Change direct SSLSocket instantiation with wrap_socket (celery#215)

jkgenser · Nov 6, 2018 · 88794b4 · 88794b4
1 parent 6bb93e3
commit 88794b4
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/amqp/transport.py b/amqp/transport.py
@@ -341,11 +341,16 @@ def _wrap_socket_sni(self, sock, keyfile=None, certfile=None,
                 opts['ssl_version'] = ssl.PROTOCOL_TLS
             else:
                 opts['ssl_version'] = ssl.PROTOCOL_SSLv23
+        sock = ssl.wrap_socket(**opts)
         # Set SNI headers if supported
         if (server_hostname is not None) and (
-                hasattr(ssl, 'HAS_SNI') and ssl.HAS_SNI):
-            opts['server_hostname'] = server_hostname
-        sock = ssl.SSLSocket(**opts)
+                hasattr(ssl, 'HAS_SNI') and ssl.HAS_SNI) and (
+                hasattr(ssl, 'SSLContext')):
+            context = ssl.SSLContext(opts['ssl_version'])
+            context.verify_mode = cert_reqs
+            context.check_hostname = True
+            context.load_cert_chain(certfile, keyfile)
+            sock = context.wrap_socket(sock, server_hostname=server_hostname)
         return sock
 
     def _shutdown_transport(self):