From 0915360b9ef765bf84d4471a8a079f48c49bad68 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Fri, 8 Sep 2017 14:47:58 -0700
Subject: [PATCH] bpo-28182: restore backwards compatibility (#3464)

b3ad0e5 broke backwards compatibility with OpenSSL < 1.0.2.

Signed-off-by: Christian Heimes <christian@python.org>
---
 Modules/_ssl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5b27f2fda2..5ec31a7736 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -485,18 +485,23 @@ fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
         }
 
         switch (verify_code) {
+#ifdef X509_V_ERR_HOSTNAME_MISMATCH
+        /* OpenSSL >= 1.0.2, LibreSSL >= 2.5.3 */
         case X509_V_ERR_HOSTNAME_MISMATCH:
             verify_obj = PyUnicode_FromFormat(
                 "Hostname mismatch, certificate is not valid for '%S'.",
                 sslsock->server_hostname
             );
             break;
+#endif
+#ifdef X509_V_ERR_IP_ADDRESS_MISMATCH
         case X509_V_ERR_IP_ADDRESS_MISMATCH:
             verify_obj = PyUnicode_FromFormat(
                 "IP address mismatch, certificate is not valid for '%S'.",
                 sslsock->server_hostname
             );
             break;
+#endif
         default:
             verify_str = X509_verify_cert_error_string(verify_code);
             if (verify_str != NULL) {
-- 
2.40.0