[Python-checkins] bpo-43799: Also define SSLv3_method() (GH-25481)

tiran webhook-mailer at python.org
Tue Apr 20 12:10:26 EDT 2021 

https://github.com/python/cpython/commit/3309113d6131e4bbac570c4f54175ecca02d025a
commit: 3309113d6131e4bbac570c4f54175ecca02d025a
branch: master
author: Christian Heimes <christian at python.org>
committer: tiran <christian at python.org>
date: 2021-04-20T18:10:10+02:00
summary:

bpo-43799: Also define SSLv3_method() (GH-25481)

Signed-off-by: Christian Heimes <christian at python.org>

files:
M Lib/test/test_ssl.py
M Modules/_ssl.c

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index ae66c3e7d4a56..697971e0a57d9 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -3245,10 +3245,6 @@ def test_protocol_sslv2(self):
             try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
         try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
         # SSLv23 client with specific SSL options
-        if no_sslv2_implies_sslv3_hello():
-            # No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs
-            try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
-                               client_options=ssl.OP_NO_SSLv2)
         try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
                            client_options=ssl.OP_NO_SSLv3)
         try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
@@ -3309,10 +3305,6 @@ def test_protocol_sslv3(self):
         try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS, False,
                            client_options=ssl.OP_NO_SSLv3)
         try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
-        if no_sslv2_implies_sslv3_hello():
-            # No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs
-            try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS,
-                               False, client_options=ssl.OP_NO_SSLv2)
 
     @requires_tls_version('TLSv1')
     def test_protocol_tlsv1(self):
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 4b84014d008c1..e28c1286784a4 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -123,6 +123,9 @@ static void _PySSLFixErrno(void) {
 #endif
 
 /* OpenSSL API 1.1.0+ does not include version methods */
+#ifndef OPENSSL_NO_SSL3_METHOD
+extern const SSL_METHOD *SSLv3_method(void);
+#endif
 #ifndef OPENSSL_NO_TLS1_METHOD
 extern const SSL_METHOD *TLSv1_method(void);
 #endif

More information about the Python-checkins mailing list