Merge pull request #35 from mbish/master

Move away from deprecated TLS socket wrapping

1 files changed, 10 insertions, 4 deletions

diff --git a/https_wrapper.py b/https_wrapper.py
index e6bdc36..2679aba 100644
--- a/https_wrapper.py
+++ b/https_wrapper.py
@@ -113,10 +113,16 @@ class CertValidatingHTTPSConnection(http_client.HTTPConnection):
                                          self.timeout)
     if self._tunnel_host:
       self._tunnel()
-    self.sock = ssl.wrap_socket(self.sock, keyfile=self.key_file,
-                                certfile=self.cert_file,
-                                cert_reqs=self.cert_reqs,
-                                ca_certs=self.ca_certs)
+
+    context = ssl.create_default_context()
+    context.load_verify_locations(cafile=self.ca_certs)
+
+    if self.cert_file:
+        context.load_cert_chain(self.cert_file, keyfile=self.key_file)
+
+    context.options = self.cert_reqs | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
+    self.sock = context.wrap_socket(self.sock, server_hostname=self.host)
+
     if self.cert_reqs & ssl.CERT_REQUIRED:
       cert = self.sock.getpeercert()
       cert_validation_host = self._tunnel_host or self.host