commit 0915360b9ef765bf84d4471a8a079f48c49bad68
author Christian Heimes <christian@python.org> Fri Sep 08 14:47:58 2017 -0700
committer GitHub <noreply@github.com> Fri Sep 08 14:47:58 2017 -0700
tree d667e3a0ad6039f5b2c5fb81ce4fecd85c4da325
parent db610e909b07ced88e73fb0c23e04eed0d4e1b0d

bpo-28182: restore backwards compatibility (#3464)

b3ad0e5 broke backwards compatibility with OpenSSL < 1.0.2.

Signed-off-by: Christian Heimes <christian@python.org>

Modules/_ssl.c

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5b27f2f..5ec31a7 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -485,18 +485,23 @@
         }
 
         switch (verify_code) {
+#ifdef X509_V_ERR_HOSTNAME_MISMATCH
+        /* OpenSSL >= 1.0.2, LibreSSL >= 2.5.3 */
         case X509_V_ERR_HOSTNAME_MISMATCH:
             verify_obj = PyUnicode_FromFormat(
                 "Hostname mismatch, certificate is not valid for '%S'.",
                 sslsock->server_hostname
             );
             break;
+#endif
+#ifdef X509_V_ERR_IP_ADDRESS_MISMATCH
         case X509_V_ERR_IP_ADDRESS_MISMATCH:
             verify_obj = PyUnicode_FromFormat(
                 "IP address mismatch, certificate is not valid for '%S'.",
                 sslsock->server_hostname
             );
             break;
+#endif
         default:
             verify_str = X509_verify_cert_error_string(verify_code);
             if (verify_str != NULL) {