Remove ssl_version field from client to fix more dependency warnings (#10)

bnoonan-cloudian · web-flow · commit cac7bc12877d · 2025-09-18T13:05:24.000+01:00
diff --git a/kmip/pie/client.py b/kmip/pie/client.py
@@ -60,7 +60,6 @@ def __init__(self,
                  cert=None,
                  key=None,
                  ca=None,
-                 ssl_version=None,
                  username=None,
                  password=None,
                  config='client',
@@ -81,9 +80,6 @@ def __init__(self,
                 Optional, defaults to None.
             ca (string): The path to the CA certificate used to verify the
                 server's certificate. Optional, defaults to None.
-            ssl_version (string): The name of the ssl version to use for the
-                connection. Example: 'PROTOCOL_SSLv23'. Optional, defaults to
-                None.
             username (string): The username of the KMIP appliance account to
                 use for operations. Optional, defaults to None.
             password (string): The password of the KMIP appliance account to
@@ -112,7 +108,6 @@ def __init__(self,
             certfile=cert,
             keyfile=key,
             ca_certs=ca,
-            ssl_version=ssl_version,
             username=username,
             password=password,
             config=config,
diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py
@@ -77,7 +77,7 @@ class KMIPProxy(object):
 
     def __init__(self, host=None, port=None, keyfile=None,
                  certfile=None,
-                 cert_reqs=None, ssl_version=None, ca_certs=None,
+                 cert_reqs=None, ca_certs=None,
                  do_handshake_on_connect=None,
                  suppress_ragged_eofs=None,
                  username=None, password=None, timeout=30, config='client',
@@ -109,7 +109,7 @@ def __init__(self, host=None, port=None, keyfile=None,
                 )
 
         self._set_variables(host, port, keyfile, certfile,
-                            cert_reqs, ssl_version, ca_certs,
+                            cert_reqs, ca_certs,
                             do_handshake_on_connect, suppress_ragged_eofs,
                             username, password, timeout, config_file)
         self.batch_items = []
@@ -254,9 +254,6 @@ def open(self):
         self.logger.debug(
             "KMIPProxy cert_reqs: {0} (CERT_REQUIRED: {1})".format(
                 self.cert_reqs, ssl.CERT_REQUIRED))
-        self.logger.debug(
-            "KMIPProxy ssl_version: {0} (PROTOCOL_SSLv23: {1})".format(
-                self.ssl_version, ssl.PROTOCOL_SSLv23))
         self.logger.debug("KMIPProxy ca_certs: {0}".format(self.ca_certs))
         self.logger.debug("KMIPProxy do_handshake_on_connect: {0}".format(
             self.do_handshake_on_connect))
@@ -285,12 +282,13 @@ def open(self):
             six.reraise(*last_error)
 
     def _create_socket(self, sock):
-        context = ssl.SSLContext(self.ssl_version)
+        context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
         context.load_cert_chain(
             keyfile=self.keyfile,
             certfile=self.certfile)
         context.verify_mode = self.cert_reqs
         context.load_verify_locations(cafile=self.ca_certs)
+        context.check_hostname = False
         self.socket = context.wrap_socket(
             sock,
             do_handshake_on_connect=self.do_handshake_on_connect,
@@ -1737,7 +1735,7 @@ def _send_and_receive_message(self, request):
         return response
 
     def _set_variables(self, host, port, keyfile, certfile,
-                       cert_reqs, ssl_version, ca_certs,
+                       cert_reqs, ca_certs,
                        do_handshake_on_connect, suppress_ragged_eofs,
                        username, password, timeout, config_file):
         conf = ConfigHelper(config_file)
@@ -1762,9 +1760,6 @@ def _set_variables(self, host, port, keyfile, certfile,
         self.cert_reqs = getattr(ssl, conf.get_valid_value(
             cert_reqs, self.config, 'cert_reqs', 'CERT_REQUIRED'))
 
-        self.ssl_version = getattr(ssl, conf.get_valid_value(
-            ssl_version, self.config, 'ssl_version', conf.DEFAULT_SSL_VERSION))
-
         self.ca_certs = conf.get_valid_value(
             ca_certs, self.config, 'ca_certs', conf.DEFAULT_CA_CERTS)
 
diff --git a/kmip/tests/unit/services/test_kmip_client.py b/kmip/tests/unit/services/test_kmip_client.py
@@ -709,7 +709,6 @@ def test_host_list_import_string(self):
             keyfile=None,
             certfile=None,
             cert_reqs=None,
-            ssl_version=None,
             ca_certs=None,
             do_handshake_on_connect=False,
             suppress_ragged_eofs=None,
@@ -729,7 +728,7 @@ def test_host_is_invalid_input(self):
         expected_error = TypeError
 
         kwargs = {'host': host, 'port': None, 'keyfile': None,
-                  'certfile': None, 'cert_reqs': None, 'ssl_version': None,
+                  'certfile': None, 'cert_reqs': None,
                   'ca_certs': None, 'do_handshake_on_connect': False,
                   'suppress_ragged_eofs': None, 'username': None,
                   'password': None, 'timeout': None}
