Extend documentation on recent OpenSSL fix.

3 files changed, 11 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index c52426ad..0f6b6af2 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,7 @@ fetchmail-6.3.16 (not yet released):
 
 # BUG FIXES
 * Call OpenSSL_add_all_algorithms(). Sjoerd Simons, to fix Debian Bug #576430.
+  OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default.
   Not that OpenSSL would document this in any findable or useful way :-(
 
 fetchmail-6.3.15 (released 2010-03-28, 25572 LoC):
diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html
index dd198677..9cc325f6 100644
--- a/fetchmail-FAQ.html
+++ b/fetchmail-FAQ.html
@@ -2105,7 +2105,7 @@ SSL?</a></h2>
 
 <p>You'll need to have the <a
 href="http://www.openssl.org/">OpenSSL</a> libraries installed, and they
-should at least be version 0.9.6.
+should at least be version 0.9.7.
 Configure with --with-ssl. If you have the OpenSSL libraries
 installed in commonly-used default locations, this will
 suffice. If you have them installed in a non-default location,
diff --git a/fetchmail.man b/fetchmail.man
index 9054b3b3..25b1088e 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1173,6 +1173,15 @@ username and the part to the right as the NTLM domain.
 
 .SS Secure Socket Layers (SSL) and Transport Layer Security (TLS)
 .PP
+Note that fetchmail currently uses the OpenSSL library, which is
+severely underdocumented, so failures may occur just because the
+programmers are not aware of OpenSSL's requirement of the day.
+For instance, since v6.3.16, fetchmail calls
+OpenSSL_add_all_algorithms(), which is necessary to support certificates
+with SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in the
+documentation and not at all obvious.  Please do not hesitate to report
+subtle SSL failures.
+.PP
 You can access SSL encrypted services by specifying the \-\-ssl option.
 You can also do this using the "ssl" user option in the .fetchmailrc
 file. With SSL encryption enabled, queries are initiated over a