Hi Pere,

I have a slightly different patch. I have been able to eliminate the error and also replace the old method with new one while keeping all the old behavior. I have tested that it was able to connect successfully to the server. However, I don't have credits in my account. Please help test it further. If it looks good, we can make a release of the package.

Thank you,

--
Sunil
diff --git a/sockschain/__init__.py b/sockschain/__init__.py
index 0849fdf..0794d8d 100755
--- a/sockschain/__init__.py
+++ b/sockschain/__init__.py
@@ -196,23 +196,23 @@ except ImportError:
                         verify_names=None):
             if DEBUG: DEBUG('*** TLS is provided by native Python ssl')
             reqs = (verify_names and ssl.CERT_REQUIRED or ssl.CERT_NONE)
+
+            context = ssl.SSLContext(protocol=ctx.method)
+            context.verify_mode = reqs
+            context.load_verify_locations(cafile=ctx.ca_certs)
+            if ctx.certchain_file:
+                context.load_cert_chain(certfile=ctx.certchain_file,
+                                        keyfile=ctx.privatekey_file)
+
             try:
-                fd = ssl.wrap_socket(sock, keyfile=ctx.privatekey_file,
-                                           certfile=ctx.certchain_file,
-                                           cert_reqs=reqs,
-                                           ca_certs=ctx.ca_certs,
-                                           do_handshake_on_connect=False,
-                                           ssl_version=ctx.method,
-                                           ciphers=ctx.ciphers,
-                                           server_side=server_side)
-            except:
-                fd = ssl.wrap_socket(sock, keyfile=ctx.privatekey_file,
-                                           certfile=ctx.certchain_file,
-                                           cert_reqs=reqs,
-                                           ca_certs=ctx.ca_certs,
-                                           do_handshake_on_connect=False,
-                                           ssl_version=ctx.method,
-                                           server_side=server_side)
+                if ctx.ciphers:
+                    context.set_ciphers(ctx.ciphers)
+            except ssl.SSLError:
+                if DEBUG: DEBUG('No cipher could be selected')
+
+            fd = context.wrap_socket(sock,
+                                     do_handshake_on_connect=False,
+                                     server_side=server_side)
 
             if verify_names:
                 fd.do_handshake()

Attachment: OpenPGP_0x36C361440C9BC971.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to