diff options
| author | Earl Chew <earl_chew@yahoo.com> | 2012-09-03 23:04:08 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2012-09-03 23:04:08 +0200 |
| commit | a2f52629d0dce57bf1a0c290b33cff9706087918 (patch) | |
| tree | ba22b304efb096e12fc3aa462eec37b5b637ff03 | |
| parent | 43515cd32a275ed67e5b85fdf42429deda4bd5be (diff) | |
| download | fetchmail-a2f52629d0dce57bf1a0c290b33cff9706087918.tar.gz fetchmail-a2f52629d0dce57bf1a0c290b33cff9706087918.tar.bz2 fetchmail-a2f52629d0dce57bf1a0c290b33cff9706087918.zip | |
Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()
A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently:
http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch
Older implementations of OpenSSL do not support SSL_CTX_clear_options().
This patch reworks the previous change to avoid the use of
SL_CTX_clear_options() and instead clears the corresponding bit in
SSL_OP_ALL before calling SSL_CTX_set_options().
| -rw-r--r-- | socket.c | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck { struct stat randstat; int i; + long sslopts = SSL_OP_ALL; SSL_load_error_strings(); SSL_library_init(); @@ -899,14 +900,14 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck return(-1); } - SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL); - { char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE"); if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp)) - SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); + sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; } + SSL_CTX_set_options(_ctx[sock], sslopts); + if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback); } else { |