From fd5c6d4571e18701b3d61a9f3cc262fd541f8f5f Mon Sep 17 00:00:00 2001
From: Semyon Moroz <donbarbos@proton.me>
Date: Sun, 27 Jul 2025 10:40:10 +0000
Subject: [PATCH] [ssl] Add missing default values (#14472)

* Move few functions to be able to use variables as default value
* Unify deprecated messages
---
 stdlib/ssl.pyi | 86 ++++++++++++++++++++++++--------------------------
 1 file changed, 42 insertions(+), 44 deletions(-)

diff --git a/stdlib/ssl.pyi b/stdlib/ssl.pyi
index 84d844788..ac90f975a 100644
--- a/stdlib/ssl.pyi
+++ b/stdlib/ssl.pyi
@@ -93,46 +93,6 @@ if sys.version_info < (3, 12):
         suppress_ragged_eofs: bool = True,
         ciphers: str | None = None,
     ) -> SSLSocket: ...
-
-def create_default_context(
-    purpose: Purpose = ...,
-    *,
-    cafile: StrOrBytesPath | None = None,
-    capath: StrOrBytesPath | None = None,
-    cadata: str | ReadableBuffer | None = None,
-) -> SSLContext: ...
-
-if sys.version_info >= (3, 10):
-    def _create_unverified_context(
-        protocol: int | None = None,
-        *,
-        cert_reqs: int = ...,
-        check_hostname: bool = False,
-        purpose: Purpose = ...,
-        certfile: StrOrBytesPath | None = None,
-        keyfile: StrOrBytesPath | None = None,
-        cafile: StrOrBytesPath | None = None,
-        capath: StrOrBytesPath | None = None,
-        cadata: str | ReadableBuffer | None = None,
-    ) -> SSLContext: ...
-
-else:
-    def _create_unverified_context(
-        protocol: int = ...,
-        *,
-        cert_reqs: int = ...,
-        check_hostname: bool = False,
-        purpose: Purpose = ...,
-        certfile: StrOrBytesPath | None = None,
-        keyfile: StrOrBytesPath | None = None,
-        cafile: StrOrBytesPath | None = None,
-        capath: StrOrBytesPath | None = None,
-        cadata: str | ReadableBuffer | None = None,
-    ) -> SSLContext: ...
-
-_create_default_https_context: Callable[..., SSLContext]
-
-if sys.version_info < (3, 12):
     @deprecated("Deprecated since Python 3.7. Removed in Python 3.12.")
     def match_hostname(cert: _PeerCertRetDictType, hostname: str) -> None: ...
 
@@ -372,7 +332,7 @@ class SSLSocket(socket.socket):
     def get_channel_binding(self, cb_type: str = "tls-unique") -> bytes | None: ...
     def selected_alpn_protocol(self) -> str | None: ...
     if sys.version_info >= (3, 10):
-        @deprecated("Deprecated in 3.10. Use ALPN instead.")
+        @deprecated("Deprecated since Python 3.10. Use ALPN instead.")
         def selected_npn_protocol(self) -> str | None: ...
     else:
         def selected_npn_protocol(self) -> str | None: ...
@@ -426,7 +386,7 @@ class SSLContext(_SSLContext):
     else:
         def __new__(cls, protocol: int = ..., *args: Any, **kwargs: Any) -> Self: ...
 
-    def load_default_certs(self, purpose: Purpose = ...) -> None: ...
+    def load_default_certs(self, purpose: Purpose = Purpose.SERVER_AUTH) -> None: ...
     def load_verify_locations(
         self,
         cafile: StrOrBytesPath | None = None,
@@ -444,7 +404,7 @@ class SSLContext(_SSLContext):
     def set_ciphers(self, cipherlist: str, /) -> None: ...
     def set_alpn_protocols(self, alpn_protocols: Iterable[str]) -> None: ...
     if sys.version_info >= (3, 10):
-        @deprecated("Deprecated in 3.10. Use ALPN instead.")
+        @deprecated("Deprecated since Python 3.10. Use ALPN instead.")
         def set_npn_protocols(self, npn_protocols: Iterable[str]) -> None: ...
     else:
         def set_npn_protocols(self, npn_protocols: Iterable[str]) -> None: ...
@@ -470,6 +430,44 @@ class SSLContext(_SSLContext):
         session: SSLSession | None = None,
     ) -> SSLObject: ...
 
+def create_default_context(
+    purpose: Purpose = Purpose.SERVER_AUTH,
+    *,
+    cafile: StrOrBytesPath | None = None,
+    capath: StrOrBytesPath | None = None,
+    cadata: str | ReadableBuffer | None = None,
+) -> SSLContext: ...
+
+if sys.version_info >= (3, 10):
+    def _create_unverified_context(
+        protocol: int | None = None,
+        *,
+        cert_reqs: int = ...,
+        check_hostname: bool = False,
+        purpose: Purpose = Purpose.SERVER_AUTH,
+        certfile: StrOrBytesPath | None = None,
+        keyfile: StrOrBytesPath | None = None,
+        cafile: StrOrBytesPath | None = None,
+        capath: StrOrBytesPath | None = None,
+        cadata: str | ReadableBuffer | None = None,
+    ) -> SSLContext: ...
+
+else:
+    def _create_unverified_context(
+        protocol: int = ...,
+        *,
+        cert_reqs: int = ...,
+        check_hostname: bool = False,
+        purpose: Purpose = Purpose.SERVER_AUTH,
+        certfile: StrOrBytesPath | None = None,
+        keyfile: StrOrBytesPath | None = None,
+        cafile: StrOrBytesPath | None = None,
+        capath: StrOrBytesPath | None = None,
+        cadata: str | ReadableBuffer | None = None,
+    ) -> SSLContext: ...
+
+_create_default_https_context = create_default_context
+
 class SSLObject:
     context: SSLContext
     @property
@@ -490,7 +488,7 @@ class SSLObject:
     def getpeercert(self, binary_form: bool) -> _PeerCertRetType: ...
     def selected_alpn_protocol(self) -> str | None: ...
     if sys.version_info >= (3, 10):
-        @deprecated("Deprecated in 3.10. Use ALPN instead.")
+        @deprecated("Deprecated since Python 3.10. Use ALPN instead.")
         def selected_npn_protocol(self) -> str | None: ...
     else:
         def selected_npn_protocol(self) -> str | None: ...