PYTHON-2162 Remove support for ssl* URI options #706
Conversation
PYTHON-2162 Remove support for ssl* URI options Removed ssl_pem_passphrase_option
prashantmital
changed the title
| @@ -585,18 +584,11 @@ def validate_tzinfo(dummy, value): | |||
|
|
|||
|
|
|||
| # Dictionary where keys are the names of public URI options, and values | |||
| # are lists of aliases for that option. Aliases of option names are assumed | |||
| # to have been deprecated. | |||
| # are lists of aliases for that option. | |||
| URI_OPTIONS_ALIAS_MAP = { | |||
| 'journal': ['j'], | |||
| 'wtimeoutms': ['wtimeout'], | |||
| 'tls': ['ssl'], | |||
There was a problem hiding this comment.
Should we remove ssl here (and INTERNAL_URI_OPTION_NAME_MAP) as well?
There was a problem hiding this comment.
I think the decision was made to keep ssl indefinitely since we never deprecated it? Do you think we should deprecate it in the next 3.x release and remove?
There was a problem hiding this comment.
Note also that the follow up PR to this will be a better place remove this kind of bookkeeping code as that PR will get rid of all remaining options that have been deprecated in 3.x
There was a problem hiding this comment.
Do you think we should deprecate it in the next 3.x release and remove?
I think you're right that we should keep it. The URI-options spec still has ssl and doesn't say to remove it. It might be helpful to ask other drivers what their plan is.
pymongo/client_options.py
Outdated
| # Implicitly enable TLS when one of the tls* options is set. | ||
| use_tls = True | ||
|
|
||
| if use_tls is True: |
pymongo/ssl_support.py
Outdated
| verify_mode = CERT_REQUIRED if cert_reqs is None else cert_reqs | ||
| allow_invalid_hostnames, | ||
| disable_ocsp_endpoint_check) = args | ||
| if allow_invalid_certificates is True: |
There was a problem hiding this comment.
allow_invalid_certificates is True -> allow_invalid_certificates
There was a problem hiding this comment.
Changed to a one-liner:
verify_mode = CERT_NONE if allow_invalid_certificates else CERT_REQUIRED
pymongo/client_options.py
Outdated
| for opt in ('tlsallowinvalidcertificates', 'tlsallowinvalidhostnames', | ||
| 'tlsdisableocspendpointcheck'): | ||
| # A value of False for these options implies tls=True. | ||
| if opt in options and options[opt] is False: |
There was a problem hiding this comment.
Is is False needed or can this be and not options[opt]?
There was a problem hiding this comment.
Changed to and not options[opt]
pymongo/client_options.py
Outdated
| enabled_tls_opts.append(opt) | ||
|
|
||
| if enabled_tls_opts: | ||
| if use_tls is False: |
There was a problem hiding this comment.
Suggest switching the order of the this if so we can replace the use_tls is False with not use_tls.
|
Did you run the pyopenssl tests as well? |
No description provided.