bpo-28182: restore backwards compatibility (#3464)

b3ad0e5 broke backwards compatibility with OpenSSL < 1.0.2.

Signed-off-by: Christian Heimes <christian@python.org>

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5b27f2fda2c3797e3fc0a14dbb3b515f0bd83c8c..5ec31a773654960f147543b9a4e11f6e52d0074a 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -485,18 +485,23 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
         }
 
         switch (verify_code) {
+#ifdef X509_V_ERR_HOSTNAME_MISMATCH
+        /* OpenSSL >= 1.0.2, LibreSSL >= 2.5.3 */
         case X509_V_ERR_HOSTNAME_MISMATCH:
             verify_obj = PyUnicode_FromFormat(
                 "Hostname mismatch, certificate is not valid for '%S'.",
                 sslsock->server_hostname
             );
             break;
+#endif
+#ifdef X509_V_ERR_IP_ADDRESS_MISMATCH
         case X509_V_ERR_IP_ADDRESS_MISMATCH:
             verify_obj = PyUnicode_FromFormat(
                 "IP address mismatch, certificate is not valid for '%S'.",
                 sslsock->server_hostname
             );
             break;
+#endif
         default:
             verify_str = X509_verify_cert_error_string(verify_code);
             if (verify_str != NULL) {