ssl.match_hostname() is deprecated
igor-mendix opened this issue · comments
ssl.match_hostname()
function used here:
is deprecated since Python 3.7, and is already absent in 3.12.
Is there any easy workaround for this? This is a problem running sslyze 5.2.0 on the latest Debian stable (12 aka Bookworm).
from sslyze.plugins.certificate_info._cert_chain_analyzer import (
File "/usr/lib/python3.12/site-packages/sslyze/plugins/certificate_info/_cert_chain_analyzer.py", line 3, in <module>
from ssl import CertificateError, match_hostname
ImportError: cannot import name 'match_hostname' from 'ssl' (/usr/lib/python3.12/ssl.py)
sslyze fails to start with python3_12. Please fix
a potential "quick" workaround is to use "https://pypi.org/project/backports.ssl_match_hostname/", but I'm not sure.
And it's like going backwards
there was the same issue in other project and I'd say there is a good solution: aiortc/aioquic#368
tl;dr
- urllib3 has a port of match_hostname (simple to incorporate)
- service-identity different implementation but seems to be more proper solution (a bit more complex to incorporate)
This might get solved by #638
Fixed in v6.0.0.