Replace ssl.wrap_socket() for tests

The ssl.wrap_socket() function was deprecated in Python 3.7 and is
removed in Python 3.12.  The ssl.SSLContext.wrap_socket() method
replaces it.

Bump the required Python version for tests to 3.4 for
ssl.create_default_context().

[ghudson@mit.edu: changed minimum Python version]

diff --git a/src/configure.ac b/src/configure.ac
index 77be7a20257ad841ef9923bd34f79988c7167fba..ca57e8a6e5d4d211a312357078069ec49d2cc8e0 100644 (file)
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -1157,10 +1157,9 @@ AC_SUBST(PKINIT)
 # for lib/apputils
 AC_REPLACE_FUNCS(daemon)
 
-# For Python tests.  Python version 3.2.4 is required as prior
-# versions do not accept string input to subprocess.Popen.communicate
-# when universal_newlines is set.
-PYTHON_MINVERSION=3.2.4
+# For Python tests.  Python version 3.4 is required for
+# ssl.create_default_context().
+PYTHON_MINVERSION=3.4
 AC_SUBST(PYTHON_MINVERSION)
 AC_CHECK_PROG(PYTHON,python3,python3)
 if test x"$PYTHON" = x; then
@@ -1168,7 +1167,7 @@ if test x"$PYTHON" = x; then
 fi
 HAVE_PYTHON=no
 if test x"$PYTHON" != x; then
-       wantver="(sys.hexversion >= 0x30204F0)"
+       wantver="(sys.hexversion >= 0x30400F0)"
        if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
                HAVE_PYTHON=yes
        fi

diff --git a/src/util/wsgiref-kdcproxy.py b/src/util/wsgiref-kdcproxy.py
index 58759696b649bb3f0c7c7a287a12104552e3ce1c..d1d10d733c8b9f77c52874fb71684d7e8682be95 100755 (executable)
--- a/src/util/wsgiref-kdcproxy.py
+++ b/src/util/wsgiref-kdcproxy.py
@@ -14,6 +14,8 @@ else:
     pem = '*'
 
 server = make_server('localhost', port, kdcproxy.Application())
-server.socket = ssl.wrap_socket(server.socket, certfile=pem, server_side=True)
+sslctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+sslctx.load_cert_chain(certfile=pem)
+server.socket = sslctx.wrap_socket(server.socket, server_side=True)
 os.write(sys.stdout.fileno(), b'proxy server ready\n')
 server.serve_forever()