Author kroeckx
Recipients kroeckx
Date 2014-11-24.22:14:18
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1416867260.32.0.182122908289.issue22935@psf.upfronthosting.co.za>
In-reply-to
Content
Hi,

The attached patch makes python work when openssl doesn't have SSLv3 support.  It also updates the documentation, which has already improved a lot since my original patch.

The current upstream openssl when compiled with no-ssl2 it defines OPENSSL_NO_SSL2, drops the SSLv2_* method and drops support for SSLv2 in the SSLv23_* methods.  When build with no-ssl3 it defines OPENSSL_NO_SSL3 and currently just drops supports for SSLv3 in the SSLv23_method, it does not yet drop the SSLv3_* methods.  It's still being argued whether no-ssl3 should drop those symbols or that a new option will be used instead.

So that means that with OPENSSL_NO_SSL3 defined it could be that the SSLv3_* methods still exist and that you can create a socket that only support SSLv3.

I made the SSLv3 methods go away in python if OPENSSL_NO_SSL3 is defined.  This at least makes things easier for the test suite so that you know you can test a combination like v3 with v23 or not.

This patch is for 2.7.  Please let me know if you need a patch for a different version.
History
Date User Action Args
2014-11-24 22:14:20kroeckxsetrecipients: + kroeckx
2014-11-24 22:14:20kroeckxsetmessageid: <1416867260.32.0.182122908289.issue22935@psf.upfronthosting.co.za>
2014-11-24 22:14:20kroeckxlinkissue22935 messages
2014-11-24 22:14:19kroeckxcreate