From: Thomas Grainger <tagrain@gmail.com>
Date: Mon, 28 Jun 2021 12:12:30 +0000 (+0100)
Subject: use context.minimum_version in py3.7+ where available (#1714)
X-Git-Tag: 0.19.0~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1737fc62298eac1ed0c867aa1f24eb9c789e38ff;p=thirdparty%2Fhttpx.git

use context.minimum_version in py3.7+ where available (#1714)
---

diff --git a/httpx/_compat.py b/httpx/_compat.py
index 98a3e37b..0eeeef19 100644
--- a/httpx/_compat.py
+++ b/httpx/_compat.py
@@ -14,11 +14,19 @@ except ImportError:
 
 
 def set_minimum_tls_version_1_2(context: ssl.SSLContext) -> None:
-    if sys.version_info >= (3, 10):
+    if sys.version_info >= (3, 10) or (
+        sys.version_info >= (3, 7) and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0, 7)
+    ):
+        # The OP_NO_SSL* and OP_NO_TLS* become deprecated in favor of
+        # 'SSLContext.minimum_version' from Python 3.7 onwards, however
+        # this attribute is not available unless the ssl module is compiled
+        # with OpenSSL 1.1.0g or newer.
+        # https://docs.python.org/3.10/library/ssl.html#ssl.SSLContext.minimum_version
+        # https://docs.python.org/3.7/library/ssl.html#ssl.SSLContext.minimum_version
         context.minimum_version = ssl.TLSVersion.TLSv1_2
     else:
-        # These become deprecated in favor of 'context.minimum_version'
-        # from Python 3.10 onwards.
+        # If 'minimum_version' isn't available, we configure these options with
+        # the older deprecated variants.
         context.options |= ssl.OP_NO_SSLv2
         context.options |= ssl.OP_NO_SSLv3
         context.options |= ssl.OP_NO_TLSv1