From 138af6f7696e5450d11a6ef4cdca869a26fefe13 Mon Sep 17 00:00:00 2001
From: Yasuhiro Kimura <yasu@utahime.org>
Date: Tue, 11 May 2021 05:47:21 +0900
Subject: [PATCH] Revert "[3.9] bpo-43799: OpenSSL 3.0.0: declare
 OPENSSL_API_COMPAT 1.1.1 (GH-25329) (GH-25382)"

This reverts commit 7d9d5bf863bb0af26b74b0732ab89b2053d2fbec.
---
 Modules/_hashopenssl.c | 15 +++++----------
 Modules/_ssl.c         | 33 +++++++++++++++++++--------------
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git Modules/_hashopenssl.c Modules/_hashopenssl.c
index 0dd1662101..adc8653773 100644
--- Modules/_hashopenssl.c
+++ Modules/_hashopenssl.c
@@ -11,13 +11,6 @@
  *
  */
 
-/* Don't warn about deprecated functions, */
-#ifndef OPENSSL_API_COMPAT
-  // 0x10101000L == 1.1.1, 30000 == 3.0.0
-  #define OPENSSL_API_COMPAT 0x10101000L
-#endif
-#define OPENSSL_NO_DEPRECATED 1
-
 #ifndef Py_BUILD_CORE_BUILTIN
 #  define Py_BUILD_CORE_MODULE 1
 #endif
@@ -35,7 +28,7 @@
 #include <openssl/crypto.h>
 /* We use the object interface to discover what hashes OpenSSL supports. */
 #include <openssl/objects.h>
-#include <openssl/err.h>
+#include "openssl/err.h"
 
 #include <openssl/crypto.h>       // FIPS_mode()
 
@@ -1932,11 +1925,12 @@ _hashlib_get_fips_mode_impl(PyObject *module)
 /*[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]*/
 
 {
+    int result;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    return EVP_default_properties_is_fips_enabled(NULL);
+    result = EVP_default_properties_is_fips_enabled(NULL);
 #else
     ERR_clear_error();
-    int result = FIPS_mode();
+    result = FIPS_mode();
     if (result == 0) {
         // "If the library was built without support of the FIPS Object Module,
         // then the function will return 0 with an error code of
diff --git Modules/_ssl.c Modules/_ssl.c
index 97e314b21f..82069a5832 100644
--- Modules/_ssl.c
+++ Modules/_ssl.c
@@ -14,13 +14,6 @@
        http://bugs.python.org/issue8108#msg102867 ?
 */
 
-/* Don't warn about deprecated functions, */
-#ifndef OPENSSL_API_COMPAT
-  // 0x10101000L == 1.1.1, 30000 == 3.0.0
-  #define OPENSSL_API_COMPAT 0x10101000L
-#endif
-#define OPENSSL_NO_DEPRECATED 1
-
 #define PY_SSIZE_T_CLEAN
 
 #include "Python.h"
@@ -50,6 +43,14 @@ static PySocketModule_APIObject PySocketModule;
 #include <sys/poll.h>
 #endif
 
+/* Don't warn about deprecated functions */
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+#ifdef __clang__
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
 /* Include OpenSSL header files */
 #include "openssl/rsa.h"
 #include "openssl/crypto.h"
@@ -147,19 +148,23 @@ static void _PySSLFixErrno(void) {
 #  define PY_OPENSSL_1_1_API 1
 #endif
 
-/* OpenSSL API 1.1.0+ does not include version methods. Define the methods
- * unless OpenSSL is compiled without the methods. It's the easiest way to
- * make 1.0.2, 1.1.0, 1.1.1, and 3.0.0 happy without deprecation warnings.
- */
+/* OpenSSL API compat */
+#ifdef OPENSSL_API_COMPAT
+#if OPENSSL_API_COMPAT >= 0x10100000L
+
+/* OpenSSL API 1.1.0+ does not include version methods */
 #ifndef OPENSSL_NO_TLS1_METHOD
-extern const SSL_METHOD *TLSv1_method(void);
+#define OPENSSL_NO_TLS1_METHOD 1
 #endif
 #ifndef OPENSSL_NO_TLS1_1_METHOD
-extern const SSL_METHOD *TLSv1_1_method(void);
+#define OPENSSL_NO_TLS1_1_METHOD 1
 #endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
-extern const SSL_METHOD *TLSv1_2_method(void);
+#define OPENSSL_NO_TLS1_2_METHOD 1
 #endif
+
+#endif /* >= 1.1.0 compcat */
+#endif /* OPENSSL_API_COMPAT */
 
 /* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
-- 
2.31.1