Add OPENSSL_NO_SSL2 & OPENSSL_NO_SSL3 patch for 3.0.1, 3.1 and 3.1.2

plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/002_openssl_no_ssl2.patch

@@ -1,75 +0,0 @@
-diff -r -u ./Lib/ssl.py ../Python-3.0.1/Lib/ssl.py
---- ./Lib/ssl.py	2009-01-04 08:47:58.000000000 +0900
-+++ ../Python-3.0.1/Lib/ssl.py	2013-05-08 19:58:59.000000000 +0900
-@@ -60,8 +60,20 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
--from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-                   PROTOCOL_TLSv1)
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import (
-     SSL_ERROR_ZERO_RETURN,
-@@ -434,13 +446,4 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
--    if protocol_code == PROTOCOL_TLSv1:
--        return "TLSv1"
--    elif protocol_code == PROTOCOL_SSLv23:
--        return "SSLv23"
--    elif protocol_code == PROTOCOL_SSLv2:
--        return "SSLv2"
--    elif protocol_code == PROTOCOL_SSLv3:
--        return "SSLv3"
--    else:
--        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
-diff -r -u ./Modules/_ssl.c ../Python-3.0.1/Modules/_ssl.c
---- ./Modules/_ssl.c	2009-02-03 05:41:29.000000000 +0900
-+++ ../Python-3.0.1/Modules/_ssl.c	2013-05-08 19:57:38.000000000 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
- 	PY_SSL_VERSION_SSL2,
-+#endif
- 	PY_SSL_VERSION_SSL3,
- 	PY_SSL_VERSION_SSL23,
- 	PY_SSL_VERSION_TLS1,
-@@ -299,8 +301,10 @@
- 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
- 	else if (proto_version == PY_SSL_VERSION_SSL3)
- 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
- 	else if (proto_version == PY_SSL_VERSION_SSL2)
- 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
- 	else if (proto_version == PY_SSL_VERSION_SSL23)
- 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
- 	PySSL_END_ALLOW_THREADS
-@@ -1691,8 +1695,10 @@
- 				PY_SSL_CERT_REQUIRED);
- 
- 	/* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
- 				PY_SSL_VERSION_SSL2);
-+#endif
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
- 				PY_SSL_VERSION_SSL3);
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",

plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/010_ssl_no_ssl2_no_ssl3.patch

@@ -0,0 +1,96 @@
+diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.1.2.orig/Lib/ssl.py	2010-01-18 09:16:17.000000000 +0000
++++ ./Lib/ssl.py	2015-12-20 07:36:08.545346519 +0000
+@@ -60,20 +60,23 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
++from _ssl import RAND_status, RAND_add
++try:
++    from _ssl import RAND_egd
++except ImportError:
++    # LibreSSL does not provide RAND_egd
++    pass
++
++def _import_symbols(prefix):
++    for n in dir(_ssl):
++        if n.startswith(prefix):
++            globals()[n] = getattr(_ssl, n)
++
++_import_symbols('OP_')
++_import_symbols('SSL_ERROR_')
++_import_symbols('PROTOCOL_')
++
++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ 
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+@@ -415,7 +418,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.1.2.orig/Modules/_ssl.c	2010-03-02 22:49:30.000000000 +0000
++++ ./Modules/_ssl.c	2015-12-20 07:35:02.675100987 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
++#ifndef OPENSSL_NO_SSL2
+ 	PY_SSL_VERSION_SSL2,
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PY_SSL_VERSION_SSL3,
++#endif
+ 	PY_SSL_VERSION_SSL23,
+ 	PY_SSL_VERSION_TLS1,
+ };
+@@ -299,10 +303,14 @@
+ 	PySSL_BEGIN_ALLOW_THREADS
+ 	if (proto_version == PY_SSL_VERSION_TLS1)
+ 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
++#ifndef OPENSSL_NO_SSL3
+ 	else if (proto_version == PY_SSL_VERSION_SSL3)
+ 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
++#endif
++#ifndef OPENSSL_NO_SSL2
+ 	else if (proto_version == PY_SSL_VERSION_SSL2)
+ 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
++#endif
+ 	else if (proto_version == PY_SSL_VERSION_SSL23)
+ 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+ 	PySSL_END_ALLOW_THREADS
+@@ -1698,10 +1706,14 @@
+ 				PY_SSL_CERT_REQUIRED);
+ 
+ 	/* protocol versions */
++#ifndef OPENSSL_NO_SSL2
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+ 				PY_SSL_VERSION_SSL2);
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+ 				PY_SSL_VERSION_SSL3);
++#endif
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+ 				PY_SSL_VERSION_SSL23);
+ 	PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/001_openssl_no_ssl2.patch

@@ -1,75 +0,0 @@
-diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py
---- ../Python-3.1/Lib/ssl.py	2009-06-04 18:42:55.000000000 +0900
-+++ ./Lib/ssl.py	2015-08-15 13:12:22.270915671 +0900
-@@ -60,8 +60,20 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
--from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-                   PROTOCOL_TLSv1)
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import (
-     SSL_ERROR_ZERO_RETURN,
-@@ -434,13 +446,4 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
--    if protocol_code == PROTOCOL_TLSv1:
--        return "TLSv1"
--    elif protocol_code == PROTOCOL_SSLv23:
--        return "SSLv23"
--    elif protocol_code == PROTOCOL_SSLv2:
--        return "SSLv2"
--    elif protocol_code == PROTOCOL_SSLv3:
--        return "SSLv3"
--    else:
--        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
-diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c
---- ../Python-3.1/Modules/_ssl.c	2009-05-06 07:31:58.000000000 +0900
-+++ ./Modules/_ssl.c	2015-08-15 13:13:23.812369742 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
- 	PY_SSL_VERSION_SSL2,
-+#endif
- 	PY_SSL_VERSION_SSL3,
- 	PY_SSL_VERSION_SSL23,
- 	PY_SSL_VERSION_TLS1,
-@@ -301,8 +303,10 @@
- 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
- 	else if (proto_version == PY_SSL_VERSION_SSL3)
- 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
- 	else if (proto_version == PY_SSL_VERSION_SSL2)
- 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
- 	else if (proto_version == PY_SSL_VERSION_SSL23)
- 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
- 	PySSL_END_ALLOW_THREADS
-@@ -1693,8 +1697,10 @@
- 				PY_SSL_CERT_REQUIRED);
- 
- 	/* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
- 				PY_SSL_VERSION_SSL2);
-+#endif
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
- 				PY_SSL_VERSION_SSL3);
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",

plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/010_ssl_no_ssl2_no_ssl3.patch

@@ -0,0 +1,96 @@
+diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.1.2.orig/Lib/ssl.py	2010-01-18 09:16:17.000000000 +0000
++++ ./Lib/ssl.py	2015-12-20 07:36:08.545346519 +0000
+@@ -60,20 +60,23 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
++from _ssl import RAND_status, RAND_add
++try:
++    from _ssl import RAND_egd
++except ImportError:
++    # LibreSSL does not provide RAND_egd
++    pass
++
++def _import_symbols(prefix):
++    for n in dir(_ssl):
++        if n.startswith(prefix):
++            globals()[n] = getattr(_ssl, n)
++
++_import_symbols('OP_')
++_import_symbols('SSL_ERROR_')
++_import_symbols('PROTOCOL_')
++
++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ 
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+@@ -415,7 +418,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.1.2.orig/Modules/_ssl.c	2010-03-02 22:49:30.000000000 +0000
++++ ./Modules/_ssl.c	2015-12-20 07:35:02.675100987 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
++#ifndef OPENSSL_NO_SSL2
+ 	PY_SSL_VERSION_SSL2,
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PY_SSL_VERSION_SSL3,
++#endif
+ 	PY_SSL_VERSION_SSL23,
+ 	PY_SSL_VERSION_TLS1,
+ };
+@@ -299,10 +303,14 @@
+ 	PySSL_BEGIN_ALLOW_THREADS
+ 	if (proto_version == PY_SSL_VERSION_TLS1)
+ 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
++#ifndef OPENSSL_NO_SSL3
+ 	else if (proto_version == PY_SSL_VERSION_SSL3)
+ 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
++#endif
++#ifndef OPENSSL_NO_SSL2
+ 	else if (proto_version == PY_SSL_VERSION_SSL2)
+ 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
++#endif
+ 	else if (proto_version == PY_SSL_VERSION_SSL23)
+ 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+ 	PySSL_END_ALLOW_THREADS
+@@ -1698,10 +1706,14 @@
+ 				PY_SSL_CERT_REQUIRED);
+ 
+ 	/* protocol versions */
++#ifndef OPENSSL_NO_SSL2
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+ 				PY_SSL_VERSION_SSL2);
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+ 				PY_SSL_VERSION_SSL3);
++#endif
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+ 				PY_SSL_VERSION_SSL23);
+ 	PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/001_openssl_no_ssl2.patch

@@ -1,75 +0,0 @@
-diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py
---- ../Python-3.1/Lib/ssl.py	2009-06-04 18:42:55.000000000 +0900
-+++ ./Lib/ssl.py	2015-08-15 13:12:22.270915671 +0900
-@@ -60,8 +60,20 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
--from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-                   PROTOCOL_TLSv1)
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import (
-     SSL_ERROR_ZERO_RETURN,
-@@ -434,13 +446,4 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
--    if protocol_code == PROTOCOL_TLSv1:
--        return "TLSv1"
--    elif protocol_code == PROTOCOL_SSLv23:
--        return "SSLv23"
--    elif protocol_code == PROTOCOL_SSLv2:
--        return "SSLv2"
--    elif protocol_code == PROTOCOL_SSLv3:
--        return "SSLv3"
--    else:
--        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
-diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c
---- ../Python-3.1/Modules/_ssl.c	2009-05-06 07:31:58.000000000 +0900
-+++ ./Modules/_ssl.c	2015-08-15 13:13:23.812369742 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
- 	PY_SSL_VERSION_SSL2,
-+#endif
- 	PY_SSL_VERSION_SSL3,
- 	PY_SSL_VERSION_SSL23,
- 	PY_SSL_VERSION_TLS1,
-@@ -301,8 +303,10 @@
- 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
- 	else if (proto_version == PY_SSL_VERSION_SSL3)
- 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
- 	else if (proto_version == PY_SSL_VERSION_SSL2)
- 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
- 	else if (proto_version == PY_SSL_VERSION_SSL23)
- 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
- 	PySSL_END_ALLOW_THREADS
-@@ -1693,8 +1697,10 @@
- 				PY_SSL_CERT_REQUIRED);
- 
- 	/* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
- 				PY_SSL_VERSION_SSL2);
-+#endif
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
- 				PY_SSL_VERSION_SSL3);
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",

plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/010_ssl_no_ssl2_no_ssl3.patch

@@ -0,0 +1,96 @@
+diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.1.2.orig/Lib/ssl.py	2010-01-18 09:16:17.000000000 +0000
++++ ./Lib/ssl.py	2015-12-20 07:36:08.545346519 +0000
+@@ -60,20 +60,23 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
++from _ssl import RAND_status, RAND_add
++try:
++    from _ssl import RAND_egd
++except ImportError:
++    # LibreSSL does not provide RAND_egd
++    pass
++
++def _import_symbols(prefix):
++    for n in dir(_ssl):
++        if n.startswith(prefix):
++            globals()[n] = getattr(_ssl, n)
++
++_import_symbols('OP_')
++_import_symbols('SSL_ERROR_')
++_import_symbols('PROTOCOL_')
++
++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ 
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+@@ -415,7 +418,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.1.2.orig/Modules/_ssl.c	2010-03-02 22:49:30.000000000 +0000
++++ ./Modules/_ssl.c	2015-12-20 07:35:02.675100987 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
++#ifndef OPENSSL_NO_SSL2
+ 	PY_SSL_VERSION_SSL2,
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PY_SSL_VERSION_SSL3,
++#endif
+ 	PY_SSL_VERSION_SSL23,
+ 	PY_SSL_VERSION_TLS1,
+ };
+@@ -299,10 +303,14 @@
+ 	PySSL_BEGIN_ALLOW_THREADS
+ 	if (proto_version == PY_SSL_VERSION_TLS1)
+ 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
++#ifndef OPENSSL_NO_SSL3
+ 	else if (proto_version == PY_SSL_VERSION_SSL3)
+ 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
++#endif
++#ifndef OPENSSL_NO_SSL2
+ 	else if (proto_version == PY_SSL_VERSION_SSL2)
+ 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
++#endif
+ 	else if (proto_version == PY_SSL_VERSION_SSL23)
+ 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+ 	PySSL_END_ALLOW_THREADS
+@@ -1698,10 +1706,14 @@
+ 				PY_SSL_CERT_REQUIRED);
+ 
+ 	/* protocol versions */
++#ifndef OPENSSL_NO_SSL2
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+ 				PY_SSL_VERSION_SSL2);
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+ 				PY_SSL_VERSION_SSL3);
++#endif
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+ 				PY_SSL_VERSION_SSL23);
+ 	PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",

plugins/python-build/share/python-build/patches/3.1/Python-3.1/001_openssl_no_ssl2.patch

@@ -1,75 +0,0 @@
-diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py
---- ../Python-3.1/Lib/ssl.py	2009-06-04 18:42:55.000000000 +0900
-+++ ./Lib/ssl.py	2015-08-15 13:12:22.270915671 +0900
-@@ -60,8 +60,20 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
--from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
-                   PROTOCOL_TLSv1)
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import (
-     SSL_ERROR_ZERO_RETURN,
-@@ -434,13 +446,4 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
--    if protocol_code == PROTOCOL_TLSv1:
--        return "TLSv1"
--    elif protocol_code == PROTOCOL_SSLv23:
--        return "SSLv23"
--    elif protocol_code == PROTOCOL_SSLv2:
--        return "SSLv2"
--    elif protocol_code == PROTOCOL_SSLv3:
--        return "SSLv3"
--    else:
--        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
-diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c
---- ../Python-3.1/Modules/_ssl.c	2009-05-06 07:31:58.000000000 +0900
-+++ ./Modules/_ssl.c	2015-08-15 13:13:23.812369742 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
- 	PY_SSL_VERSION_SSL2,
-+#endif
- 	PY_SSL_VERSION_SSL3,
- 	PY_SSL_VERSION_SSL23,
- 	PY_SSL_VERSION_TLS1,
-@@ -301,8 +303,10 @@
- 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
- 	else if (proto_version == PY_SSL_VERSION_SSL3)
- 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
- 	else if (proto_version == PY_SSL_VERSION_SSL2)
- 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
- 	else if (proto_version == PY_SSL_VERSION_SSL23)
- 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
- 	PySSL_END_ALLOW_THREADS
-@@ -1693,8 +1697,10 @@
- 				PY_SSL_CERT_REQUIRED);
- 
- 	/* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
- 				PY_SSL_VERSION_SSL2);
-+#endif
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
- 				PY_SSL_VERSION_SSL3);
- 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",

plugins/python-build/share/python-build/patches/3.1/Python-3.1/010_ssl_no_ssl2_no_ssl3.patch

@@ -0,0 +1,96 @@
+diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.1.2.orig/Lib/ssl.py	2010-01-18 09:16:17.000000000 +0000
++++ ./Lib/ssl.py	2015-12-20 07:36:08.545346519 +0000
+@@ -60,20 +60,23 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
++from _ssl import RAND_status, RAND_add
++try:
++    from _ssl import RAND_egd
++except ImportError:
++    # LibreSSL does not provide RAND_egd
++    pass
++
++def _import_symbols(prefix):
++    for n in dir(_ssl):
++        if n.startswith(prefix):
++            globals()[n] = getattr(_ssl, n)
++
++_import_symbols('OP_')
++_import_symbols('SSL_ERROR_')
++_import_symbols('PROTOCOL_')
++
++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ 
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+@@ -415,7 +418,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.1.2.orig/Modules/_ssl.c	2010-03-02 22:49:30.000000000 +0000
++++ ./Modules/_ssl.c	2015-12-20 07:35:02.675100987 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
++#ifndef OPENSSL_NO_SSL2
+ 	PY_SSL_VERSION_SSL2,
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PY_SSL_VERSION_SSL3,
++#endif
+ 	PY_SSL_VERSION_SSL23,
+ 	PY_SSL_VERSION_TLS1,
+ };
+@@ -299,10 +303,14 @@
+ 	PySSL_BEGIN_ALLOW_THREADS
+ 	if (proto_version == PY_SSL_VERSION_TLS1)
+ 		self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
++#ifndef OPENSSL_NO_SSL3
+ 	else if (proto_version == PY_SSL_VERSION_SSL3)
+ 		self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
++#endif
++#ifndef OPENSSL_NO_SSL2
+ 	else if (proto_version == PY_SSL_VERSION_SSL2)
+ 		self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
++#endif
+ 	else if (proto_version == PY_SSL_VERSION_SSL23)
+ 		self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+ 	PySSL_END_ALLOW_THREADS
+@@ -1698,10 +1706,14 @@
+ 				PY_SSL_CERT_REQUIRED);
+ 
+ 	/* protocol versions */
++#ifndef OPENSSL_NO_SSL2
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+ 				PY_SSL_VERSION_SSL2);
++#endif
++#ifndef OPENSSL_NO_SSL3
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+ 				PY_SSL_VERSION_SSL3);
++#endif
+ 	PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+ 				PY_SSL_VERSION_SSL23);
+ 	PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",