File no-strict-openssl111-dep.patch of Package saltbundlepy

Overview Repositories Revisions Requests Users Attributes Meta

File no-strict-openssl111-dep.patch of Package saltbundlepy

--- a/Modules/clinic/_ssl.c.h
+++ b/Modules/clinic/_ssl.c.h
@@ -88,6 +88,7 @@
     return return_value;
 }
 
+#if OPENSSL_VERSION_1_1
 PyDoc_STRVAR(_ssl__SSLSocket_get_verified_chain__doc__,
 "get_verified_chain($self, /)\n"
 "--\n"
@@ -121,6 +122,7 @@
 {
     return _ssl__SSLSocket_get_unverified_chain_impl(self);
 }
+#endif
 
 PyDoc_STRVAR(_ssl__SSLSocket_shared_ciphers__doc__,
 "shared_ciphers($self, /)\n"
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -43,12 +43,55 @@
 #  error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
 #endif
 
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+/* OpenSSL < 1.1.0 */
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+HMAC_CTX *
+HMAC_CTX_new(void)
+{
+    HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
+    if (ctx != NULL) {
+        memset(ctx, 0, sizeof(HMAC_CTX));
+        HMAC_CTX_init(ctx);
+    }
+    return ctx;
+}
+
+void
+HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (ctx != NULL) {
+        HMAC_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+const EVP_MD *
+HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+    return ctx->md;
+}
+#endif
+
 #define MUNCH_SIZE INT_MAX
 
+#if ! ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
+/* OpenSSL < 1.1.0 */
 #define PY_OPENSSL_HAS_SCRYPT 1
+#endif
+#ifdef NID_sha512_224
+#define PY_OPENSSL_HAS_SHA2_TRUNCATED 1
+#endif
+#ifdef NID_sha3_224
 #define PY_OPENSSL_HAS_SHA3 1
+#endif
+#ifdef NID_shake128
 #define PY_OPENSSL_HAS_SHAKE 1
+#endif
+#ifdef NID_blake2s256
 #define PY_OPENSSL_HAS_BLAKE2 1
+#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #define PY_EVP_MD EVP_MD
@@ -119,20 +162,28 @@
     PY_HASH_ENTRY(Py_hash_sha256, "SHA256", SN_sha256, NID_sha256),
     PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384),
     PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512),
+#ifdef PY_OPENSSL_HAS_SHA2_TRUNCATED
     /* truncated sha2 */
     PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224),
     PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256),
+#endif
+#ifdef PY_OPENSSL_HAS_SHA3
     /* sha3 */
     PY_HASH_ENTRY(Py_hash_sha3_224, NULL, SN_sha3_224, NID_sha3_224),
     PY_HASH_ENTRY(Py_hash_sha3_256, NULL, SN_sha3_256, NID_sha3_256),
     PY_HASH_ENTRY(Py_hash_sha3_384, NULL, SN_sha3_384, NID_sha3_384),
     PY_HASH_ENTRY(Py_hash_sha3_512, NULL, SN_sha3_512, NID_sha3_512),
+#endif
+#ifdef PY_OPENSSL_HAS_SHAKE
     /* sha3 shake */
     PY_HASH_ENTRY(Py_hash_shake_128, NULL, SN_shake128, NID_shake128),
     PY_HASH_ENTRY(Py_hash_shake_256, NULL, SN_shake256, NID_shake256),
+#endif
+#ifdef PY_OPENSSL_HAS_BLAKE
     /* blake2 digest */
     PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256),
     PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512),
+#endif
     PY_HASH_ENTRY(NULL, NULL, NULL, 0),
 };
 
@@ -873,11 +924,15 @@
         goto exit;
     }
 
+#ifdef PY_OPENSSL_HAS_SHAKE
     if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) {
         type = get_hashlib_state(module)->EVPXOFtype;
     } else {
         type = get_hashlib_state(module)->EVPtype;
     }
+#else
+    type = get_hashlib_state(module)->EVPtype;
+#endif
 
     self = newEVPobject(type);
     if (self == NULL) {
--- a/Modules/_ssl/cert.c
+++ b/Modules/_ssl/cert.c
@@ -6,6 +6,8 @@
 #include "openssl/pem.h"
 #include "openssl/x509.h"
 
+#if OPENSSL_VERSION_1_1
+
 /*[clinic input]
 module _ssl
 class _ssl.Certificate "PySSLCertificate *" "PySSLCertificate_Type"
@@ -243,3 +245,5 @@
     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION | Py_TPFLAGS_IMMUTABLETYPE,
     PySSLCertificate_slots,
 };
+
+#endif
--- a/Modules/_ssl/debughelpers.c
+++ b/Modules/_ssl/debughelpers.c
@@ -114,6 +114,8 @@
     return 0;
 }
 
+#ifdef HAVE_OPENSSL_KEYLOG
+
 static void
 _PySSL_keylog_callback(const SSL *ssl, const char *line)
 {
@@ -217,3 +219,5 @@
     SSL_CTX_set_keylog_callback(self->ctx, _PySSL_keylog_callback);
     return 0;
 }
+
+#endif
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -117,6 +117,7 @@
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 #include "_ssl_data_300.h"
 #elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+#define HAVE_OPENSSL_KEYLOG 1
 #include "_ssl_data_111.h"
 #else
 #include "_ssl_data.h"
@@ -143,6 +144,76 @@
 /* OpenSSL 1.1 does not have SSL 2.0 */
 #define OPENSSL_NO_SSL2
 
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
+
+#define TLS_method SSLv23_method
+#define TLS_client_method SSLv23_client_method
+#define TLS_server_method SSLv23_server_method
+#define ASN1_STRING_get0_data ASN1_STRING_data
+#define X509_get0_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#define OpenSSL_version_num SSLeay
+#define OpenSSL_version SSLeay_version
+#define OPENSSL_VERSION SSLEAY_VERSION
+static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+    return ne->set;
+}
+
+#ifndef OPENSSL_NO_COMP
+/* LCOV_EXCL_START */
+static int COMP_get_type(const COMP_METHOD *meth)
+{
+    return meth->type;
+}
+/* LCOV_EXCL_STOP */
+#endif
+
+static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback;
+}
+
+static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback_userdata;
+}
+
+static int X509_OBJECT_get_type(X509_OBJECT *x)
+{
+    return x->type;
+}
+
+static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x)
+{
+    return x->data.x509;
+}
+
+static int BIO_up_ref(BIO *b)
+{
+    CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
+    return 1;
+}
+
+static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) {
+    return store->objs;
+}
+
+static int
+SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+    return (s->tlsext_ticklen > 0) ? 1 : 0;
+}
+
+static unsigned long
+SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+    return s->tlsext_tick_lifetime_hint;
+}
+
+#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
+
 /* Default cipher suites */
 #ifndef PY_SSL_DEFAULT_CIPHERS
 #define PY_SSL_DEFAULT_CIPHERS 1
@@ -169,7 +240,11 @@
  * Based on Hynek's excellent blog post (update 2021-02-11)
  * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
  */
+#ifdef OPENSSL_VERSION_1_1
   #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
+#else
+  #define PY_SSL_DEFAULT_CIPHER_STRING "DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK"
+#endif
   #ifndef PY_SSL_MIN_PROTOCOL
     #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
   #endif
@@ -1851,6 +1926,7 @@
     return result;
 }
 
+#if OPENSSL_VERSION_1_1
 /*[clinic input]
 _ssl._SSLSocket.get_verified_chain
 
@@ -1915,6 +1991,8 @@
     return retval;
 }
 
+#endif
+
 static PyObject *
 cipher_to_tuple(const SSL_CIPHER *cipher)
 {
@@ -1979,6 +2057,7 @@
         buf[len-1] = '\0';
     strength_bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
 
+#if OPENSSL_VERSION_1_1
     aead = SSL_CIPHER_is_aead(cipher);
     nid = SSL_CIPHER_get_cipher_nid(cipher);
     skcipher = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
@@ -1988,10 +2067,13 @@
     kx = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
     nid = SSL_CIPHER_get_auth_nid(cipher);
     auth = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
+#endif
 
     return Py_BuildValue(
         "{sksssssssisi"
+#if OPENSSL_VERSION_1_1
         "sOssssssss"
+#endif
         "}",
         "id", cipher_id,
         "name", cipher_name,
@@ -1999,11 +2081,13 @@
         "description", buf,
         "strength_bits", strength_bits,
         "alg_bits", alg_bits
+#if OPENSSL_VERSION_1_1
         ,"aead", aead ? Py_True : Py_False,
         "symmetric", skcipher,
         "digest", digest,
         "kea", kx,
         "auth", auth
+#endif
        );
 }
 
@@ -2032,9 +2116,12 @@
     server_ciphers = SSL_get_ciphers(self->ssl);
     if (!server_ciphers)
         Py_RETURN_NONE;
+#if ! ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
+/* OpenSSL < 1.1.0 */
     client_ciphers = SSL_get_client_ciphers(self->ssl);
     if (!client_ciphers)
         Py_RETURN_NONE;
+#endif
 
     res = PyList_New(sk_SSL_CIPHER_num(server_ciphers));
     if (!res)
@@ -2042,8 +2129,11 @@
     len = 0;
     for (i = 0; i < sk_SSL_CIPHER_num(server_ciphers); i++) {
         cipher = sk_SSL_CIPHER_value(server_ciphers, i);
+#if ! ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
+/* OpenSSL < 1.1.0 */
         if (sk_SSL_CIPHER_find(client_ciphers, cipher) < 0)
             continue;
+#endif
 
         PyObject *tup = cipher_to_tuple(cipher);
         if (!tup) {
@@ -2340,6 +2430,9 @@
 _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)
 /*[clinic end generated code: output=aa7a6be5527358d8 input=77262d994fe5100a]*/
 {
+#ifndef SSL_write_ex
+    int len;
+#endif
     size_t count = 0;
     int retval;
     int sockstate;
@@ -2359,6 +2452,14 @@
         Py_INCREF(sock);
     }
 
+#ifndef SSL_write_ex
+    if (b->len > INT_MAX) {
+        PyErr_Format(PyExc_OverflowError,
+                     "string longer than %d bytes", INT_MAX);
+        goto error;
+    }
+#endif
+
     if (sock != NULL) {
         /* just in case the blocking state of the socket has been changed */
         nonblocking = (sock->sock_timeout >= 0);
@@ -2388,8 +2489,13 @@
 
     do {
         PySSL_BEGIN_ALLOW_THREADS
+#ifdef SSL_write_ex
         retval = SSL_write_ex(self->ssl, b->buf, (size_t)b->len, &count);
         err = _PySSL_errno(retval == 0, self->ssl, retval);
+#else
+        len = SSL_write(self->ssl, b->buf, (size_t)b->len);
+        err = _PySSL_errno(len <= 0, self->ssl, len);
+#endif
         PySSL_END_ALLOW_THREADS
         self->err = err;
 
@@ -2422,11 +2528,20 @@
              err.ssl == SSL_ERROR_WANT_WRITE);
 
     Py_XDECREF(sock);
+#ifdef SSL_write_ex
     if (retval == 0)
         return PySSL_SetError(self, retval, __FILE__, __LINE__);
+#else
+    if (len <= 0)
+        return PySSL_SetError(self, len, __FILE__, __LINE__);
+#endif
     if (PySSL_ChainExceptions(self) < 0)
         return NULL;
+#ifdef SSL_write_ex
     return PyLong_FromSize_t(count);
+#else
+    return PyLong_FromLong(len);
+#endif
 error:
     Py_XDECREF(sock);
     PySSL_ChainExceptions(self);
@@ -2476,7 +2591,11 @@
 {
     PyObject *dest = NULL;
     char *mem;
+#ifdef SSL_read_ex
     size_t count = 0;
+#else
+    int count;
+#endif
     int retval;
     int sockstate;
     _PySSLError err;
@@ -2540,8 +2659,13 @@
 
     do {
         PySSL_BEGIN_ALLOW_THREADS
+#ifdef SSL_read_ex
         retval = SSL_read_ex(self->ssl, mem, (size_t)len, &count);
         err = _PySSL_errno(retval == 0, self->ssl, retval);
+#else
+        count = SSL_read(self->ssl, mem, (size_t)len);
+        err = _PySSL_errno(count <= 0, self->ssl, count);
+#endif
         PySSL_END_ALLOW_THREADS
         self->err = err;
 
@@ -2574,8 +2698,13 @@
     } while (err.ssl == SSL_ERROR_WANT_READ ||
              err.ssl == SSL_ERROR_WANT_WRITE);
 
+#ifdef SSL_read_ex
     if (retval == 0) {
         PySSL_SetError(self, retval, __FILE__, __LINE__);
+#else
+    if (count <= 0) {
+        PySSL_SetError(self, count, __FILE__, __LINE__);
+#endif
         goto error;
     }
     if (self->exc_type != NULL)
@@ -2588,7 +2717,11 @@
         return dest;
     }
     else {
+#ifdef SSL_read_ex
         return PyLong_FromSize_t(count);
+#else
+        return PyLong_FromLong(count);
+#endif
     }
 
 error:
@@ -2949,8 +3082,10 @@
     _SSL__SSLSOCKET_COMPRESSION_METHODDEF
     _SSL__SSLSOCKET_SHUTDOWN_METHODDEF
     _SSL__SSLSOCKET_VERIFY_CLIENT_POST_HANDSHAKE_METHODDEF
+#if OPENSSL_VERSION_1_1
     _SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF
     _SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF
+#endif
     {NULL, NULL}
 };
 
@@ -3036,7 +3171,9 @@
     switch(proto_version) {
 #if defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
     case PY_SSL_VERSION_SSL3:
+#ifdef OPENSSL_VERSION_1_1
         PY_SSL_DEPRECATED("ssl.PROTOCOL_SSLv3 is deprecated", 2, NULL);
+#endif
         method = SSLv3_method();
         break;
 #endif
@@ -3044,7 +3181,9 @@
         !defined(OPENSSL_NO_TLS1) && \
         !defined(OPENSSL_NO_TLS1_METHOD))
     case PY_SSL_VERSION_TLS1:
+#ifdef OPENSSL_VERSION_1_1
         PY_SSL_DEPRECATED("ssl.PROTOCOL_TLSv1 is deprecated", 2, NULL);
+#endif
         method = TLSv1_method();
         break;
 #endif
@@ -3052,7 +3191,9 @@
         !defined(OPENSSL_NO_TLS1_1) && \
         !defined(OPENSSL_NO_TLS1_1_METHOD))
     case PY_SSL_VERSION_TLS1_1:
+#ifdef OPENSSL_VERSION_1_1
         PY_SSL_DEPRECATED("ssl.PROTOCOL_TLSv1_1 is deprecated", 2, NULL);
+#endif
         method = TLSv1_1_method();
         break;
 #endif
@@ -3060,12 +3201,16 @@
         !defined(OPENSSL_NO_TLS1_2) && \
         !defined(OPENSSL_NO_TLS1_2_METHOD))
     case PY_SSL_VERSION_TLS1_2:
+#ifdef OPENSSL_VERSION_1_1
         PY_SSL_DEPRECATED("ssl.PROTOCOL_TLSv1_2 is deprecated", 2, NULL);
+#endif
         method = TLSv1_2_method();
         break;
 #endif
     case PY_SSL_VERSION_TLS:
+#ifdef OPENSSL_VERSION_1_1
         PY_SSL_DEPRECATED("ssl.PROTOCOL_TLS is deprecated", 2, NULL);
+#endif
         method = TLS_method();
         break;
     case PY_SSL_VERSION_TLS_CLIENT:
@@ -3166,7 +3311,7 @@
                         "No cipher can be selected.");
         goto error;
     }
-#ifdef PY_SSL_MIN_PROTOCOL
+#if defined(PY_SSL_MIN_PROTOCOL) && defined(OPENSSL_VERSION_1_1)
     switch(proto_version) {
     case PY_SSL_VERSION_TLS:
     case PY_SSL_VERSION_TLS_CLIENT:
@@ -3455,6 +3600,8 @@
 }
 
 /* Getter and setter for protocol version */
+#if defined(SSL_CTRL_GET_MAX_PROTO_VERSION)
+/* Getter and setter for protocol version */
 static int
 set_min_max_proto_version(PySSLContext *self, PyObject *arg, int what)
 {
@@ -3572,6 +3719,7 @@
 {
     return set_min_max_proto_version(self, arg, 1);
 }
+#endif
 
 #ifdef TLS1_3_VERSION
 static PyObject *
@@ -3606,12 +3754,14 @@
 "Control the number of TLSv1.3 session tickets");
 #endif /* TLS1_3_VERSION */
 
+#if OPENSSL_VERSION_1_1
 static PyObject *
 get_security_level(PySSLContext *self, void *c)
 {
     return PyLong_FromLong(SSL_CTX_get_security_level(self->ctx));
 }
 PyDoc_STRVAR(PySSLContext_security_level_doc, "The current security level");
+#endif
 
 static PyObject *
 get_options(PySSLContext *self, void *c)
@@ -3625,7 +3775,10 @@
     long new_opts, opts, set, clear;
     long opt_no = (
         SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
-        SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3
+        SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
+#ifdef SSL_OP_NO_TLSv1_3
+        | SSL_OP_NO_TLSv1_3
+#endif
     );
 
     if (!PyArg_Parse(arg, "l", &new_opts))
@@ -4641,12 +4794,16 @@
                        (setter) set_check_hostname, NULL},
     {"_host_flags", (getter) get_host_flags,
                     (setter) set_host_flags, NULL},
+#if defined(SSL_CTRL_GET_MAX_PROTO_VERSION)
     {"minimum_version", (getter) get_minimum_version,
                         (setter) set_minimum_version, NULL},
     {"maximum_version", (getter) get_maximum_version,
                         (setter) set_maximum_version, NULL},
+#endif
+#ifdef HAVE_OPENSSL_KEYLOG
     {"keylog_filename", (getter) _PySSLContext_get_keylog_filename,
                         (setter) _PySSLContext_set_keylog_filename, NULL},
+#endif
     {"_msg_callback", (getter) _PySSLContext_get_msg_callback,
                       (setter) _PySSLContext_set_msg_callback, NULL},
     {"sni_callback", (getter) get_sni_callback,
@@ -4670,8 +4827,10 @@
                      (setter) set_verify_flags, NULL},
     {"verify_mode", (getter) get_verify_mode,
                     (setter) set_verify_mode, NULL},
+#if OPENSSL_VERSION_1_1
     {"security_level", (getter) get_security_level,
                        NULL, PySSLContext_security_level_doc},
+#endif
     {NULL},            /* sentinel */
 };
 
@@ -5762,6 +5921,14 @@
     _sslmodulestate *state = get_ssl_state(module);
     PySocketModule_APIObject *sockmod = PySocketModule_ImportModuleAndAPI();
 
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+    /* Load all algorithms and initialize cpuid */
+    OPENSSL_add_all_algorithms_noconf();
+    /* Init OpenSSL */
+    SSL_load_error_strings();
+    SSL_library_init();
+#endif
+
     if ((sockmod == NULL) || (sockmod->Sock_Type == NULL)) {
         return -1;
     }
@@ -6165,11 +6332,13 @@
     if (state->PySSLSession_Type == NULL)
         return -1;
 
+#if OPENSSL_VERSION_1_1
     state->PySSLCertificate_Type = (PyTypeObject *)PyType_FromModuleAndSpec(
         module, &PySSLCertificate_spec, NULL
     );
     if (state->PySSLCertificate_Type == NULL)
         return -1;
+#endif
 
     if (PyModule_AddType(module, state->PySSLContext_Type))
         return -1;
@@ -6179,8 +6348,10 @@
         return -1;
     if (PyModule_AddType(module, state->PySSLSession_Type))
         return -1;
+#if OPENSSL_VERSION_1_1
     if (PyModule_AddType(module, state->PySSLCertificate_Type))
         return -1;
+#endif
     return 0;
 }
 
@@ -6203,7 +6374,9 @@
     Py_VISIT(state->PySSLSocket_Type);
     Py_VISIT(state->PySSLMemoryBIO_Type);
     Py_VISIT(state->PySSLSession_Type);
+#if OPENSSL_VERSION_1_1
     Py_VISIT(state->PySSLCertificate_Type);
+#endif
     Py_VISIT(state->PySSLErrorObject);
     Py_VISIT(state->PySSLCertVerificationErrorObject);
     Py_VISIT(state->PySSLZeroReturnErrorObject);
@@ -6228,7 +6401,9 @@
     Py_CLEAR(state->PySSLSocket_Type);
     Py_CLEAR(state->PySSLMemoryBIO_Type);
     Py_CLEAR(state->PySSLSession_Type);
+#if OPENSSL_VERSION_1_1
     Py_CLEAR(state->PySSLCertificate_Type);
+#endif
     Py_CLEAR(state->PySSLErrorObject);
     Py_CLEAR(state->PySSLCertVerificationErrorObject);
     Py_CLEAR(state->PySSLZeroReturnErrorObject);

Places

File no-strict-openssl111-dep.patch of Package saltbundlepy

Places