From b5b3ad980a7ecd974fce9e2a7a8f8d105ebe69fc Mon Sep 17 00:00:00 2001
From: vergessen <vergessen@gmail.com>
Date: Wed, 19 Nov 2014 11:22:39 -0600
Subject: [PATCH] Add check that SSLv3 is available before use.

This fixes an issue in the urllib3/PyOpenSSL contrib in requests lib that assumes ssl.protocol_sslv3 is always defined. Many systems have disabled this protocol in light of recent security issues.
---
 CHANGES.md                                      |  1 +
 HACKS.txt                                       |  1 +
 .../packages/urllib3/contrib/pyopenssl.py       | 17 ++++++++++++-----
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index fd9cdcbf..939b3d6d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -27,6 +27,7 @@
 * Change Config Post Processing naming sample lines to be more available
 * Add Config Post Processing failed downloads Sabnzbd setup guide
 * Fix Config Post Processing "Anime name pattern" custom javascript validation
+* Add check that SSLv3 is available before use by requests lib
 
 [develop changelog]
 
diff --git a/HACKS.txt b/HACKS.txt
index 8750d457..94812d46 100644
--- a/HACKS.txt
+++ b/HACKS.txt
@@ -1,3 +1,4 @@
 Libs with customisations...
 
 /tornado
+/lib/requests/packages/urllib3/contrib/pyopenssl.py
diff --git a/lib/requests/packages/urllib3/contrib/pyopenssl.py b/lib/requests/packages/urllib3/contrib/pyopenssl.py
index d9bda15a..9486b1b4 100644
--- a/lib/requests/packages/urllib3/contrib/pyopenssl.py
+++ b/lib/requests/packages/urllib3/contrib/pyopenssl.py
@@ -57,11 +57,18 @@ __all__ = ['inject_into_urllib3', 'extract_from_urllib3']
 HAS_SNI = SUBJ_ALT_NAME_SUPPORT
 
 # Map from urllib3 to PyOpenSSL compatible parameter-values.
-_openssl_versions = {
-    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
-    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
-    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
-}
+try:
+    _openssl_versions = {
+        ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+        ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
+        ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+    }
+except AttributeError:
+    _openssl_versions = {
+        ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+        ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+    }
+
 _openssl_verify = {
     ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
     ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,