diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2011-10-26 00:30:32 +0200 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2011-10-26 00:33:26 +0200 |
commit | 9f9c3cbd8d825f80e99ddfdefa530be3955bcd56 (patch) | |
tree | 0a7c36422cfed7696b28ec262a1d65071edba36a | |
parent | 514239e63f18708b86d41db7fa78f49714b10c29 (diff) | |
download | fetchmail-9f9c3cbd8d825f80e99ddfdefa530be3955bcd56.tar.gz fetchmail-9f9c3cbd8d825f80e99ddfdefa530be3955bcd56.tar.bz2 fetchmail-9f9c3cbd8d825f80e99ddfdefa530be3955bcd56.zip |
Fix build on SSLv2-disabled OpenSSL setups
On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer
Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to
fix the build) and print a run-time error that the OS does not support SSLv2.
Fixes Debian Bug #622054, but note that that bug report has a more thorough
patch that does away with SSLv2 altogether.
-rw-r--r-- | NEWS | 7 | ||||
-rw-r--r-- | configure.ac | 5 | ||||
-rw-r--r-- | fetchmail.man | 3 | ||||
-rw-r--r-- | socket.c | 5 |
4 files changed, 19 insertions, 1 deletions
@@ -60,6 +60,13 @@ removed from a 6.4.0 or newer release.) * The Server certificate: message in verbose mode now appears on stdout like the remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807. +# CHANGE +* On systems where SSLv2_client_method isn't defined in OpenSSL (such as + newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't + reference it (to fix the build) and print a run-time error that the OS + does not support SSLv2. Fixes Debian Bug #622054, but note that that bug + report has a more thorough patch that does away with SSLv2 altogether. + fetchmail-6.3.21 (released 2011-08-21, 26011 LoC): diff --git a/configure.ac b/configure.ac index b66ad809..de3a37a3 100644 --- a/configure.ac +++ b/configure.ac @@ -799,6 +799,11 @@ else AC_MSG_NOTICE(Disabling SSL support.) fi +case "$LIBS" in *-lssl*) + AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>]) + ;; +esac + ### use option --with-socks=DIR to point at SOCKS library AC_ARG_WITH(socks, [ --with-socks[=DIR] add built-in SOCKS firewall access], diff --git a/fetchmail.man b/fetchmail.man index 237710f8..e953a5dd 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -474,7 +474,8 @@ Also see \-\-sslcert above. (Keyword: sslproto) .br Forces an SSL/TLS protocol. Possible values are \fB''\fP, -\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged +\&'\fBSSL2\fP' (not supported on all systems), +\&'\fBSSL23\fP', (use of these two values is discouraged and should only be used as a last resort) \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will @@ -874,7 +874,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck _ssl_context[sock] = NULL; if(myproto) { if(!strcasecmp("ssl2",myproto)) { +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); +#else + report(stderr, GT_("Your operating system does not support SSLv2.\n")); + return -1; +#endif } else if(!strcasecmp("ssl3",myproto)) { _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); } else if(!strcasecmp("tls1",myproto)) { |