ssl.wrap_context() got removed in Python3.12 busting our fallback_directories doctor test

06/12/2025 07:11:52 [INFO] C0100C150EA96E1CBBBFB3B770EFCD50C5F55F8F => Unable to download from ORPort 9905 (module 'ssl' has no attribute 'wrap_socket')

The code in question is in socket.py

  def _make_socket(self):
    try:
      relay_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
      relay_socket.connect((self.address, self.port))
      return ssl.wrap_socket(relay_socket)
    except socket.error as exc:
      raise stem.SocketError(exc)

The Python 3.12 announcement has this about the relevant part being removed:

Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its ssl.SSLContext.wrap_socket method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates the server hostname. Code is subject to CWE 295 (Improper Certificate Validation). (Contributed by Victor Stinner in gh-94199.)