mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-12-08 23:03:46 +00:00
28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
From f1a696efd6ca674579e25de29ec4053ff5a5ade1 Mon Sep 17 00:00:00 2001
|
|
From: Donald Stufft <donald@stufft.io>
|
|
Date: Thu, 2 Mar 2017 12:37:07 -0500
|
|
Subject: [PATCH] bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-399)
|
|
|
|
---
|
|
Modules/_ssl.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
|
|
index a92710077cc..4fff16f6f49 100644
|
|
--- a/Modules/_ssl.c
|
|
+++ b/Modules/_ssl.c
|
|
@@ -2166,12 +2166,12 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
|
|
options |= SSL_OP_NO_SSLv3;
|
|
SSL_CTX_set_options(self->ctx, options);
|
|
|
|
-#ifndef OPENSSL_NO_ECDH
|
|
+#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1)
|
|
/* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
|
|
prime256v1 by default. This is Apache mod_ssl's initialization
|
|
policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
|
|
*/
|
|
-#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
|
|
+#if defined(SSL_CTX_set_ecdh_auto)
|
|
SSL_CTX_set_ecdh_auto(self->ctx, 1);
|
|
#else
|
|
{
|