Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-32008: Prefer client or TLSv1_2 in examples #5797

Merged
merged 3 commits into from
Sep 12, 2019
Merged

bpo-32008: Prefer client or TLSv1_2 in examples #5797

merged 3 commits into from
Sep 12, 2019

Conversation

tiran
Copy link
Member

@tiran tiran commented Feb 21, 2018
edited by bedevere-bot
Loading

@tiran tiran requested a review from benjaminp February 21, 2018 10:01
benjaminp
benjaminp reviewed Feb 22, 2018
View reviewed changes
Copy link
Contributor

@benjaminp benjaminp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have some nits.

Doc/library/ssl.rst Show resolved Hide resolved
Doc/library/ssl.rst Outdated Show resolved Hide resolved
Doc/library/ssl.rst Outdated Show resolved Hide resolved
Doc/library/ssl.rst Outdated
matches the hostname. Both setting ensure that the server certificate
was signed with one of the CA certificates and is a valid certificate
for the given server name. The :data:`PROTOCOL_TLS_CLIENT` protocol
configures the context for cert and hostname verification. All
Copy link
Contributor

@benjaminp benjaminp Feb 22, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence seems like it should be the first on in the paragraph, since it's explaining the previous lines of code.

Doc/library/ssl.rst Outdated
was signed with one of the CA certificates and is a valid certificate
for the given server name. The :data:`PROTOCOL_TLS_CLIENT` protocol
configures the context for cert and hostname verification. All
remaining protocols are insecure by default::
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the words before the colon aren't really explaining the next lines of code anymore.

I'm not sure this paragraph is very helpful anymore, since it's talking about two attributes that aren't used in the example at all.

@tiran
Copy link
Member Author

tiran commented Feb 26, 2018

@benjaminp I'll reply after the b2 is out.

@ned-deily
Copy link
Member

@tiran, ping

@vstinner
Copy link
Member

I removed the " needs backport to 3.6" label, the 3.6 branch no longer accept bugfixes (only security fixes are accepted): https://devguide.python.org/#status-of-python-branches

@matrixise matrixise added the docs Documentation in the Doc dir label May 15, 2019
@JulienPalard
Copy link
Member

@tiran, ping

@tiran tiran added the needs backport to 3.8 only security fixes label Sep 10, 2019
benjaminp
benjaminp approved these changes Sep 11, 2019
View reviewed changes
Doc/library/ssl.rst Outdated
@@ -130,6 +130,7 @@ purposes.
:meth:`SSLContext.load_verify_locations`. If all three are
:const:`None`, this function can choose to trust the system's default
CA certificates instead.
CA certificates instead.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mistake?

Doc/library/ssl.rst Outdated
and :attr:`~SSLContext.check_hostname` validate the server certificate: it
ensures that the server certificate was signed with one of the CA
certificates, checks the signature for correctness, and verifies other
properties like validity and identity of the host::
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be hostname I think

matrixise
matrixise approved these changes Sep 12, 2019
View reviewed changes
Copy link
Member

@matrixise matrixise left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @tiran and thank you to @benjaminp for the review.

@matrixise matrixise merged commit 894d0f7 into python:master Sep 12, 2019
@miss-islington
Copy link
Contributor

Thanks @tiran for the PR, and @matrixise for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry @tiran and @matrixise, I had trouble checking out the 3.8 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 894d0f7d5542ee04556ec1bee8c58506f7c916d4 3.8

@bedevere-bot
Copy link

GH-16026 is a backport of this pull request to the 3.7 branch.

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 12, 2019
@tiran @miss-islington
bpo-32008: Prefer client or TLSv1_2 in examples (pythonGH-5797)
37ec653 
Prefer client or TLSv1_2 in examples

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 894d0f7)

Co-authored-by: Christian Heimes <christian@python.org>
@bedevere-bot bedevere-bot removed the needs backport to 3.8 only security fixes label Sep 12, 2019
@bedevere-bot
Copy link

GH-16027 is a backport of this pull request to the 3.8 branch.

matrixise pushed a commit to matrixise/cpython that referenced this pull request Sep 12, 2019
@tiran @matrixise
[3.8] bpo-32008: Prefer client or TLSv1_2 in examples (pythonGH-5797)
9a4357b 
Prefer client or TLSv1_2 in examples

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 894d0f7)

Co-authored-by: Christian Heimes <christian@python.org>
matrixise pushed a commit that referenced this pull request Sep 12, 2019
@miss-islington @tiran @matrixise
bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) (GH-16026)
07b4148 
Prefer client or TLSv1_2 in examples

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 894d0f7)

Co-authored-by: Christian Heimes <christian@python.org>
matrixise added a commit that referenced this pull request Sep 12, 2019
@matrixise @tiran
[3.8] bpo-32008: Prefer client or TLSv1_2 in examples (GH-5797) (GH-1…
1fc84b6 
…6027)

Prefer client or TLSv1_2 in examples

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 894d0f7)

Co-authored-by: Christian Heimes <christian@python.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matrixise matrixise matrixise approved these changes

@benjaminp benjaminp benjaminp approved these changes

@JulienPalard JulienPalard Awaiting requested review from JulienPalard

Assignees

@matrixise matrixise

Labels
docs Documentation in the Doc dir skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@tiran @ned-deily @vstinner @JulienPalard @miss-islington @bedevere-bot @matrixise @benjaminp @the-knights-who-say-ni