_socket(sock)
+
     if ssl_context is None:
         ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
 

diff --git a/imapclient/version.py b/imapclient/version.py
@@ -21,5 +21,3 @@ def _imapclient_version_string(vinfo):
 
 author = 'Menno Finlay-Smits'
 author_email = 'inbox@menno.io'
-
-min_pyopenssl_version = '0.15.1'