aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2011-10-26 00:30:32 +0200
committerMatthias Andree <matthias.andree@gmx.de>2011-10-26 00:33:26 +0200
commit9f9c3cbd8d825f80e99ddfdefa530be3955bcd56 (patch)
tree0a7c36422cfed7696b28ec262a1d65071edba36a
parent514239e63f18708b86d41db7fa78f49714b10c29 (diff)
downloadfetchmail-9f9c3cbd8d825f80e99ddfdefa530be3955bcd56.tar.gz
fetchmail-9f9c3cbd8d825f80e99ddfdefa530be3955bcd56.tar.bz2
fetchmail-9f9c3cbd8d825f80e99ddfdefa530be3955bcd56.zip
Fix build on SSLv2-disabled OpenSSL setups
On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether.
-rw-r--r--NEWS7
-rw-r--r--configure.ac5
-rw-r--r--fetchmail.man3
-rw-r--r--socket.c5
4 files changed, 19 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index e4656ecb..7e4fd664 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,13 @@ removed from a 6.4.0 or newer release.)
* The Server certificate: message in verbose mode now appears on stdout like the
remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
+# CHANGE
+* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
+ newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
+ reference it (to fix the build) and print a run-time error that the OS
+ does not support SSLv2. Fixes Debian Bug #622054, but note that that bug
+ report has a more thorough patch that does away with SSLv2 altogether.
+
fetchmail-6.3.21 (released 2011-08-21, 26011 LoC):
diff --git a/configure.ac b/configure.ac
index b66ad809..de3a37a3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -799,6 +799,11 @@ else
AC_MSG_NOTICE(Disabling SSL support.)
fi
+case "$LIBS" in *-lssl*)
+ AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+ ;;
+esac
+
### use option --with-socks=DIR to point at SOCKS library
AC_ARG_WITH(socks,
[ --with-socks[=DIR] add built-in SOCKS firewall access],
diff --git a/fetchmail.man b/fetchmail.man
index 237710f8..e953a5dd 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -474,7 +474,8 @@ Also see \-\-sslcert above.
(Keyword: sslproto)
.br
Forces an SSL/TLS protocol. Possible values are \fB''\fP,
-\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged
+\&'\fBSSL2\fP' (not supported on all systems),
+\&'\fBSSL23\fP', (use of these two values is discouraged
and should only be used as a last resort) \&'\fBSSL3\fP', and
\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for
connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
diff --git a/socket.c b/socket.c
index d2004819..260b0aa3 100644
--- a/socket.c
+++ b/socket.c
@@ -874,7 +874,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
_ssl_context[sock] = NULL;
if(myproto) {
if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+ report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ return -1;
+#endif
} else if(!strcasecmp("ssl3",myproto)) {
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
} else if(!strcasecmp("tls1",myproto)) {