From 5bc39702fb8c4ac986d39c51b75d5c5cc3da4ac9 Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean <ardeleanalex@gmail.com>
Date: Fri, 16 Nov 2018 15:33:49 +0200
Subject: [PATCH] python: fix build with OpenSSL 1.1.0

Addresses issue from here:
  https://github.com/openwrt/packages/issues/7367#issuecomment-437685598

The SSL module in Python doesn't handle properly all the combinations of
NPN between all OpenSSL & LibreSSL versions.
This patch fixes this.
Also pushed a report & proposal upstream to Python:
  https://bugs.python.org/issue35264

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
---
 lang/python/python/Makefile                   |  2 +-
 .../011-fix-ssl-build-use-have-npn.patch      | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 lang/python/python/patches/011-fix-ssl-build-use-have-npn.patch

diff --git a/lang/python/python/Makefile b/lang/python/python/Makefile
index 766a57b97..4a00bfa0f 100644
--- a/lang/python/python/Makefile
+++ b/lang/python/python/Makefile
@@ -12,7 +12,7 @@ include ../python-version.mk
 
 PKG_NAME:=python
 PKG_VERSION:=$(PYTHON_VERSION).$(PYTHON_VERSION_MICRO)
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION)
diff --git a/lang/python/python/patches/011-fix-ssl-build-use-have-npn.patch b/lang/python/python/patches/011-fix-ssl-build-use-have-npn.patch
new file mode 100644
index 000000000..b49818360
--- /dev/null
+++ b/lang/python/python/patches/011-fix-ssl-build-use-have-npn.patch
@@ -0,0 +1,22 @@
+diff --git a/Modules/_ssl.c b/Modules/_ssl.c
+index a96c419260..c80437eef7 100644
+--- a/Modules/_ssl.c
++++ b/Modules/_ssl.c
+@@ -1586,7 +1586,7 @@ static PyObject *PySSL_version(PySSLSocket *self)
+     return PyUnicode_FromString(version);
+ }
+ 
+-#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
++#if HAVE_NPN
+ static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) {
+     const unsigned char *out;
+     unsigned int outlen;
+@@ -2114,7 +2114,7 @@ static PyMethodDef PySSLMethods[] = {
+      PySSL_peercert_doc},
+     {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS},
+     {"version", (PyCFunction)PySSL_version, METH_NOARGS},
+-#ifdef OPENSSL_NPN_NEGOTIATED
++#if HAVE_NPN
+     {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
+ #endif
+ #if HAVE_ALPN