From: Benjamin Peterson <benjamin@python.org>
Date: Sat, 6 Dec 2014 03:11:33 +0000 (-0500)
Subject: merge 3.4 (#22935)
X-Git-Tag: v3.5.0a1~368
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=22293df016773029385c70968252a11b7cb02a42;p=thirdparty%2FPython%2Fcpython.git

merge 3.4 (#22935)
---

22293df016773029385c70968252a11b7cb02a42
diff --cc Lib/test/test_ssl.py
index 2a18cc49311e,2dea0c5cff6f..67eea980c477
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@@ -2410,20 -2168,24 +2410,24 @@@ else
                          sys.stdout.write(
                              " SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
                              % str(x))
-             try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3')
+             if hasattr(ssl, 'PROTOCOL_SSLv3'):
 -                try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
++                try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3')
              try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
 -            try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
 +            try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1')
  
-             try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
+             if hasattr(ssl, 'PROTOCOL_SSLv3'):
 -                try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
++                try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
              try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
 -            try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
 +            try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
  
-             try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
+             if hasattr(ssl, 'PROTOCOL_SSLv3'):
 -                try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
++                try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
              try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
 -            try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
 +            try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
  
              # Server with specific SSL options
-             try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False,
+             if hasattr(ssl, 'PROTOCOL_SSLv3'):
+                 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False,
                                 server_options=ssl.OP_NO_SSLv3)
              # Will choose TLSv1
              try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True,
@@@ -2455,12 -2219,13 +2461,13 @@@
              """Connecting to a TLSv1 server with various client options"""
              if support.verbose:
                  sys.stdout.write("\n")
 -            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True)
 -            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
 -            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
 +            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
 +            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
 +            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
              if hasattr(ssl, 'PROTOCOL_SSLv2'):
                  try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
-             try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
+             if hasattr(ssl, 'PROTOCOL_SSLv3'):
+                 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
              try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False,
                                 client_options=ssl.OP_NO_TLSv1)
  
@@@ -2472,10 -2237,11 +2479,11 @@@
                 Testing against older TLS versions."""
              if support.verbose:
                  sys.stdout.write("\n")
 -            try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, True)
 +            try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
              if hasattr(ssl, 'PROTOCOL_SSLv2'):
                  try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
-             try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
+             if hasattr(ssl, 'PROTOCOL_SSLv3'):
+                 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
              try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv23, False,
                                 client_options=ssl.OP_NO_TLSv1_1)
  
diff --cc Misc/NEWS
index 74da40280e82,d5bb07446b13..a9ffe84b35ca
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@@ -1269,40 -1011,7 +1269,43 @@@ IDL
  Build
  -----
  
 -- The Windows build now includes OpenSSL 1.0.1g
++- Issue #22935: Allow the ssl module to be compiled if openssl doesn't support
++  SSL 3.
++
 +- Issue #22592: Drop support of the Borland C compiler to build Python. The
 +  distutils module still supports it to build extensions.
 +
 +- Issue #22591: Drop support of MS-DOS, especially of the DJGPP compiler
 +  (MS-DOS port of GCC).
 +
 +- Issue #16537: Check whether self.extensions is empty in setup.py. Patch by
 +  Jonathan Hosmer.
 +
 +- Issue #22359: Remove incorrect uses of recursive make.  Patch by Jonas
 +  Wagner.
 +
 +- Issue #21958: Define HAVE_ROUND when building with Visual Studio 2013 and
 +  above.  Patch by Zachary Turner.
 +
 +- Issue #18093: the programs that embed the CPython runtime are now in a
 +  separate "Programs" directory, rather than being kept in the Modules
 +  directory.
 +
 +- Issue #15759: "make suspicious", "make linkcheck" and "make doctest" in Doc/
 +  now display special message when and only when there are failures.
 +
 +- Issue #21141: The Windows build process no longer attempts to find Perl,
 +  instead relying on OpenSSL source being configured and ready to build.  The
 +  ``PCbuild\build_ssl.py`` script has been re-written and re-named to
 +  ``PCbuild\prepare_ssl.py``, and takes care of configuring OpenSSL source
 +  for both 32 and 64 bit platforms.  OpenSSL sources obtained from
 +  svn.python.org will always be pre-configured and ready to build.
 +
 +- Issue #21037: Add a build option to enable AddressSanitizer support.
 +
 +- Issue #19962: The Windows build process now creates "python.bat" in the
 +  root of the source tree, which passes all arguments through to the most
 +  recently built interpreter.
  
  - Issue #21285: Refactor and fix curses configure check to always search
    in a ncursesw directory.