Fix deprecation warning

eandersson · Oct 13, 2024 · 2b03da7 · 2b03da7
1 parent 7fd5e10
commit 2b03da7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/amqpstorm/io.py b/amqpstorm/io.py
@@ -267,13 +267,14 @@ def _ssl_wrap_socket(self, sock):
             )
         hostname = self._parameters['hostname']
         context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+        context.check_hostname = self._parameters['ssl_options'].get(
+            'check_hostname', False
+        )
         mode = self._parameters['ssl_options'].get('verify_mode', 'none')
         if mode.lower() == 'required':
             context.verify_mode = ssl.CERT_REQUIRED
         else:
             context.verify_mode = ssl.CERT_NONE
-        check = self._parameters['ssl_options'].get('check_hostname', False)
-        context.check_hostname = check
         context.load_default_certs()
         return context.wrap_socket(sock, do_handshake_on_connect=True,
                                    server_hostname=hostname)

diff --git a/docker/files/openssl.cnf b/docker/files/openssl.cnf
@@ -40,16 +40,17 @@ x509_extensions = root_ca_extensions
 commonName = hostname
 
 [ root_ca_extensions ]
-basicConstraints = CA:true
+basicConstraints = critical, CA:TRUE
 keyUsage = keyCertSign, cRLSign
 
 [ client_ca_extensions ]
-basicConstraints = CA:false
-keyUsage = digitalSignature,keyEncipherment
+basicConstraints=critical, CA:TRUE
+keyUsage = critical, cRLSign, digitalSignature, keyCertSign
 extendedKeyUsage = 1.3.6.1.5.5.7.3.2
 
 [ server_ca_extensions ]
-basicConstraints = CA:false
-keyUsage = digitalSignature,keyEncipherment
+basicConstraints=critical, CA:TRUE
+keyUsage = critical, cRLSign, digitalSignature, keyCertSign
 extendedKeyUsage = 1.3.6.1.5.5.7.3.1
 subjectAltName = DNS:rmq.eandersson.net
+