gh-136306: Address first round of comments

ronf · ronf · commit 187ff2e1acaa · 2025-07-05T06:39:24.000-07:00
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
@@ -1645,17 +1645,15 @@ to speed up repeated connections from the same clients.
 
    Get a list of groups implemented for key agreement, taking into account
    the SSLContext's current TLS ``minimum_version`` and ``maximum_version``
-   values.
+   values.  For example::
 
-   Example::
-
-       >>> ctx = ssl.create_default_context()
-       >>> ctx.minimum_version=ssl.TLSVersion.TLSv1_3
-       >>> ctx.maximum_version=ssl.TLSVersion.TLSv1_3
-       >>> ctx.get_groups()
-       ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448', 'brainpoolP256r1tls13', 'brainpoolP384r1tls13', 'brainpoolP512r1tls13', 'ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192', 'MLKEM512', 'MLKEM768', 'MLKEM1024', 'SecP256r1MLKEM768', 'X25519MLKEM768', 'SecP384r1MLKEM1024'
+   >>> ctx = ssl.create_default_context()
+   >>> ctx.minimum_version=ssl.TLSVersion.TLSv1_3
+   >>> ctx.maximum_version=ssl.TLSVersion.TLSv1_3
+   >>> ctx.get_groups()
+   ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448', 'brainpoolP256r1tls13', 'brainpoolP384r1tls13', 'brainpoolP512r1tls13', 'ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192', 'MLKEM512', 'MLKEM768', 'MLKEM1024', 'SecP256r1MLKEM768', 'X25519MLKEM768', 'SecP384r1MLKEM1024']
 
-   .. versionadded:: 3.15
+   .. versionadded:: next
 
 .. method:: SSLContext.set_default_verify_paths()
 
@@ -1689,7 +1687,7 @@ to speed up repeated connections from the same clients.
    <https://docs.openssl.org/master/man3/SSL_CTX_set1_groups_list/>`_.
 
    .. note::
-      when connected, the :meth:`SSLSocket.group` method of SSL sockets will
+      When connected, the :meth:`SSLSocket.group` method of SSL sockets will
       return the group used for key agreement on that connection.
 
    .. versionadded:: 3.15
@@ -1817,10 +1815,6 @@ to speed up repeated connections from the same clients.
 
    .. versionadded:: 3.3
 
-   .. deprecated:: 3.15
-
-      This method has been replaced by :math:`set_groups`.
-
    .. seealso::
       `SSL/TLS & Perfect Forward Secrecy <https://vincent.bernat.ch/en/blog/2011-ssl-perfect-forward-secrecy>`_
          Vincent Bernat.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -2154,11 +2154,15 @@ _ssl__SSLSocket_group_impl(PySSLSocket *self)
 #if OPENSSL_VERSION_NUMBER >= 0x30200000L
     const char *group_name;
 
-    if (self->ssl == NULL)
+    if (self->ssl == NULL) {
         Py_RETURN_NONE;
+    }
+
     group_name = SSL_get0_group_name(self->ssl);
-    if (group_name == NULL)
+    if (group_name == NULL) {
         Py_RETURN_NONE;
+    }
+
     return PyUnicode_DecodeFSDefault(group_name);
 #else
     PyErr_SetString(PyExc_NotImplementedError,
