We read every piece of feedback, and take your input very seriously.
1 parent 0cc98b5 commit a751670Copy full SHA for a751670
CHANGES.txt
@@ -11,6 +11,7 @@ Full release notes:
11
v8.2.0
12
======
13
14
+- WL#15664: Add support for Python 3.12
15
- WL#15623: Improve the authentication module
16
- WL#15218: Support WebAuthn authentication
17
- BUG#35547876: C/Python 8.1.0 type check build fails in the pb2 branch
lib/mysql/connector/network.py
@@ -31,7 +31,6 @@
31
"""Module implementing low-level socket communication with MySQL servers.
32
"""
33
34
-import os
35
import socket
36
import struct
37
import warnings
@@ -507,35 +506,6 @@ def switch_to_ssl(self, ssl_context: Any, host: str) -> None:
507
506
508
try:
509
self.sock = ssl_context.wrap_socket(self.sock, server_hostname=host)
510
- if ssl_context.check_hostname:
511
- hostnames = [host] if host else []
512
- if os.name == "nt" and host == "localhost":
513
- hostnames = ["localhost", "127.0.0.1"]
514
- aliases = socket.gethostbyaddr(host)
515
- hostnames.extend([aliases[0]] + aliases[1])
516
- match_found = False
517
- errs = []
518
- for hostname in hostnames:
519
- try:
520
- # Deprecated in Python 3.7 without a replacement and
521
- # should be removed in the future, since OpenSSL now
522
- # performs hostname matching
523
- # pylint: disable=deprecated-method
524
- ssl.match_hostname(
525
- self.sock.getpeercert(), # type: ignore[union-attr]
526
- hostname,
527
- )
528
- # pylint: enable=deprecated-method
529
- except ssl.CertificateError as err:
530
- errs.append(str(err))
531
- else:
532
- match_found = True
533
- break
534
- if not match_found:
535
- self.sock.close()
536
- raise InterfaceError(
537
- f"Unable to verify server identity: {', '.join(errs)}"
538
539
except NameError as err:
540
raise NotSupportedError("Python installation has no SSL support") from err
541
except (ssl.SSLError, IOError) as err:
@@ -602,6 +572,7 @@ def build_ssl_context(
602
572
if "TLSv1" not in tls_versions:
603
573
context.options |= ssl.OP_NO_TLSv1
604
574
else:
575
+ # `check_hostname` is True by default
605
576
context = ssl.create_default_context()
606
577
607
578
context.check_hostname = ssl_verify_identity
lib/mysqlx/connection.py
@@ -366,11 +366,12 @@ def set_ssl(
366
raise RuntimeError("Python installation has no SSL support")
367
368
if ssl_protos is None or not ssl_protos:
369
370
371
if ssl_mode != SSLMode.VERIFY_IDENTITY:
372
context.check_hostname = False
- if ssl_mode == SSLMode.REQUIRED:
373
- context.verify_mode = ssl.CERT_NONE
+ if ssl_mode == SSLMode.REQUIRED:
374
+ context.verify_mode = ssl.CERT_NONE
375
376
ssl_protos.sort(reverse=True)
377
tls_version = ssl_protos[0]
@@ -391,6 +392,8 @@ def set_ssl(
391
392
if "TLSv1" not in ssl_protos:
393
394
395
+ context.check_hostname = ssl_mode == SSLMode.VERIFY_IDENTITY
396
+
397
if ssl_ca:
398
399
context.load_verify_locations(ssl_ca)
@@ -422,34 +425,6 @@ def set_ssl(
422
425
self._socket = context.wrap_socket(self._socket, server_hostname=self._host)
423
426
except ssl.CertificateError as err:
424
427
raise InterfaceError(f"{err}") from err
- if ssl_mode == SSLMode.VERIFY_IDENTITY:
- context.check_hostname = True
- hostnames = []
428
- # Windows does not return loopback aliases on gethostbyaddr
429
- if os.name == "nt" and self._host in ("localhost", "127.0.0.1"):
430
431
- aliases = socket.gethostbyaddr(self._host)
432
433
434
435
436
437
438
439
440
441
- ssl.match_hostname(self._socket.getpeercert(), hostname)
442
443
444
445
446
447
448
449
- self.close()
450
451
452
453
454
self._is_ssl = True
455
setup.py
@@ -129,6 +129,7 @@
129
"Programming Language :: Python :: 3.9",
130
"Programming Language :: Python :: 3.10",
131
"Programming Language :: Python :: 3.11",
132
+ "Programming Language :: Python :: 3.12",
133
"Topic :: Database",
134
"Topic :: Software Development",
135
"Topic :: Software Development :: Libraries :: Application Frameworks",