From e03d9af2a21e8ae5b96ce74c94cd09676ee2a425 Mon Sep 17 00:00:00 2001
From: "Andrew M. Kuchling" <amk@amk.ca>
Date: Mon, 12 Jul 2004 13:10:47 +0000
Subject: [PATCH] Patch #909007] Enable a bunch of safe bug workarounds in
 OpenSSL, for compatibility with various broken SSL implementations out there.

---
 Misc/NEWS      | 3 +++
 Modules/_ssl.c | 1 +
 2 files changed, 4 insertions(+)

diff --git a/Misc/NEWS b/Misc/NEWS
index 4ac67d4be5e5..23ddd63e8675 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -37,6 +37,9 @@ Extension modules
 - Bug #954364: inspect.getframeinfo() sometimes produces incorrect traceback
   line numbers
 
+- Patch #909007: Enable a bunch of safe bug workarounds in OpenSSL, for
+  the sake of compatibility with various broken SSL implementations.
+
 Library
 -------
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5fcf84ca2e9e..610a1854f319 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -220,6 +220,7 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
 	Py_BEGIN_ALLOW_THREADS
 	SSL_CTX_set_verify(self->ctx,
 			   SSL_VERIFY_NONE, NULL); /* set verify lvl */
+	SSL_CTX_set_options(self->ctx, SSL_OP_ALL); /* ssl compatibility */
 	self->ssl = SSL_new(self->ctx); /* New ssl struct */
 	Py_END_ALLOW_THREADS
 	SSL_set_fd(self->ssl, Sock->sock_fd);	/* Set the socket for SSL */
-- 
2.47.3