From 0e33315ea386aa13bfc53ad420fb8bf7bf9c9f29 Mon Sep 17 00:00:00 2001
From: Aaron Johnson <aaron.johnson@crowdstrike.com>
Date: Wed, 12 Feb 2025 13:24:38 -0600
Subject: [PATCH] python_maint: ssl.wrap_socket removed

---
 hetzner/util/http.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/hetzner/util/http.py b/hetzner/util/http.py
index a5e6789..3e24d03 100644
--- a/hetzner/util/http.py
+++ b/hetzner/util/http.py
@@ -63,8 +63,19 @@ def connect(self):
             ).encode('ascii'))
             ca_certs.flush()
             cafile = ca_certs.name
-        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
-                                    cert_reqs=ssl.CERT_REQUIRED,
-                                    ca_certs=cafile)
+
+        context = ssl.create_default_context(cafile=cafile)
+        context.check_hostname = True
+        context.verify_mode = ssl.CERT_REQUIRED
+
+        key_file = getattr(self, 'key_file', None)
+        cert_file = getattr(self, 'cert_file', None)
+
+        if key_file and cert_file:
+            context.load_cert_chain(cert_file, key_file)
+
+        hostname = self.host
+        self.sock = context.wrap_socket(sock, server_hostname=hostname)
+
         if bundle is None:
             ca_certs.close()