From: Stefano Rivera <stefanor@debian.org>
Date: Thu, 8 Oct 2015 13:19:51 -0700
Subject: Do not use embedded copy of ssl.match_hostname, when possible

 The system python has the necessary features backported, since 2.7.8-7 (and
 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
 implementations don't, yet, and urllib3 is used by pip in virtualenvs.
Forwarded: not-needed
Last-Update: 2014-11-18

Patch-Name: 05_avoid-embedded-ssl-match-hostname.patch
---
 src/urllib3/packages/__init__.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/urllib3/packages/__init__.py b/src/urllib3/packages/__init__.py
index fce4caa..ffe70a4 100644
--- a/src/urllib3/packages/__init__.py
+++ b/src/urllib3/packages/__init__.py
@@ -1,5 +1,11 @@
 from __future__ import absolute_import
 
-from . import ssl_match_hostname
-
 __all__ = ("ssl_match_hostname",)
+
+try:
+    # cPython >= 2.7.9 has ssl features backported from Python3
+    from ssl import CertificateError
+    del CertificateError
+    import ssl as ssl_match_hostname
+except ImportError:
+    from . import ssl_match_hostname