Merge pull request #507 from yyuu/openssl-no-ssl3

`OPENSSL_NO_SSL3` patch for 2.6, 2.7, 3.3 and 3.4
2025-04-10 11:45:20 +00:00 · 2015-12-18 23:59:25 +09:00 · 2015-12-18 23:59:25 +09:00 · 9f1daac9f7
commit 9f1daac9f7
parent d6e0120cc8 471fa24531
38 changed files with 2251 additions and 502 deletions
--- a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
-diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
--- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
-+++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
-@@ -61,7 +61,19 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import \
-      SSL_ERROR_ZERO_RETURN, \
-@@ -402,16 +414,7 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
-    if protocol_code == PROTOCOL_TLSv1:
-        return "TLSv1"
-    elif protocol_code == PROTOCOL_SSLv23:
-        return "SSLv23"
-    elif protocol_code == PROTOCOL_SSLv2:
-        return "SSLv2"
-    elif protocol_code == PROTOCOL_SSLv3:
-        return "SSLv3"
-    else:
-        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
- 
- 
- # a replacement for the old socket.ssl function
-diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
--- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
-+++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
-     PY_SSL_VERSION_SSL2,
-+#endif
-     PY_SSL_VERSION_SSL3,
-     PY_SSL_VERSION_SSL23,
-     PY_SSL_VERSION_TLS1
-@@ -302,8 +304,10 @@
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
-     else if (proto_version == PY_SSL_VERSION_SSL23)
-         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
-     PySSL_END_ALLOW_THREADS
-@@ -1688,8 +1692,10 @@
-                             PY_SSL_CERT_REQUIRED);
- 
-     /* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
-                             PY_SSL_VERSION_SSL2);
-+#endif
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
-                             PY_SSL_VERSION_SSL3);
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.6/Python-2.6.6/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,95 @@
+diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.6.8.orig/Lib/ssl.py	2012-04-10 15:32:06.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:46:36.487188331 +0000
+@@ -61,18 +61,24 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
+ 
+ from socket import socket, _fileobject, _delegate_methods
+ from socket import error as socket_error
+@@ -382,7 +388,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.6.8.orig/Modules/_ssl.c	2012-04-10 15:32:09.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:45:30.419597074 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
+#ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -300,10 +304,14 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+#ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+#endif
+     else if (proto_version == PY_SSL_VERSION_SSL23)
+         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+     PySSL_END_ALLOW_THREADS
+@@ -1688,10 +1696,14 @@
+                             PY_SSL_CERT_REQUIRED);
+ 
+     /* protocol versions */
+#ifndef OPENSSL_NO_SSL2
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
-diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
--- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
-+++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
-@@ -61,7 +61,19 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import \
-      SSL_ERROR_ZERO_RETURN, \
-@@ -402,16 +414,7 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
-    if protocol_code == PROTOCOL_TLSv1:
-        return "TLSv1"
-    elif protocol_code == PROTOCOL_SSLv23:
-        return "SSLv23"
-    elif protocol_code == PROTOCOL_SSLv2:
-        return "SSLv2"
-    elif protocol_code == PROTOCOL_SSLv3:
-        return "SSLv3"
-    else:
-        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
- 
- 
- # a replacement for the old socket.ssl function
-diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
--- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
-+++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
-     PY_SSL_VERSION_SSL2,
-+#endif
-     PY_SSL_VERSION_SSL3,
-     PY_SSL_VERSION_SSL23,
-     PY_SSL_VERSION_TLS1
-@@ -302,8 +304,10 @@
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
-     else if (proto_version == PY_SSL_VERSION_SSL23)
-         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
-     PySSL_END_ALLOW_THREADS
-@@ -1688,8 +1692,10 @@
-                             PY_SSL_CERT_REQUIRED);
- 
-     /* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
-                             PY_SSL_VERSION_SSL2);
-+#endif
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
-                             PY_SSL_VERSION_SSL3);
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.7/Python-2.6.7/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,95 @@
+diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.6.8.orig/Lib/ssl.py	2012-04-10 15:32:06.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:46:36.487188331 +0000
+@@ -61,18 +61,24 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
+ 
+ from socket import socket, _fileobject, _delegate_methods
+ from socket import error as socket_error
+@@ -382,7 +388,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.6.8.orig/Modules/_ssl.c	2012-04-10 15:32:09.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:45:30.419597074 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
+#ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -300,10 +304,14 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+#ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+#endif
+     else if (proto_version == PY_SSL_VERSION_SSL23)
+         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+     PySSL_END_ALLOW_THREADS
+@@ -1688,10 +1696,14 @@
+                             PY_SSL_CERT_REQUIRED);
+ 
+     /* protocol versions */
+#ifndef OPENSSL_NO_SSL2
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
-diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
--- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
-+++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
-@@ -61,7 +61,19 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import \
-      SSL_ERROR_ZERO_RETURN, \
-@@ -402,16 +414,7 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
-    if protocol_code == PROTOCOL_TLSv1:
-        return "TLSv1"
-    elif protocol_code == PROTOCOL_SSLv23:
-        return "SSLv23"
-    elif protocol_code == PROTOCOL_SSLv2:
-        return "SSLv2"
-    elif protocol_code == PROTOCOL_SSLv3:
-        return "SSLv3"
-    else:
-        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
- 
- 
- # a replacement for the old socket.ssl function
-diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
--- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
-+++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
-     PY_SSL_VERSION_SSL2,
-+#endif
-     PY_SSL_VERSION_SSL3,
-     PY_SSL_VERSION_SSL23,
-     PY_SSL_VERSION_TLS1
-@@ -302,8 +304,10 @@
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
-     else if (proto_version == PY_SSL_VERSION_SSL23)
-         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
-     PySSL_END_ALLOW_THREADS
-@@ -1688,8 +1692,10 @@
-                             PY_SSL_CERT_REQUIRED);
- 
-     /* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
-                             PY_SSL_VERSION_SSL2);
-+#endif
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
-                             PY_SSL_VERSION_SSL3);
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.8/Python-2.6.8/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,95 @@
+diff -r -u ../Python-2.6.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.6.8.orig/Lib/ssl.py	2012-04-10 15:32:06.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:46:36.487188331 +0000
+@@ -61,18 +61,24 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
+ 
+ from socket import socket, _fileobject, _delegate_methods
+ from socket import error as socket_error
+@@ -382,7 +388,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.6.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.6.8.orig/Modules/_ssl.c	2012-04-10 15:32:09.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:45:30.419597074 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
+#ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -300,10 +304,14 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+#ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+#endif
+     else if (proto_version == PY_SSL_VERSION_SSL23)
+         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+     PySSL_END_ALLOW_THREADS
+@@ -1688,10 +1696,14 @@
+                             PY_SSL_CERT_REQUIRED);
+ 
+     /* protocol versions */
+#ifndef OPENSSL_NO_SSL2
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.6.9/Python-2.6.9/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,91 @@
+diff -r -u ../Python-2.6.9.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.6.9.orig/Lib/ssl.py	2013-10-29 15:04:37.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:39:22.213215077 +0000
+@@ -61,18 +61,24 @@
+ 
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = dict([(value, name) for name, value in globals().items() if name.startswith('PROTOCOL_')])
+ 
+ from socket import socket, _fileobject, _delegate_methods
+ from socket import error as socket_error
+@@ -382,7 +388,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.6.9.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.6.9.orig/Modules/_ssl.c	2013-10-29 15:04:38.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:32:08.051962468 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
+#ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -300,8 +304,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1746,10 +1752,14 @@
+                             PY_SSL_CERT_REQUIRED);
+ 
+     /* protocol versions */
+#ifndef OPENSSL_NO_SSL2
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
-diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
--- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
-+++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
-@@ -61,7 +61,19 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import \
-      SSL_ERROR_ZERO_RETURN, \
-@@ -402,16 +414,7 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
-    if protocol_code == PROTOCOL_TLSv1:
-        return "TLSv1"
-    elif protocol_code == PROTOCOL_SSLv23:
-        return "SSLv23"
-    elif protocol_code == PROTOCOL_SSLv2:
-        return "SSLv2"
-    elif protocol_code == PROTOCOL_SSLv3:
-        return "SSLv3"
-    else:
-        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
- 
- 
- # a replacement for the old socket.ssl function
-diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
--- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
-+++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
-     PY_SSL_VERSION_SSL2,
-+#endif
-     PY_SSL_VERSION_SSL3,
-     PY_SSL_VERSION_SSL23,
-     PY_SSL_VERSION_TLS1
-@@ -302,8 +304,10 @@
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
-     else if (proto_version == PY_SSL_VERSION_SSL23)
-         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
-     PySSL_END_ALLOW_THREADS
-@@ -1688,8 +1692,10 @@
-                             PY_SSL_CERT_REQUIRED);
- 
-     /* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
-                             PY_SSL_VERSION_SSL2);
-+#endif
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
-                             PY_SSL_VERSION_SSL3);
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.1/Python-2.7.1/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,100 @@
+diff -r -u ../Python-2.7.1.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.1.orig/Lib/ssl.py	2010-09-14 14:37:18.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:14:39.089679248 +0000
+@@ -62,18 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+    _SSLv2_IF_EXISTS = None
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -388,7 +399,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.1.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.1.orig/Modules/_ssl.c	2010-10-13 22:10:31.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:18:21.612222848 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
+#ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -300,10 +304,14 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+#ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+#endif
+     else if (proto_version == PY_SSL_VERSION_SSL23)
+         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+     PySSL_END_ALLOW_THREADS
+@@ -1706,10 +1714,14 @@
+                             PY_SSL_CERT_REQUIRED);
+ 
+     /* protocol versions */
+#ifndef OPENSSL_NO_SSL2
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.2/Python-2.7.2/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.2.orig/Lib/ssl.py	2011-06-11 15:46:25.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 13:55:37.444270735 +0000
+@@ -62,29 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+    _SSLv2_IF_EXISTS = None
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -416,7 +416,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.2.orig/Modules/_ssl.c	2011-06-11 15:46:27.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 13:49:22.254728756 +0000
+@@ -65,7 +65,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -302,8 +304,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1716,8 +1720,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
+Only in ./Modules: _ssl.c.orig
--- a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.8.orig/Lib/ssl.py	2014-06-30 02:05:31.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:04:15.266072550 +0000
+@@ -62,30 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+-    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+     _SSLv2_IF_EXISTS = None
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -436,7 +435,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.8.orig/Modules/_ssl.c	2014-06-30 02:05:42.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:02:42.618029896 +0000
+@@ -67,7 +67,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -306,8 +308,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1808,8 +1812,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.8.orig/Lib/ssl.py	2014-06-30 02:05:31.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:04:15.266072550 +0000
+@@ -62,30 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+-    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+     _SSLv2_IF_EXISTS = None
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -436,7 +435,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.8.orig/Modules/_ssl.c	2014-06-30 02:05:42.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:02:42.618029896 +0000
+@@ -67,7 +67,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -306,8 +308,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1808,8 +1812,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.8.orig/Lib/ssl.py	2014-06-30 02:05:31.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:04:15.266072550 +0000
+@@ -62,30 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+-    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+     _SSLv2_IF_EXISTS = None
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -436,7 +435,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.8.orig/Modules/_ssl.c	2014-06-30 02:05:42.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:02:42.618029896 +0000
+@@ -67,7 +67,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -306,8 +308,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1808,8 +1812,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.8.orig/Lib/ssl.py	2014-06-30 02:05:31.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:04:15.266072550 +0000
+@@ -62,30 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+-    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+     _SSLv2_IF_EXISTS = None
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -436,7 +435,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.8.orig/Modules/_ssl.c	2014-06-30 02:05:42.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:02:42.618029896 +0000
+@@ -67,7 +67,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -306,8 +308,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1808,8 +1812,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.8.orig/Lib/ssl.py	2014-06-30 02:05:31.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:04:15.266072550 +0000
+@@ -62,30 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+-    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+     _SSLv2_IF_EXISTS = None
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -436,7 +435,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.8.orig/Modules/_ssl.c	2014-06-30 02:05:42.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:02:42.618029896 +0000
+@@ -67,7 +67,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -306,8 +308,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1808,8 +1812,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch
@ -0,0 +1,98 @@
+diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.8.orig/Lib/ssl.py	2014-06-30 02:05:31.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:04:15.266072550 +0000
+@@ -62,30 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+from _ssl import RAND_status, RAND_add
+ try:
+-    from _ssl import PROTOCOL_SSLv2
+-    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+     _SSLv2_IF_EXISTS = None
+-else:
+-    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -436,7 +435,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.8.orig/Modules/_ssl.c	2014-06-30 02:05:42.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:02:42.618029896 +0000
+@@ -67,7 +67,9 @@
+ #ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3=1,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -306,8 +308,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1808,8 +1812,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7.9/Python-2.7.9/010_ssl_no_ssl3.patch
@ -0,0 +1,17 @@
+diff -r -u ../Python-2.7.9.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.9.orig/Lib/ssl.py	2014-12-10 15:59:40.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:09:51.218138658 +0000
+@@ -106,7 +106,12 @@
+ from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
+     VERIFY_X509_STRICT)
+ from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
+-from _ssl import RAND_status, RAND_egd, RAND_add
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+ 
+ def _import_symbols(prefix):
+     for n in dir(_ssl):
--- a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/001_openssl_no_ssl2.patch
+++ b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/001_openssl_no_ssl2.patch
@ -1,77 +0,0 @@
-diff -r -u ./Lib/ssl.py ../Python-2.6.8/Lib/ssl.py
--- ./Lib/ssl.py	2012-04-11 00:32:06.000000000 +0900
-+++ ../Python-2.6.8/Lib/ssl.py	2013-05-08 19:44:49.000000000 +0900
-@@ -61,7 +61,19 @@
- 
- from _ssl import SSLError
- from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
-+_PROTOCOL_NAMES = {
-+    PROTOCOL_TLSv1: "TLSv1",
-+    PROTOCOL_SSLv23: "SSLv23",
-+    PROTOCOL_SSLv3: "SSLv3",
-+}
-+try:
-+    from _ssl import PROTOCOL_SSLv2
-+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
-+except ImportError:
-+    _SSLv2_IF_EXISTS = None
-+else:
-+    _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
- from _ssl import RAND_status, RAND_egd, RAND_add
- from _ssl import \
-      SSL_ERROR_ZERO_RETURN, \
-@@ -402,16 +414,7 @@
-     return DER_cert_to_PEM_cert(dercert)
- 
- def get_protocol_name(protocol_code):
-    if protocol_code == PROTOCOL_TLSv1:
-        return "TLSv1"
-    elif protocol_code == PROTOCOL_SSLv23:
-        return "SSLv23"
-    elif protocol_code == PROTOCOL_SSLv2:
-        return "SSLv2"
-    elif protocol_code == PROTOCOL_SSLv3:
-        return "SSLv3"
-    else:
-        return "<unknown>"
-+    return _PROTOCOL_NAMES.get(protocol_code, '<unknown>')
- 
- 
- # a replacement for the old socket.ssl function
-diff -r -u ./Modules/_ssl.c ../Python-2.6.8/Modules/_ssl.c
--- ./Modules/_ssl.c	2012-04-11 00:32:09.000000000 +0900
-+++ ../Python-2.6.8/Modules/_ssl.c	2013-05-08 17:34:38.000000000 +0900
-@@ -62,7 +62,9 @@
- };
- 
- enum py_ssl_version {
-+#ifndef OPENSSL_NO_SSL2
-     PY_SSL_VERSION_SSL2,
-+#endif
-     PY_SSL_VERSION_SSL3,
-     PY_SSL_VERSION_SSL23,
-     PY_SSL_VERSION_TLS1
-@@ -302,8 +304,10 @@
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
-+#endif
-     else if (proto_version == PY_SSL_VERSION_SSL23)
-         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
-     PySSL_END_ALLOW_THREADS
-@@ -1688,8 +1692,10 @@
-                             PY_SSL_CERT_REQUIRED);
- 
-     /* protocol versions */
-+#ifndef OPENSSL_NO_SSL2
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
-                             PY_SSL_VERSION_SSL2);
-+#endif
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
-                             PY_SSL_VERSION_SSL3);
-     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
--- a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/004_openssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/004_openssl_no_ssl3.patch
@ -1,13 +0,0 @@
--- Modules/_ssl.c.orig	2015-12-06 09:38:40.581734108 -0500
-+++ Modules/_ssl.c	2015-12-06 09:40:29.953991951 -0500
-@@ -302,8 +302,10 @@
-     PySSL_BEGIN_ALLOW_THREADS
-     if (proto_version == PY_SSL_VERSION_TLS1)
-         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
-+#ifndef OPENSSL_NO_SSL3
-     else if (proto_version == PY_SSL_VERSION_SSL3)
-         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
-+#endif
- #ifndef OPENSSL_NO_SSL2
-     else if (proto_version == PY_SSL_VERSION_SSL2)
-         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- a/plugins/python-build/share/python-build/patches/2.7/Python-2.7/010_ssl_no_ssl2_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/2.7/Python-2.7/010_ssl_no_ssl2_no_ssl3.patch
@ -0,0 +1,100 @@
+diff -r -u ../Python-2.7.1.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-2.7.1.orig/Lib/ssl.py	2010-09-14 14:37:18.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 14:14:39.089679248 +0000
+@@ -62,18 +62,29 @@
+ from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
+ from _ssl import SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
+-from _ssl import \
+-     SSL_ERROR_ZERO_RETURN, \
+-     SSL_ERROR_WANT_READ, \
+-     SSL_ERROR_WANT_WRITE, \
+-     SSL_ERROR_WANT_X509_LOOKUP, \
+-     SSL_ERROR_SYSCALL, \
+-     SSL_ERROR_SSL, \
+-     SSL_ERROR_WANT_CONNECT, \
+-     SSL_ERROR_EOF, \
+-     SSL_ERROR_INVALID_ERROR_CODE
+from _ssl import RAND_status, RAND_add
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('ALERT_DESCRIPTION_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+
+try:
+    _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+except NameError:
+    _SSLv2_IF_EXISTS = None
+ 
+ from socket import socket, _fileobject, _delegate_methods, error as socket_error
+ from socket import getnameinfo as _getnameinfo
+@@ -388,7 +399,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodestring(d)
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ 
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+diff -r -u ../Python-2.7.1.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-2.7.1.orig/Modules/_ssl.c	2010-10-13 22:10:31.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 14:18:21.612222848 +0000
+@@ -62,8 +62,12 @@
+ };
+ 
+ enum py_ssl_version {
+#ifndef OPENSSL_NO_SSL2
+     PY_SSL_VERSION_SSL2,
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PY_SSL_VERSION_SSL3,
+#endif
+     PY_SSL_VERSION_SSL23,
+     PY_SSL_VERSION_TLS1
+ };
+@@ -300,10 +304,14 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
+#ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+#endif
+     else if (proto_version == PY_SSL_VERSION_SSL23)
+         self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
+     PySSL_END_ALLOW_THREADS
+@@ -1706,10 +1714,14 @@
+                             PY_SSL_CERT_REQUIRED);
+ 
+     /* protocol versions */
+#ifndef OPENSSL_NO_SSL2
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+#endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch
@ -0,0 +1,108 @@
+diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.3.6.orig/Lib/ssl.py	2014-10-12 07:03:53.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 12:49:03.860983039 +0000
+@@ -66,40 +66,27 @@
+     SSLSyscallError, SSLEOFError,
+     )
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+-from _ssl import (
+-    OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1,
+-    OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE
+-    )
+-try:
+-    from _ssl import OP_NO_COMPRESSION
+-except ImportError:
+-    pass
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+ try:
+-    from _ssl import OP_SINGLE_ECDH_USE
+    from _ssl import RAND_egd
+ except ImportError:
+    # LibreSSL does not provide RAND_egd
+     pass
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+-from _ssl import (
+-    SSL_ERROR_ZERO_RETURN,
+-    SSL_ERROR_WANT_READ,
+-    SSL_ERROR_WANT_WRITE,
+-    SSL_ERROR_WANT_X509_LOOKUP,
+-    SSL_ERROR_SYSCALL,
+-    SSL_ERROR_SSL,
+-    SSL_ERROR_WANT_CONNECT,
+-    SSL_ERROR_EOF,
+-    SSL_ERROR_INVALID_ERROR_CODE,
+-    )
+
+def _import_symbols(prefix):
+    for n in dir(_ssl):
+        if n.startswith(prefix):
+            globals()[n] = getattr(_ssl, n)
+
+_import_symbols('OP_')
+_import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+-                  PROTOCOL_TLSv1)
+
+ from _ssl import _OPENSSL_API_VERSION
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -108,6 +95,14 @@
+ else:
+     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+ 
+try:
+    from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
+except ImportError:
+    pass
+else:
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
+    _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+ from socket import socket, AF_INET, SOCK_STREAM, create_connection
+@@ -664,7 +659,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.3.6.orig/Modules/_ssl.c	2014-10-12 07:03:53.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 12:41:01.706137147 +0000
+@@ -1746,8 +1746,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -2842,8 +2844,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.4.0/Python-3.4.0/010_ssl_no_ssl3.patch
@ -0,0 +1,72 @@
+diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.4.2.orig/Lib/ssl.py	2014-10-08 08:18:12.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 13:34:24.530051626 +0000
+@@ -106,7 +106,12 @@
+ from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
+     VERIFY_X509_STRICT)
+ from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+ 
+ def _import_symbols(prefix):
+     for n in dir(_ssl):
+@@ -116,18 +121,14 @@
+ _import_symbols('OP_')
+ _import_symbols('ALERT_DESCRIPTION_')
+ _import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+ 
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+ 
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+ from _ssl import _OPENSSL_API_VERSION
+ 
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -922,7 +923,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.4.2.orig/Modules/_ssl.c	2014-10-08 08:18:15.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 13:32:44.967611074 +0000
+@@ -2016,8 +2016,10 @@
+     else if (proto_version == PY_SSL_VERSION_TLS1_2)
+         ctx = SSL_CTX_new(TLSv1_2_method());
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -4071,8 +4073,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.4.1/Python-3.4.1/010_ssl_no_ssl3.patch
@ -0,0 +1,72 @@
+diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.4.2.orig/Lib/ssl.py	2014-10-08 08:18:12.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 13:34:24.530051626 +0000
+@@ -106,7 +106,12 @@
+ from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
+     VERIFY_X509_STRICT)
+ from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+ 
+ def _import_symbols(prefix):
+     for n in dir(_ssl):
+@@ -116,18 +121,14 @@
+ _import_symbols('OP_')
+ _import_symbols('ALERT_DESCRIPTION_')
+ _import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+ 
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+ 
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+ from _ssl import _OPENSSL_API_VERSION
+ 
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -922,7 +923,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.4.2.orig/Modules/_ssl.c	2014-10-08 08:18:15.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 13:32:44.967611074 +0000
+@@ -2016,8 +2016,10 @@
+     else if (proto_version == PY_SSL_VERSION_TLS1_2)
+         ctx = SSL_CTX_new(TLSv1_2_method());
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -4071,8 +4073,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- a/plugins/python-build/share/python-build/patches/3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch
+++ b/plugins/python-build/share/python-build/patches/3.4.2/Python-3.4.2/010_ssl_no_ssl3.patch
@ -0,0 +1,72 @@
+diff -r -u ../Python-3.4.2.orig/Lib/ssl.py ./Lib/ssl.py
+--- ../Python-3.4.2.orig/Lib/ssl.py	2014-10-08 08:18:12.000000000 +0000
+++ ./Lib/ssl.py	2015-12-18 13:34:24.530051626 +0000
+@@ -106,7 +106,12 @@
+ from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
+     VERIFY_X509_STRICT)
+ from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
+-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+ 
+ def _import_symbols(prefix):
+     for n in dir(_ssl):
+@@ -116,18 +121,14 @@
+ _import_symbols('OP_')
+ _import_symbols('ALERT_DESCRIPTION_')
+ _import_symbols('SSL_ERROR_')
+_import_symbols('PROTOCOL_')
+ 
+ from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
+ 
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
+ from _ssl import _OPENSSL_API_VERSION
+ 
+ 
+-_PROTOCOL_NAMES = {
+-    PROTOCOL_TLSv1: "TLSv1",
+-    PROTOCOL_SSLv23: "SSLv23",
+-    PROTOCOL_SSLv3: "SSLv3",
+-}
+_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')}
+ try:
+     from _ssl import PROTOCOL_SSLv2
+     _SSLv2_IF_EXISTS = PROTOCOL_SSLv2
+@@ -922,7 +923,7 @@
+     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+     return base64.decodebytes(d.encode('ASCII', 'strict'))
+ 
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+     """Retrieve the certificate from the server at the specified address,
+     and return it as a PEM-encoded string.
+     If 'ca_certs' is specified, validate the server cert against it.
+diff -r -u ../Python-3.4.2.orig/Modules/_ssl.c ./Modules/_ssl.c
+--- ../Python-3.4.2.orig/Modules/_ssl.c	2014-10-08 08:18:15.000000000 +0000
+++ ./Modules/_ssl.c	2015-12-18 13:32:44.967611074 +0000
+@@ -2016,8 +2016,10 @@
+     else if (proto_version == PY_SSL_VERSION_TLS1_2)
+         ctx = SSL_CTX_new(TLSv1_2_method());
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         ctx = SSL_CTX_new(SSLv3_method());
+#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         ctx = SSL_CTX_new(SSLv2_method());
+@@ -4071,8 +4073,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
+#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
+#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",