From ee49eb451c0aa3953d35a1c6737605840521e9af Mon Sep 17 00:00:00 2001
From: Brian Wellington <bwelling@xbill.org>
Date: Wed, 11 Mar 2020 09:51:57 -0700
Subject: [PATCH] Require Python 3.6 for EdDSA.

---
 dns/dnssec.py        | 5 +++--
 doc/dnssec.rst       | 3 ++-
 doc/installation.rst | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/dns/dnssec.py b/dns/dnssec.py
index 1bc840c5..0cabb5b5 100644
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -20,6 +20,7 @@
 import hashlib  # used in make_ds() to avoid pycrypto dependency
 from io import BytesIO
 import struct
+import sys
 import time
 
 import dns.exception
@@ -387,8 +388,8 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
 
         elif _is_eddsa(rrsig.algorithm):
             keyptr = candidate_key.key
-            if not _have_ecpy:
-                raise ImportError('DNSSEC validation for algorithm %u requires ecpy library' % rrsig.algorithm)
+            if not (_have_ecpy and sys.version_info >= (3, 6)):
+                raise ImportError('DNSSEC validation for algorithm %u requires ecpy library and Python 3.6 or newer' % rrsig.algorithm)
             if rrsig.algorithm == ED25519:
                 curve = 'Ed25519'
             else:
diff --git a/doc/dnssec.rst b/doc/dnssec.rst
index 81abc311..ddc3a831 100644
--- a/doc/dnssec.rst
+++ b/doc/dnssec.rst
@@ -7,7 +7,8 @@ DNSSEC
 Dnspython can do simple DNSSEC signature validation, but currently has no
 facilities for signing.  In order to use DNSSEC functions, you must have
 ``pycryptodome`` or ``pycryptodomex`` installed.  In order to use the EdDSA
-algorithms, you must also have ``ecpy`` installed.
+algorithms, you must also be running Python 3.6 or later and have
+``ecpy`` installed.
 
 DNSSEC Functions
 ----------------
diff --git a/doc/installation.rst b/doc/installation.rst
index 63f29ff0..d4b2e2fb 100644
--- a/doc/installation.rst
+++ b/doc/installation.rst
@@ -48,7 +48,7 @@ The following modules are optional, but recommended for full functionality.
 If ``pycryptodome`` / ``pycryptodomex`` is installed, then dnspython will be
 able to do low-level DNSSEC RSA, DSA, and ECDSA signature validation.
 
-If ``ecpy`` is installed as well, then dnspython will be able to do low-level
-EdDSA signature verification.
+If using Python 3.6 or later and ``ecpy`` is installed as well, then dnspython
+will be able to do low-level EdDSA signature verification.
 
 If ``idna`` is installed, then IDNA 2008 will be available.
-- 
2.47.3