Add check that SSLv3 is available before use.

This fixes an issue in the urllib3/PyOpenSSL contrib in requests lib that assumes ssl.protocol_sslv3 is always defined. Many systems have disabled this protocol in light of recent security issues.

CHANGES.md

@@ -27,6 +27,7 @@
 * Change Config Post Processing naming sample lines to be more available
 * Add Config Post Processing failed downloads Sabnzbd setup guide
 * Fix Config Post Processing "Anime name pattern" custom javascript validation
+* Add check that SSLv3 is available before use by requests lib
 
 [develop changelog]
 

HACKS.txt

@@ -1,3 +1,4 @@
 Libs with customisations...
 
 /tornado
+/lib/requests/packages/urllib3/contrib/pyopenssl.py

lib/requests/packages/urllib3/contrib/pyopenssl.py

@@ -57,11 +57,18 @@ __all__ = ['inject_into_urllib3', 'extract_from_urllib3']
 HAS_SNI = SUBJ_ALT_NAME_SUPPORT
 
 # Map from urllib3 to PyOpenSSL compatible parameter-values.
-_openssl_versions = {
-    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
-    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
-    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
-}
+try:
+    _openssl_versions = {
+        ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+        ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
+        ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+    }
+except AttributeError:
+    _openssl_versions = {
+        ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+        ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+    }
+
 _openssl_verify = {
     ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
     ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,