From f81c62a6a42ac0192fa0634c225ee540ad73be5a Mon Sep 17 00:00:00 2001
From: xtkoba <69125751+xtkoba@users.noreply.github.com>
Date: Fri, 21 Jan 2022 15:12:30 +0900
Subject: Add option --legacy-server-connect (#778)

to allow HTTPS connection to servers that do not support RFC 5746 secure renegotiation

Authored by: xtkoba
---
 yt_dlp/utils.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'yt_dlp/utils.py')

diff --git a/yt_dlp/utils.py b/yt_dlp/utils.py
index 0defe83e8..cb44a9c51 100644
--- a/yt_dlp/utils.py
+++ b/yt_dlp/utils.py
@@ -997,6 +997,8 @@ def make_HTTPS_handler(params, **kwargs):
     opts_check_certificate = not params.get('nocheckcertificate')
     context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
     context.check_hostname = opts_check_certificate
+    if params.get('legacyserverconnect'):
+        context.options |= 4  # SSL_OP_LEGACY_SERVER_CONNECT
     context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE
     if opts_check_certificate:
         try:
-- 
cgit v1.2.3