From 21cd65fccf41d3c365572ec7f443214ba474f125 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sun, 19 Nov 2023 14:11:29 +0100
Subject: [PATCH] ssl.wrap_socket() was removed in Python 3.12 (#7542)

* ssl.wrap_socket() was removed in Python 3.12.

* Make code for irc module backwards-compatible.
---
 changelogs/fragments/7542-irc-logentries-ssl.yml |  3 +++
 plugins/callback/logentries.py                   | 12 ++++--------
 plugins/modules/irc.py                           |  9 ++++++++-
 3 files changed, 15 insertions(+), 9 deletions(-)
 create mode 100644 changelogs/fragments/7542-irc-logentries-ssl.yml

diff --git a/changelogs/fragments/7542-irc-logentries-ssl.yml b/changelogs/fragments/7542-irc-logentries-ssl.yml
new file mode 100644
index 0000000000..6897087dfb
--- /dev/null
+++ b/changelogs/fragments/7542-irc-logentries-ssl.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - "log_entries callback plugin - replace ``ssl.wrap_socket`` that was removed from Python 3.12 with code for creating a proper SSL context (https://github.com/ansible-collections/community.general/pull/7542)."
+  - "irc - replace ``ssl.wrap_socket`` that was removed from Python 3.12 with code for creating a proper SSL context (https://github.com/ansible-collections/community.general/pull/7542)."
diff --git a/plugins/callback/logentries.py b/plugins/callback/logentries.py
index 22322a4df2..c07f3521b4 100644
--- a/plugins/callback/logentries.py
+++ b/plugins/callback/logentries.py
@@ -196,15 +196,11 @@ else:
     class TLSSocketAppender(PlainTextSocketAppender):
         def open_connection(self):
             sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            sock = ssl.wrap_socket(
+            context = ssl.create_default_context(
+                purpose=ssl.Purpose.SERVER_AUTH,
+                cafile=certifi.where(), )
+            sock = context.wrap_socket(
                 sock=sock,
-                keyfile=None,
-                certfile=None,
-                server_side=False,
-                cert_reqs=ssl.CERT_REQUIRED,
-                ssl_version=getattr(
-                    ssl, 'PROTOCOL_TLSv1_2', ssl.PROTOCOL_TLSv1),
-                ca_certs=certifi.where(),
                 do_handshake_on_connect=True,
                 suppress_ragged_eofs=True, )
             sock.connect((self.LE_API, self.LE_TLS_PORT))
diff --git a/plugins/modules/irc.py b/plugins/modules/irc.py
index 6cd7bc1203..df9d026ac9 100644
--- a/plugins/modules/irc.py
+++ b/plugins/modules/irc.py
@@ -195,7 +195,14 @@ def send_msg(msg, server='localhost', port='6667', channel=None, nick_to=None, k
 
     irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     if use_ssl:
-        irc = ssl.wrap_socket(irc)
+        if getattr(ssl, 'PROTOCOL_TLS', None) is not None:
+            # Supported since Python 2.7.13
+            context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+        else:
+            context = ssl.SSLContext()
+        context.verify_mode = ssl.CERT_NONE
+        # TODO: create a secure context with `context = ssl.create_default_context()` instead!
+        irc = context.wrap_socket(irc)
     irc.connect((server, int(port)))
 
     if passwd: