[stdlib] Add default values part 2 (#14769)

stdlib/ssl.pyi

@@ -83,36 +83,6 @@ class SSLCertVerificationError(SSLError, ValueError):
 
 CertificateError = SSLCertVerificationError
 
-if sys.version_info < (3, 12):
-    @deprecated("Deprecated since Python 3.7; removed in Python 3.12. Use `SSLContext.wrap_socket()` instead.")
-    def wrap_socket(
-        sock: socket.socket,
-        keyfile: StrOrBytesPath | None = None,
-        certfile: StrOrBytesPath | None = None,
-        server_side: bool = False,
-        cert_reqs: int = ...,
-        ssl_version: int = ...,
-        ca_certs: str | None = None,
-        do_handshake_on_connect: bool = True,
-        suppress_ragged_eofs: bool = True,
-        ciphers: str | None = None,
-    ) -> SSLSocket: ...
-    @deprecated("Deprecated since Python 3.7; removed in Python 3.12.")
-    def match_hostname(cert: _PeerCertRetDictType, hostname: str) -> None: ...
-
-def cert_time_to_seconds(cert_time: str) -> int: ...
-
-if sys.version_info >= (3, 10):
-    def get_server_certificate(
-        addr: tuple[str, int], ssl_version: int = ..., ca_certs: str | None = None, timeout: float = ...
-    ) -> str: ...
-
-else:
-    def get_server_certificate(addr: tuple[str, int], ssl_version: int = ..., ca_certs: str | None = None) -> str: ...
-
-def DER_cert_to_PEM_cert(der_cert_bytes: ReadableBuffer) -> str: ...
-def PEM_cert_to_DER_cert(pem_cert_string: str) -> bytes: ...
-
 class DefaultVerifyPaths(NamedTuple):
     cafile: str
     capath: str
@@ -354,6 +324,40 @@ class SSLSocket(socket.socket):
         def get_verified_chain(self) -> list[bytes]: ...
         def get_unverified_chain(self) -> list[bytes]: ...
 
+if sys.version_info < (3, 12):
+    @deprecated("Deprecated since Python 3.7; removed in Python 3.12. Use `SSLContext.wrap_socket()` instead.")
+    def wrap_socket(
+        sock: socket.socket,
+        keyfile: StrOrBytesPath | None = None,
+        certfile: StrOrBytesPath | None = None,
+        server_side: bool = False,
+        cert_reqs: int = VerifyMode.CERT_NONE,
+        ssl_version: int = _SSLMethod.PROTOCOL_TLS,
+        ca_certs: str | None = None,
+        do_handshake_on_connect: bool = True,
+        suppress_ragged_eofs: bool = True,
+        ciphers: str | None = None,
+    ) -> SSLSocket: ...
+    @deprecated("Deprecated since Python 3.7; removed in Python 3.12.")
+    def match_hostname(cert: _PeerCertRetDictType, hostname: str) -> None: ...
+
+def cert_time_to_seconds(cert_time: str) -> int: ...
+def DER_cert_to_PEM_cert(der_cert_bytes: ReadableBuffer) -> str: ...
+def PEM_cert_to_DER_cert(pem_cert_string: str) -> bytes: ...
+
+if sys.version_info >= (3, 10):
+    def get_server_certificate(
+        addr: tuple[str, int],
+        ssl_version: int = _SSLMethod.PROTOCOL_TLS_CLIENT,
+        ca_certs: str | None = None,
+        timeout: float = ...,
+    ) -> str: ...
+
+else:
+    def get_server_certificate(
+        addr: tuple[str, int], ssl_version: int = _SSLMethod.PROTOCOL_TLS_CLIENT, ca_certs: str | None = None
+    ) -> str: ...
+
 class TLSVersion(enum.IntEnum):
     MINIMUM_SUPPORTED = -2
     MAXIMUM_SUPPORTED = -1
@@ -446,7 +450,7 @@ if sys.version_info >= (3, 10):
     def _create_unverified_context(
         protocol: int | None = None,
         *,
-        cert_reqs: int = ...,
+        cert_reqs: int = VerifyMode.CERT_NONE,
         check_hostname: bool = False,
         purpose: Purpose = Purpose.SERVER_AUTH,
         certfile: StrOrBytesPath | None = None,
@@ -460,7 +464,7 @@ else:
     def _create_unverified_context(
         protocol: int = ...,
         *,
-        cert_reqs: int = ...,
+        cert_reqs: int = VerifyMode.CERT_NONE,
         check_hostname: bool = False,
         purpose: Purpose = Purpose.SERVER_AUTH,
         certfile: StrOrBytesPath | None = None,