Add `OPENSSL_NO_SSL2` & `OPENSSL_NO_SSL3` patch for 2.6.6 .. 2.6.8

8 years ago · 471fa24531
--- a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
 diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
 --- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
 +++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
@@ -61,7 +61,19 @@
 
 from _ssl import SSLError
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 +from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 +_PROTOCOL_NAMES = {
 +    PROTOCOL_TLSv1: "TLSv1",
 +    PROTOCOL_SSLv23: "SSLv23",
 +    PROTOCOL_SSLv3: "SSLv3",
 +}
 +try:
 +    from _ssl import PROTOCOL_SSLv2
 +    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
 +except ImportError:
 +    _SSLv2_IF_EXISTS = None
 +else:
 +    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
 from _ssl import RAND_status, RAND_egd, RAND_add
 from _ssl import \
      SSL_ERROR_ZERO_RETURN, \
@@ -402,16 +414,7 @@
     return DER_cert_to_PEM_cert(dercert)
 
 def get_protocol_name(protocol_code):
 -    if protocol_code == PROTOCOL_TLSv1:
 -        return "TLSv1"
 -    elif protocol_code == PROTOCOL_SSLv23:
 -        return "SSLv23"
 -    elif protocol_code == PROTOCOL_SSLv2:
 -        return "SSLv2"
 -    elif protocol_code == PROTOCOL_SSLv3:
 -        return "SSLv3"
 -    else:
 -        return "<unknown>"
 +    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
 
 
 # a replacement for the old socket.ssl function
 diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
 --- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
 +++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
@@ -62,7 +62,9 @@
 };
 
 enum py_ssl_version {
 +#ifndef OPENSSL_NO_SSL2
     PY_SSL_VERSION_SSL2,
 +#endif
     PY_SSL_VERSION_SSL3,
     PY_SSL_VERSION_SSL23,
     PY_SSL_VERSION_TLS1
@@ -302,8 +304,10 @@
         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
     else if (proto_version == PY_SSL_VERSION_SSL3)
         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
 +#ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
 +#endif
     else if (proto_version == PY_SSL_VERSION_SSL23)
         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
     PySSL_END_ALLOW_THREADS
@@ -1688,8 +1692,10 @@
                             PY_SSL_CERT_REQUIRED);
 
     /* protocol versions */
 +#ifndef OPENSSL_NO_SSL2
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 +#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,95 @@
 diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
 --- ../Python-2.6.8.orig/Lib/ssl.py	2012-04-10 15:32:06.000000000 +0000
 +++ ./Lib/ssl.py	2015-12-18 14:46:36.487188331 +0000
@@ -61,18 +61,24 @@
 
 from _ssl import SSLError
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 -from _ssl import RAND_status, RAND_egd, RAND_add
 -from _ssl import \
 -     SSL_ERROR_ZERO_RETURN, \
 -     SSL_ERROR_WANT_READ, \
 -     SSL_ERROR_WANT_WRITE, \
 -     SSL_ERROR_WANT_X509_LOOKUP, \
 -     SSL_ERROR_SYSCALL, \
 -     SSL_ERROR_SSL, \
 -     SSL_ERROR_WANT_CONNECT, \
 -     SSL_ERROR_EOF, \
 -     SSL_ERROR_INVALID_ERROR_CODE
 +from _ssl import RAND_status, RAND_add
 +try:
 +    from _ssl import RAND_egd
 +except ImportError:
 +    # LibreSSL does not provide RAND_egd
 +    pass
 +
 +def _import_symbols(prefix):
 +    for n in dir(_ssl):
 +        if n.startswith(prefix):
 +            globals()[n] = getattr(_ssl, n)
 +
 +_import_symbols('OP_')
 +_import_symbols('ALERT_DESCRIPTION_')
 +_import_symbols('SSL_ERROR_')
 +_import_symbols('PROTOCOL_')
 +
 +_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
 
 from socket import socket, _fileobject, _delegate_methods
 from socket import error as socket_error
@@ -382,7 +388,7 @@
     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
     return base64.decodestring(d)
 
 -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
 +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
 
     """Retrieve the certificate from the server at the specified address,
     and return it as a PEM-encoded string.
 diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
 --- ../Python-2.6.8.orig/Modules/_ssl.c	2012-04-10 15:32:09.000000000 +0000
 +++ ./Modules/_ssl.c	2015-12-18 14:45:30.419597074 +0000
@@ -62,8 +62,12 @@
 };
 
 enum py_ssl_version {
 +#ifndef OPENSSL_NO_SSL2
     PY_SSL_VERSION_SSL2,
 +#endif
 +#ifndef OPENSSL_NO_SSL3
     PY_SSL_VERSION_SSL3,
 +#endif
     PY_SSL_VERSION_SSL23,
     PY_SSL_VERSION_TLS1
 };
@@ -300,10 +304,14 @@
     PySSL_BEGIN_ALLOW_THREADS
     if (proto_version == PY_SSL_VERSION_TLS1)
         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
 +#ifndef OPENSSL_NO_SSL3
     else if (proto_version == PY_SSL_VERSION_SSL3)
         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
 +#endif
 +#ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
 +#endif
     else if (proto_version == PY_SSL_VERSION_SSL23)
         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
     PySSL_END_ALLOW_THREADS
@@ -1688,10 +1696,14 @@
                             PY_SSL_CERT_REQUIRED);
 
     /* protocol versions */
 +#ifndef OPENSSL_NO_SSL2
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 +#endif
 +#ifndef OPENSSL_NO_SSL3
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
 +#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
                             PY_SSL_VERSION_SSL23);
     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
 diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
 --- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
 +++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
@@ -61,7 +61,19 @@
 
 from _ssl import SSLError
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 +from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 +_PROTOCOL_NAMES = {
 +    PROTOCOL_TLSv1: "TLSv1",
 +    PROTOCOL_SSLv23: "SSLv23",
 +    PROTOCOL_SSLv3: "SSLv3",
 +}
 +try:
 +    from _ssl import PROTOCOL_SSLv2
 +    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
 +except ImportError:
 +    _SSLv2_IF_EXISTS = None
 +else:
 +    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
 from _ssl import RAND_status, RAND_egd, RAND_add
 from _ssl import \
      SSL_ERROR_ZERO_RETURN, \
@@ -402,16 +414,7 @@
     return DER_cert_to_PEM_cert(dercert)
 
 def get_protocol_name(protocol_code):
 -    if protocol_code == PROTOCOL_TLSv1:
 -        return "TLSv1"
 -    elif protocol_code == PROTOCOL_SSLv23:
 -        return "SSLv23"
 -    elif protocol_code == PROTOCOL_SSLv2:
 -        return "SSLv2"
 -    elif protocol_code == PROTOCOL_SSLv3:
 -        return "SSLv3"
 -    else:
 -        return "<unknown>"
 +    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
 
 
 # a replacement for the old socket.ssl function
 diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
 --- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
 +++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
@@ -62,7 +62,9 @@
 };
 
 enum py_ssl_version {
 +#ifndef OPENSSL_NO_SSL2
     PY_SSL_VERSION_SSL2,
 +#endif
     PY_SSL_VERSION_SSL3,
     PY_SSL_VERSION_SSL23,
     PY_SSL_VERSION_TLS1
@@ -302,8 +304,10 @@
         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
     else if (proto_version == PY_SSL_VERSION_SSL3)
         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
 +#ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
 +#endif
     else if (proto_version == PY_SSL_VERSION_SSL23)
         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
     PySSL_END_ALLOW_THREADS
@@ -1688,8 +1692,10 @@
                             PY_SSL_CERT_REQUIRED);
 
     /* protocol versions */
 +#ifndef OPENSSL_NO_SSL2
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 +#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,95 @@
 diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
 --- ../Python-2.6.8.orig/Lib/ssl.py	2012-04-10 15:32:06.000000000 +0000
 +++ ./Lib/ssl.py	2015-12-18 14:46:36.487188331 +0000
@@ -61,18 +61,24 @@
 
 from _ssl import SSLError
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 -from _ssl import RAND_status, RAND_egd, RAND_add
 -from _ssl import \
 -     SSL_ERROR_ZERO_RETURN, \
 -     SSL_ERROR_WANT_READ, \
 -     SSL_ERROR_WANT_WRITE, \
 -     SSL_ERROR_WANT_X509_LOOKUP, \
 -     SSL_ERROR_SYSCALL, \
 -     SSL_ERROR_SSL, \
 -     SSL_ERROR_WANT_CONNECT, \
 -     SSL_ERROR_EOF, \
 -     SSL_ERROR_INVALID_ERROR_CODE
 +from _ssl import RAND_status, RAND_add
 +try:
 +    from _ssl import RAND_egd
 +except ImportError:
 +    # LibreSSL does not provide RAND_egd
 +    pass
 +
 +def _import_symbols(prefix):
 +    for n in dir(_ssl):
 +        if n.startswith(prefix):
 +            globals()[n] = getattr(_ssl, n)
 +
 +_import_symbols('OP_')
 +_import_symbols('ALERT_DESCRIPTION_')
 +_import_symbols('SSL_ERROR_')
 +_import_symbols('PROTOCOL_')
 +
 +_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
 
 from socket import socket, _fileobject, _delegate_methods
 from socket import error as socket_error
@@ -382,7 +388,7 @@
     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
     return base64.decodestring(d)
 
 -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
 +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
 
     """Retrieve the certificate from the server at the specified address,
     and return it as a PEM-encoded string.
 diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
 --- ../Python-2.6.8.orig/Modules/_ssl.c	2012-04-10 15:32:09.000000000 +0000
 +++ ./Modules/_ssl.c	2015-12-18 14:45:30.419597074 +0000
@@ -62,8 +62,12 @@
 };
 
 enum py_ssl_version {
 +#ifndef OPENSSL_NO_SSL2
     PY_SSL_VERSION_SSL2,
 +#endif
 +#ifndef OPENSSL_NO_SSL3
     PY_SSL_VERSION_SSL3,
 +#endif
     PY_SSL_VERSION_SSL23,
     PY_SSL_VERSION_TLS1
 };
@@ -300,10 +304,14 @@
     PySSL_BEGIN_ALLOW_THREADS
     if (proto_version == PY_SSL_VERSION_TLS1)
         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
 +#ifndef OPENSSL_NO_SSL3
     else if (proto_version == PY_SSL_VERSION_SSL3)
         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
 +#endif
 +#ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
 +#endif
     else if (proto_version == PY_SSL_VERSION_SSL23)
         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
     PySSL_END_ALLOW_THREADS
@@ -1688,10 +1696,14 @@
                             PY_SSL_CERT_REQUIRED);
 
     /* protocol versions */
 +#ifndef OPENSSL_NO_SSL2
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 +#endif
 +#ifndef OPENSSL_NO_SSL3
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
 +#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
                             PY_SSL_VERSION_SSL23);
     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
 diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
 --- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
 +++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
@@ -61,7 +61,19 @@
 
 from _ssl import SSLError
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 +from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 +_PROTOCOL_NAMES = {
 +    PROTOCOL_TLSv1: "TLSv1",
 +    PROTOCOL_SSLv23: "SSLv23",
 +    PROTOCOL_SSLv3: "SSLv3",
 +}
 +try:
 +    from _ssl import PROTOCOL_SSLv2
 +    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
 +except ImportError:
 +    _SSLv2_IF_EXISTS = None
 +else:
 +    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
 from _ssl import RAND_status, RAND_egd, RAND_add
 from _ssl import \
      SSL_ERROR_ZERO_RETURN, \
@@ -402,16 +414,7 @@
     return DER_cert_to_PEM_cert(dercert)
 
 def get_protocol_name(protocol_code):
 -    if protocol_code == PROTOCOL_TLSv1:
 -        return "TLSv1"
 -    elif protocol_code == PROTOCOL_SSLv23:
 -        return "SSLv23"
 -    elif protocol_code == PROTOCOL_SSLv2:
 -        return "SSLv2"
 -    elif protocol_code == PROTOCOL_SSLv3:
 -        return "SSLv3"
 -    else:
 -        return "<unknown>"
 +    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
 
 
 # a replacement for the old socket.ssl function
 diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
 --- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
 +++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
@@ -62,7 +62,9 @@
 };
 
 enum py_ssl_version {
 +#ifndef OPENSSL_NO_SSL2
     PY_SSL_VERSION_SSL2,
 +#endif
     PY_SSL_VERSION_SSL3,
     PY_SSL_VERSION_SSL23,
     PY_SSL_VERSION_TLS1
@@ -302,8 +304,10 @@
         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
     else if (proto_version == PY_SSL_VERSION_SSL3)
         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
 +#ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
 +#endif
     else if (proto_version == PY_SSL_VERSION_SSL23)
         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
     PySSL_END_ALLOW_THREADS
@@ -1688,8 +1692,10 @@
                             PY_SSL_CERT_REQUIRED);
 
     /* protocol versions */
 +#ifndef OPENSSL_NO_SSL2
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 +#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,95 @@
 diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
 --- ../Python-2.6.8.orig/Lib/ssl.py	2012-04-10 15:32:06.000000000 +0000
 +++ ./Lib/ssl.py	2015-12-18 14:46:36.487188331 +0000
@@ -61,18 +61,24 @@
 
 from _ssl import SSLError
 from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
 -from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
 -from _ssl import RAND_status, RAND_egd, RAND_add
 -from _ssl import \
 -     SSL_ERROR_ZERO_RETURN, \
 -     SSL_ERROR_WANT_READ, \
 -     SSL_ERROR_WANT_WRITE, \
 -     SSL_ERROR_WANT_X509_LOOKUP, \
 -     SSL_ERROR_SYSCALL, \
 -     SSL_ERROR_SSL, \
 -     SSL_ERROR_WANT_CONNECT, \
 -     SSL_ERROR_EOF, \
 -     SSL_ERROR_INVALID_ERROR_CODE
 +from _ssl import RAND_status, RAND_add
 +try:
 +    from _ssl import RAND_egd
 +except ImportError:
 +    # LibreSSL does not provide RAND_egd
 +    pass
 +
 +def _import_symbols(prefix):
 +    for n in dir(_ssl):
 +        if n.startswith(prefix):
 +            globals()[n] = getattr(_ssl, n)
 +
 +_import_symbols('OP_')
 +_import_symbols('ALERT_DESCRIPTION_')
 +_import_symbols('SSL_ERROR_')
 +_import_symbols('PROTOCOL_')
 +
 +_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
 
 from socket import socket, _fileobject, _delegate_methods
 from socket import error as socket_error
@@ -382,7 +388,7 @@
     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
     return base64.decodestring(d)
 
 -def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
 +def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
 
     """Retrieve the certificate from the server at the specified address,
     and return it as a PEM-encoded string.
 diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
 --- ../Python-2.6.8.orig/Modules/_ssl.c	2012-04-10 15:32:09.000000000 +0000
 +++ ./Modules/_ssl.c	2015-12-18 14:45:30.419597074 +0000
@@ -62,8 +62,12 @@
 };
 
 enum py_ssl_version {
 +#ifndef OPENSSL_NO_SSL2
     PY_SSL_VERSION_SSL2,
 +#endif
 +#ifndef OPENSSL_NO_SSL3
     PY_SSL_VERSION_SSL3,
 +#endif
     PY_SSL_VERSION_SSL23,
     PY_SSL_VERSION_TLS1
 };
@@ -300,10 +304,14 @@
     PySSL_BEGIN_ALLOW_THREADS
     if (proto_version == PY_SSL_VERSION_TLS1)
         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
 +#ifndef OPENSSL_NO_SSL3
     else if (proto_version == PY_SSL_VERSION_SSL3)
         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
 +#endif
 +#ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
 +#endif
     else if (proto_version == PY_SSL_VERSION_SSL23)
         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
     PySSL_END_ALLOW_THREADS
@@ -1688,10 +1696,14 @@
                             PY_SSL_CERT_REQUIRED);
 
     /* protocol versions */
 +#ifndef OPENSSL_NO_SSL2
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 +#endif
 +#ifndef OPENSSL_NO_SSL3
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
 +#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
                             PY_SSL_VERSION_SSL23);
     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",