From da1fe3873a592eebe6f0d961b2e3b36d29b4838e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Langa?= <lukasz@langa.pl>
Date: Fri, 7 Oct 2022 11:49:28 -0700
Subject: [PATCH] [3.9] gh-94208: Add even more TLS version/protocol checks for
 FreeBSD (#98037)

Otherwise, buildbot builds would fail since there's no TLS 1.0/1.1 support.
---
 .gitignore           |  2 ++
 Lib/test/test_ssl.py | 26 ++++++++++++++++----------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1ba44ec5d635b8..8d9717dd82101c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -140,5 +140,7 @@ Tools/ssl/win32
 # Artifacts generated by 3.11 lying around when switching branches:
 /_bootstrap_python
 /Programs/_freeze_module
+/Modules/Setup.bootstrap
+/Modules/Setup.stdlib
 /Python/deepfreeze/
 /Python/frozen_modules/ 
\ No newline at end of file
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 6faa2ee0bbe6b5..e270f44cf3fba7 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1141,8 +1141,10 @@ def test_constructor(self):
 
     def test_protocol(self):
         for proto in PROTOCOLS:
-            ctx = ssl.SSLContext(proto)
-            self.assertEqual(ctx.protocol, proto)
+            if has_tls_protocol(proto):
+                with warnings_helper.check_warnings():
+                    ctx = ssl.SSLContext(proto)
+                self.assertEqual(ctx.protocol, proto)
 
     def test_ciphers(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
@@ -1524,7 +1526,10 @@ def test_load_dh_params(self):
 
     def test_session_stats(self):
         for proto in PROTOCOLS:
-            ctx = ssl.SSLContext(proto)
+            if not has_tls_protocol(proto):
+                continue
+            with warnings_helper.check_warnings():
+                ctx = ssl.SSLContext(proto)
             self.assertEqual(ctx.session_stats(), {
                 'number': 0,
                 'connect': 0,
@@ -1715,13 +1720,14 @@ def test__create_stdlib_context(self):
             self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
             self._assert_context_options(ctx)
 
-        ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
-                                         cert_reqs=ssl.CERT_REQUIRED,
-                                         check_hostname=True)
-        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
-        self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
-        self.assertTrue(ctx.check_hostname)
-        self._assert_context_options(ctx)
+            with warnings_helper.check_warnings():
+                ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
+                                                cert_reqs=ssl.CERT_REQUIRED,
+                                                check_hostname=True)
+            self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
+            self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+            self.assertTrue(ctx.check_hostname)
+            self._assert_context_options(ctx)
 
         ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)
         self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)