From 25d2cb535a8e5b6bf52dce01dce626db9d0a74c7 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <nick@koston.org>
Date: Sun, 17 Sep 2023 18:20:51 -0500
Subject: [PATCH] Update ssl context construction for py3.12 compatibility
 (#72)

* Update ssl context construction for py3.12 compatibility

* Update ssl context construction for py3.12 compatibility
---
 elkm1_lib/util.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/elkm1_lib/util.py b/elkm1_lib/util.py
index f799924..01ee328 100644
--- a/elkm1_lib/util.py
+++ b/elkm1_lib/util.py
@@ -32,11 +32,13 @@ def ssl_context_for_scheme(scheme: str) -> ssl.SSLContext:
     Since ssl context is expensive to create, cache it
     for future use since we only have a few schemes.
     """
-    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
     if tls := TLS_VERSIONS.get(scheme):
         ssl_context.minimum_version = tls
         ssl_context.maximum_version = tls
 
+    ssl_context.check_hostname = False
+    ssl_context.verify_mode = ssl.CERT_NONE
     ssl_context.set_ciphers("DEFAULT:@SECLEVEL=0")
 
     # ssl.OP_LEGACY_SERVER_CONNECT is only available in Python 3.12a4+