Minor fixes.

svn path=/trunk/; revision=3584

5 files changed, 38 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 52c3a8db..3d855172 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@
 
 (The `lines' figures total .c, .h, .l, and .y files under version control.)
 
+* Renamed misnamed tr.po and da.po files
+* Jakub Ulanowski's patch to fix SSL fingerprint handling.
+* Matt Kraai's patch for supporting STLS over POP3.
+
 fetchmail-5.9.8 (Thu Feb 14 23:47:31 EST 2002), 21358 lines:
 
 * Added de translation catalog; updated da and tr catalogs.
diff --git a/pop3.c b/pop3.c
index fac2b185..41723b48 100644
--- a/pop3.c
+++ b/pop3.c
@@ -141,6 +141,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 #ifdef OPIE_ENABLE
     flag has_otp = FALSE;
 #endif /* OPIE_ENABLE */
+#ifdef SSL_ENABLE
+    flag has_ssl = FALSE;
+#endif /* SSL_ENABLE */
 
 #ifdef SDPS_ENABLE
     /*
@@ -207,6 +210,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 	    {
 		if (DOTLINE(buffer))
 		    break;
+#ifdef SSL_ENABLE
+               if (strstr(buffer, "STLS"))
+                   has_ssl = TRUE;
+#endif /* SSL_ENABLE */
 #if defined(GSSAPI)
 		if (strstr(buffer, "GSSAPI"))
 		    has_gssapi = TRUE;
@@ -224,6 +231,27 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 	    }
 	}
 
+#ifdef SSL_ENABLE
+       if (has_ssl &&
+#if INET6_ENABLE
+           ctl->server.service && (strcmp(ctl->server.service, "pop3s"))
+#else /* INET6_ENABLE */
+           ctl->server.port != 995
+#endif /* INET6_ENABLE */
+           )
+       {
+           char *realhost;
+
+           realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;           gen_transact(sock, "STLS");
+           if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+           {
+               report(stderr,
+                      GT_("SSL connection failed.\n"));
+               return(PS_AUTHFAIL);
+           }
+       }
+#endif /* SSL_ENABLE */
+
 	/*
 	 * OK, we have an authentication type now.
 	 */
diff --git a/rcfile_y.y b/rcfile_y.y
index a7246cf5..7701d2c4 100644
--- a/rcfile_y.y
+++ b/rcfile_y.y
@@ -368,7 +368,7 @@ user_option	: TO localnames HERE
 #ifdef SSL_ENABLE
 		    current.use_ssl = FLAG_FALSE;
 #else
-		    yyerror(GT_("SSL is not enabled"))
+		    yyerror(GT_("SSL is not enabled"));
 #endif 
 		}
 
diff --git a/sink.c b/sink.c
index 5ffe142f..ebd674b9 100644
--- a/sink.c
+++ b/sink.c
@@ -1029,8 +1029,11 @@ int open_sink(struct query *ctl, struct msgblk *msg,
 	/* 
 	 * User was delivering locally.  We have a fallback MDA.
 	 * Latch it in place, logging the error, and fall through.
+	 * Set stripcr as we would if MDA had been the initial transport
 	 */
 	ctl->mda = FALLBACK_MDA;
+	if (!ctl->forcecr)
+	    ctl->stripcr = TRUE;
 
 	report(stderr, GT_("can't raise the listener; falling back to %s"),
 			 FALLBACK_MDA);
diff --git a/socket.c b/socket.c
index ceadc960..27b928cc 100644
--- a/socket.c
+++ b/socket.c
@@ -807,10 +807,10 @@ int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
 			if (outlevel > O_SILENT)
 			    report(stdout, GT_("%s key fingerprint: %s\n"), _server_label, text);
 			if (_check_digest != NULL) {
-				if (strcmp(text, _check_digest) == 0)
+				if (strcmp(text, _check_digest) == 0) {
 				    if (outlevel > O_SILENT)
 					report(stdout, GT_("%s fingerprints match.\n"), _server_label);
-				else {
+				} else {
 				    if (outlevel > O_SILENT)
 					report(stderr, GT_("%s fingerprints do not match!\n"), _server_label);
 				    return (0);