This patch comes from in-house, and will not be passed upstream, since

Python 2.6 has been abandoned in favor of later versions.

--- Python-2.6.8/Modules/_ssl.c.~2~ 2014-12-16 00:06:40.398956147 -0800

+++ Python-2.6.8/Modules/_ssl.c 2015-01-08 12:43:53.326916627 -0800

@@ -269,6 +269,7 @@

char *errstr = NULL;

int ret;

int verification_mode;

+ long options;

self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */

if (self == NULL)

@@ -359,8 +360,12 @@

}

/* ssl compatibility */

- SSL_CTX_set_options(self->ctx,

- SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);

+ options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;

+ if (proto_version != PY_SSL_VERSION_SSL2)

+ options |= SSL_OP_NO_SSLv2;

+ if (proto_version != PY_SSL_VERSION_SSL3)

+ options |= SSL_OP_NO_SSLv3;

+ SSL_CTX_set_options(self->ctx, options);

verification_mode = SSL_VERIFY_NONE;

if (certreq == PY_SSL_CERT_OPTIONAL)