[networking] Respect SSLKEYLOGFILE environment variable (#9543)

Authored by: luiso1979
This commit is contained in:
luiso1979 2024-04-08 21:53:30 +02:00 committed by GitHub
parent df0e138fc0
commit 79a451e576
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -2,6 +2,7 @@
import contextlib import contextlib
import functools import functools
import os
import socket import socket
import ssl import ssl
import sys import sys
@ -121,6 +122,9 @@ def make_ssl_context(
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.check_hostname = verify context.check_hostname = verify
context.verify_mode = ssl.CERT_REQUIRED if verify else ssl.CERT_NONE context.verify_mode = ssl.CERT_REQUIRED if verify else ssl.CERT_NONE
# OpenSSL 1.1.1+ Python 3.8+ keylog file
if hasattr(context, 'keylog_filename'):
context.keylog_filename = os.environ.get('SSLKEYLOGFILE')
# Some servers may reject requests if ALPN extension is not sent. See: # Some servers may reject requests if ALPN extension is not sent. See:
# https://github.com/python/cpython/issues/85140 # https://github.com/python/cpython/issues/85140