From d76ecc4fb7c2bf6cef93bcf170ef90b425cb70f9 Mon Sep 17 00:00:00 2001
From: Alex Robbins <alexdotrobbins@gmail.com>
Date: Tue, 22 Aug 2017 17:08:35 -0500
Subject: [PATCH] ssl: Wrap ussl.wrap_socket().

Arguments whose values are the default are not passed to ussl, because
many arguments are not accepted by current ussl implementations, even
if the desired behavior is the same as when they are omitted.
---
 ssl/ssl.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/ssl/ssl.py b/ssl/ssl.py
index e3273cdb..eb7b71e4 100644
--- a/ssl/ssl.py
+++ b/ssl/ssl.py
@@ -1,6 +1,28 @@
 from ussl import *
+import ussl as _ussl
 
 # Constants
 for sym in "CERT_NONE", "CERT_OPTIONAL", "CERT_REQUIRED":
     if sym not in globals():
         globals()[sym] = object()
+
+
+def wrap_socket(sock, keyfile=None, certfile=None, server_side=False,
+                cert_reqs=CERT_NONE, *, ca_certs=None, server_hostname=None):
+    # TODO: More arguments accepted by CPython could also be handled here.
+    # That would allow us to accept ca_certs as a positional argument, which
+    # we should.
+    kw = {}
+    if keyfile is not None:
+        kw["keyfile"] = keyfile
+    if certfile is not None:
+        kw["certfile"] = certfile
+    if server_side is not False:
+        kw["server_side"] = server_side
+    if cert_reqs is not CERT_NONE:
+        kw["cert_reqs"] = cert_reqs
+    if ca_certs is not None:
+        kw["ca_certs"] = ca_certs
+    if server_hostname is not None:
+        kw["server_hostname"] = server_hostname
+    return _ussl.wrap_socket(sock, **kw)