This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author kroeckx
Recipients kroeckx
Date 2014-11-24.22:14:18
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>

The attached patch makes python work when openssl doesn't have SSLv3 support.  It also updates the documentation, which has already improved a lot since my original patch.

The current upstream openssl when compiled with no-ssl2 it defines OPENSSL_NO_SSL2, drops the SSLv2_* method and drops support for SSLv2 in the SSLv23_* methods.  When build with no-ssl3 it defines OPENSSL_NO_SSL3 and currently just drops supports for SSLv3 in the SSLv23_method, it does not yet drop the SSLv3_* methods.  It's still being argued whether no-ssl3 should drop those symbols or that a new option will be used instead.

So that means that with OPENSSL_NO_SSL3 defined it could be that the SSLv3_* methods still exist and that you can create a socket that only support SSLv3.

I made the SSLv3 methods go away in python if OPENSSL_NO_SSL3 is defined.  This at least makes things easier for the test suite so that you know you can test a combination like v3 with v23 or not.

This patch is for 2.7.  Please let me know if you need a patch for a different version.
Date User Action Args
2014-11-24 22:14:20kroeckxsetrecipients: + kroeckx
2014-11-24 22:14:20kroeckxsetmessageid: <>
2014-11-24 22:14:20kroeckxlinkissue22935 messages
2014-11-24 22:14:19kroeckxcreate