3939 stacklevel = 2 ,
4040 )
4141try :
42- import pymongo .ssl_context as _ssl
42+ import pymongo .ssl_context as _stdssl
4343except ImportError :
4444 HAVE_SSL = False
4545
5555 IPADDR_SAFE = True
5656
5757 if HAVE_PYSSL :
58- HAS_SNI = _pyssl .HAS_SNI | _ssl .HAS_SNI
58+ HAS_SNI = _pyssl .HAS_SNI | _stdssl .HAS_SNI
5959 PYSSLError : Any = _pyssl .SSLError
60- BLOCKING_IO_ERRORS : tuple = _pyssl .BLOCKING_IO_ERRORS + _ssl .BLOCKING_IO_ERRORS
61- BLOCKING_IO_READ_ERROR : tuple = (_pyssl .BLOCKING_IO_READ_ERROR , _ssl .BLOCKING_IO_READ_ERROR )
60+ BLOCKING_IO_ERRORS : tuple = _pyssl .BLOCKING_IO_ERRORS + _stdssl .BLOCKING_IO_ERRORS
61+ BLOCKING_IO_READ_ERROR : tuple = (
62+ _pyssl .BLOCKING_IO_READ_ERROR ,
63+ _stdssl .BLOCKING_IO_READ_ERROR ,
64+ )
6265 BLOCKING_IO_WRITE_ERROR : tuple = (
6366 _pyssl .BLOCKING_IO_WRITE_ERROR ,
64- _ssl .BLOCKING_IO_WRITE_ERROR ,
67+ _stdssl .BLOCKING_IO_WRITE_ERROR ,
6568 )
6669 else :
67- HAS_SNI = _ssl .HAS_SNI
68- PYSSLError = _ssl .SSLError
69- BLOCKING_IO_ERRORS = _ssl .BLOCKING_IO_ERRORS
70- BLOCKING_IO_READ_ERROR = (_ssl .BLOCKING_IO_READ_ERROR ,)
71- BLOCKING_IO_WRITE_ERROR = (_ssl .BLOCKING_IO_WRITE_ERROR ,)
72- SSLError = _ssl .SSLError
70+ HAS_SNI = _stdssl .HAS_SNI
71+ PYSSLError = _stdssl .SSLError
72+ BLOCKING_IO_ERRORS = _stdssl .BLOCKING_IO_ERRORS
73+ BLOCKING_IO_READ_ERROR = (_stdssl .BLOCKING_IO_READ_ERROR ,)
74+ BLOCKING_IO_WRITE_ERROR = (_stdssl .BLOCKING_IO_WRITE_ERROR ,)
75+ SSLError = _stdssl .SSLError
7376 BLOCKING_IO_LOOKUP_ERROR = BLOCKING_IO_READ_ERROR
7477
7578 def get_ssl_context (
@@ -81,14 +84,14 @@ def get_ssl_context(
8184 allow_invalid_hostnames : bool ,
8285 disable_ocsp_endpoint_check : bool ,
8386 is_sync : bool ,
84- ) -> Union [_pyssl .SSLContext , _ssl .SSLContext ]: # type: ignore[name-defined]
87+ ) -> Union [_pyssl .SSLContext , _stdssl .SSLContext ]: # type: ignore[name-defined]
8588 """Create and return an SSLContext object."""
8689 if is_sync and HAVE_PYSSL :
87- ssl_in_use : types .ModuleType = _pyssl
90+ _ssl : types .ModuleType = _pyssl
8891 else :
89- ssl_in_use = _ssl
92+ _ssl = _stdssl
9093 verify_mode = CERT_NONE if allow_invalid_certificates else CERT_REQUIRED
91- ctx = ssl_in_use .SSLContext (ssl_in_use .PROTOCOL_SSLv23 )
94+ ctx = _ssl .SSLContext (_ssl .PROTOCOL_SSLv23 )
9295 if verify_mode != CERT_NONE :
9396 ctx .check_hostname = not allow_invalid_hostnames
9497 else :
@@ -100,20 +103,20 @@ def get_ssl_context(
100103 # up to date versions of MongoDB 2.4 and above already disable
101104 # SSLv2 and SSLv3, python disables SSLv2 by default in >= 2.7.7
102105 # and >= 3.3.4 and SSLv3 in >= 3.4.3.
103- ctx .options |= ssl_in_use .OP_NO_SSLv2
104- ctx .options |= ssl_in_use .OP_NO_SSLv3
105- ctx .options |= ssl_in_use .OP_NO_COMPRESSION
106- ctx .options |= ssl_in_use .OP_NO_RENEGOTIATION
106+ ctx .options |= _ssl .OP_NO_SSLv2
107+ ctx .options |= _ssl .OP_NO_SSLv3
108+ ctx .options |= _ssl .OP_NO_COMPRESSION
109+ ctx .options |= _ssl .OP_NO_RENEGOTIATION
107110 if certfile is not None :
108111 try :
109112 ctx .load_cert_chain (certfile , None , passphrase )
110- except ssl_in_use .SSLError as exc :
113+ except _ssl .SSLError as exc :
111114 raise ConfigurationError (f"Private key doesn't match certificate: { exc } ) from None
112115 if crlfile is not None :
113- if ssl_in_use .IS_PYOPENSSL :
116+ if _ssl .IS_PYOPENSSL :
114117 raise ConfigurationError ("tlsCRLFile cannot be used with PyOpenSSL" )
115118 # Match the server's behavior.
116- ctx .verify_flags = getattr (ssl_in_use , "VERIFY_CRL_CHECK_LEAF" , 0 )
119+ ctx .verify_flags = getattr (_ssl , "VERIFY_CRL_CHECK_LEAF" , 0 )
117120 ctx .load_verify_locations (crlfile )
118121 if ca_certs is not None :
119122 ctx .load_verify_locations (ca_certs )
0 commit comments