merge 3.2 (#20896)

diff --cc Lib/test/test_ssl.py
index 9fc6027afb44ccf955b1d668a6abf6842cd28b79,5c8df8bad86472551f9098ab13451319d9586520..e52a71c24102fe121914a817a995500312872efd
--- 1/Lib/test/test_ssl.py
--- 2/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@@ -962,30 -689,30 +962,35 @@@ class NetworkedTests(unittest.TestCase)
                  sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count)
  
      def test_get_server_certificate(self):
 -        with support.transient_internet("svn.python.org"):
 -            pem = ssl.get_server_certificate(("svn.python.org", 443),
 -                                             ssl.PROTOCOL_SSLv23)
 -            if not pem:
 -                self.fail("No server certificate on svn.python.org:443!")
 +        def _test_get_server_certificate(host, port, cert=None):
 +            with support.transient_internet(host):
-                 pem = ssl.get_server_certificate((host, port))
++                pem = ssl.get_server_certificate((host, port),
++                                                 ssl.PROTOCOL_SSLv23)
 +                if not pem:
 +                    self.fail("No server certificate on %s:%s!" % (host, port))
  
 -            try:
 -                pem = ssl.get_server_certificate(("svn.python.org", 443),
 +                try:
-                     pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE)
++                    pem = ssl.get_server_certificate((host, port),
++                                                     ssl.PROTOCOL_SSLv23,
++                                                     ca_certs=CERTFILE)
 +                except ssl.SSLError as x:
 +                    #should fail
 +                    if support.verbose:
 +                        sys.stdout.write("%s\n" % x)
 +                else:
 +                    self.fail("Got server certificate %s for %s:%s!" % (pem, host, port))
 +
-                 pem = ssl.get_server_certificate((host, port), ca_certs=cert)
++                pem = ssl.get_server_certificate((host, port),
+                                                  ssl.PROTOCOL_SSLv23,
 -                                                 ca_certs=CERTFILE)
 -            except ssl.SSLError as x:
 -                #should fail
++                                                 ca_certs=cert)
 +                if not pem:
 +                    self.fail("No server certificate on %s:%s!" % (host, port))
                  if support.verbose:
 -                    sys.stdout.write("%s\n" % x)
 -            else:
 -                self.fail("Got server certificate %s for svn.python.org!" % pem)
 +                    sys.stdout.write("\nVerified certificate for %s:%s is\n%s\n" % (host, port ,pem))
  
 -            pem = ssl.get_server_certificate(("svn.python.org", 443),
 -                                             ssl.PROTOCOL_SSLv23,
 -                                             ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
 -            if not pem:
 -                self.fail("No server certificate on svn.python.org:443!")
 -            if support.verbose:
 -                sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
 +        _test_get_server_certificate('svn.python.org', 443, SVN_PYTHON_ORG_ROOT_CERT)
 +        if support.IPV6_ENABLED:
 +            _test_get_server_certificate('ipv6.google.com', 443)
  
      def test_ciphers(self):
          remote = ("svn.python.org", 443)