Get rid of the OPENSSL_NO_SSL2 check, which is not a complete solution on all platforms; replace it with a check (which should always have been there) of the SSL_CTX_new return value. If SSLv2 is unavailable, the context creation should fail and we will notice at that point.

1 files changed, 5 insertions, 5 deletions

diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c
index 0b9f4b6..534d207 100644
--- a/OpenSSL/ssl/context.c
+++ b/OpenSSL/ssl/context.c
@@ -1246,12 +1246,7 @@ ssl_Context_init(ssl_ContextObj *self, int i_method) {
 
     switch (i_method) {
         case ssl_SSLv2_METHOD:
-#ifdef OPENSSL_NO_SSL2
-            PyErr_SetString(PyExc_ValueError, "SSLv2_METHOD not supported by this version of OpenSSL");
-            return NULL;
-#else      
             method = SSLv2_method();
-#endif
             break;
         case ssl_SSLv23_METHOD:
             method = SSLv23_method();
@@ -1268,6 +1263,11 @@ ssl_Context_init(ssl_ContextObj *self, int i_method) {
     }
 
     self->ctx = SSL_CTX_new(method);
+    if (self->ctx == NULL) {
+        exception_from_error_queue(ssl_Error);
+        return NULL;
+    }
+
     Py_INCREF(Py_None);
     self->passphrase_callback = Py_None;
     Py_INCREF(Py_None);