From 59884989f7688478b86769d209a0570d81322ebf Mon Sep 17 00:00:00 2001
From: Ned Deily <nad@python.org>
Date: Thu, 25 Feb 2016 01:01:48 +1100
Subject: [PATCH] Change OS X installer builds targeted for 10.10 and above to
 build and link with a private copy of OpenSSL, like installers targeted for
 10.5 already do, since Apple has deprecated use of the system OpenSSL and
 removed its header files from the Xcode 7 SDK.  Note that this configuration
 is not currently used to build any python.org-supplied installers and that
 the private copy of OpenSSL requires its own root certificates.

---
 Mac/BuildScript/build-installer.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Mac/BuildScript/build-installer.py b/Mac/BuildScript/build-installer.py
index 609aaf214fd..9177356bef5 100755
--- a/Mac/BuildScript/build-installer.py
+++ b/Mac/BuildScript/build-installer.py
@@ -206,7 +206,7 @@ def library_recipes():
 
     LT_10_5 = bool(getDeptargetTuple() < (10, 5))
 
-    if getDeptargetTuple() < (10, 6):
+    if not (10, 5) < getDeptargetTuple() < (10, 10):
         # The OpenSSL libs shipped with OS X 10.5 and earlier are
         # hopelessly out-of-date and do not include Apple's tie-in to
         # the root certificates in the user and system keychains via TEA
@@ -226,7 +226,8 @@ def library_recipes():
         # now more obvious with cert checking enabled by default in the
         # standard library.
         #
-        # For builds with 10.6+ SDKs, continue to use the deprecated but
+        # For builds with 10.6 through 10.9 SDKs,
+        # continue to use the deprecated but
         # less out-of-date Apple 0.9.8 libs for now.  While they are less
         # secure than using an up-to-date 1.0.1 version, doing so
         # avoids the big problems of forcing users to have to manage
@@ -234,6 +235,10 @@ def library_recipes():
         # APIs for cert validation from keychains if validation using the
         # standard OpenSSL locations (/System/Library/OpenSSL, normally empty)
         # fails.
+        #
+        # Since Apple removed the header files for the deprecated system
+        # OpenSSL as of the Xcode 7 release (for OS X 10.10+), we do not
+        # have much choice but to build our own copy here, too.
 
         result.extend([
           dict(