bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395)

author: Donald Stufft <donald@stufft.io> 2017-03-02 16:45:29 (GMT)
committer: GitHub <noreply@github.com> 2017-03-02 16:45:29 (GMT)
commit: 8ae264ce6dfcd6923d7bbde0e975389bea7d9881 (patch)
tree: c93f54ea586141611c5f0bdd240c0271ab5b8591 /Modules
parent: c643a967dd7d33ccefa5b61b38caf40b448057ce (diff)
download: cpython-8ae264ce6dfcd6923d7bbde0e975389bea7d9881.zip
cpython-8ae264ce6dfcd6923d7bbde0e975389bea7d9881.tar.gz
cpython-8ae264ce6dfcd6923d7bbde0e975389bea7d9881.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 1e9a707..421e0b6 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2728,12 +2728,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
 #endif
 
 
-#ifndef OPENSSL_NO_ECDH
+#if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1)
     /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
        prime256v1 by default.  This is Apache mod_ssl's initialization
        policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
      */
-#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
+#if defined(SSL_CTX_set_ecdh_auto)
     SSL_CTX_set_ecdh_auto(self->ctx, 1);
 #else
     {
author	Donald Stufft <donald@stufft.io>	2017-03-02 16:45:29 (GMT)
committer	GitHub <noreply@github.com>	2017-03-02 16:45:29 (GMT)
commit	8ae264ce6dfcd6923d7bbde0e975389bea7d9881 (patch)
tree	c93f54ea586141611c5f0bdd240c0271ab5b8591 /Modules
parent	c643a967dd7d33ccefa5b61b38caf40b448057ce (diff)
download	cpython-8ae264ce6dfcd6923d7bbde0e975389bea7d9881.zip cpython-8ae264ce6dfcd6923d7bbde0e975389bea7d9881.tar.gz cpython-8ae264ce6dfcd6923d7bbde0e975389bea7d9881.tar.bz2