From e583661916df95c32f0a2d85978476d04f407443 Mon Sep 17 00:00:00 2001
From: Ethan Kerdelhue <ethan.kerdelhue@epitech.eu>
Date: Sun, 14 Sep 2025 20:34:39 +0200
Subject: [PATCH] Refactor SSL socket wrapping in ValidatedHTTPSConnection

Updated the SSL socket wrapping mechanism to use ssl.create_default_context() for improved security and maintainability. The previous method of wrapping the socket has been replaced with a context that loads verification locations if a CA file is provided.
---
 hetzner/util/http.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hetzner/util/http.py b/hetzner/util/http.py
index a5e6789..e0e9761 100644
--- a/hetzner/util/http.py
+++ b/hetzner/util/http.py
@@ -63,8 +63,9 @@ def connect(self):
             ).encode('ascii'))
             ca_certs.flush()
             cafile = ca_certs.name
-        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
-                                    cert_reqs=ssl.CERT_REQUIRED,
-                                    ca_certs=cafile)
+        context = ssl.create_default_context()
+        if cafile:
+            context.load_verify_locations(cafile)
+        self.sock = context.wrap_socket(sock, server_hostname=self.host)
         if bundle is None:
             ca_certs.close()