merge 3.4 (#22960)

Doc/library/xmlrpc.client.rst

@@ -27,14 +27,14 @@ between conformable Python objects and XML on the wire.
    constructed data.  If you need to parse untrusted or unauthenticated data see
    :ref:`xml-vulnerabilities`.
 
-.. versionchanged:: 3.4.3
+.. versionchanged:: 3.5
 
    For https URIs, :mod:`xmlrpc.client` now performs all the necessary
    certificate and hostname checks by default
 
 .. class:: ServerProxy(uri, transport=None, encoding=None, verbose=False, \
                        allow_none=False, use_datetime=False, \
-                       use_builtin_types=False)
+                       use_builtin_types=False, context=None)
 
    .. versionchanged:: 3.3
       The *use_builtin_types* flag was added.
@@ -63,7 +63,9 @@ between conformable Python objects and XML on the wire.
    portion will be base64-encoded as an HTTP 'Authorization' header, and sent to
    the remote server as part of the connection process when invoking an XML-RPC
    method.  You only need to use this if the remote server requires a Basic
-   Authentication user and password.
+   Authentication user and password. If an HTTPS url is provided, *context* may
+   be :class:`ssl.SSLContext` and configures the SSL settings of the underlying
+   HTTPS connection.
 
    The returned instance is a proxy object with methods that can be used to invoke
    corresponding RPC calls on the remote server.  If the remote server supports the
@@ -127,6 +129,9 @@ between conformable Python objects and XML on the wire.
    :class:`Server` is retained as an alias for :class:`ServerProxy` for backwards
    compatibility.  New code should use :class:`ServerProxy`.
 
+   .. versionchanged:: 3.5
+      Added the *context* argument.
+
 
 .. seealso::
 

Lib/xmlrpc/client.py

@@ -1324,6 +1324,11 @@ class Transport:
 class SafeTransport(Transport):
     """Handles an HTTPS transaction to an XML-RPC server."""
 
+    def __init__(self, use_datetime=False, use_builtin_types=False, *,
+                 context=None):
+        super().__init__(use_datetime=use_datetime, use_builtin_types=use_builtin_types)
+        self.context = context
+
     # FIXME: mostly untested
 
     def make_connection(self, host):
@@ -1337,7 +1342,7 @@ class SafeTransport(Transport):
         # host may be a string, or a (host, x509-dict) tuple
         chost, self._extra_headers, x509 = self.get_host_info(host)
         self._connection = host, http.client.HTTPSConnection(chost,
-            None, **(x509 or {}))
+            None, context=self.context, **(x509 or {}))
         return self._connection[1]
 
 ##
@@ -1380,7 +1385,8 @@ class ServerProxy:
     """
 
     def __init__(self, uri, transport=None, encoding=None, verbose=False,
-                 allow_none=False, use_datetime=False, use_builtin_types=False):
+                 allow_none=False, use_datetime=False, use_builtin_types=False,
+                 *, context=None):
         # establish a "logical" server connection
 
         # get the url
@@ -1394,10 +1400,13 @@ class ServerProxy:
         if transport is None:
             if type == "https":
                 handler = SafeTransport
+                extra_kwargs = {"context": context}
             else:
                 handler = Transport
+                extra_kwargs = {}
             transport = handler(use_datetime=use_datetime,
-                                use_builtin_types=use_builtin_types)
+                                use_builtin_types=use_builtin_types,
+                                **extra_kwargs)
         self.__transport = transport
 
         self.__encoding = encoding or 'utf-8'

Misc/NEWS

@@ -191,6 +191,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #22960: Add a context argument to xmlrpclib.ServerProxy constructor.
+
 - Issue #22389: Add contextlib.redirect_stderr().
 
 - Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The