diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2015-04-08 01:50:47 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2015-04-08 01:53:12 +0200 |
| commit | c3c106aceaf735c80d71b8bfc1c9927d39ed587e (patch) | |
| tree | 26bfed39f09915d4eb18819ff757039d68aeb0dc | |
| parent | c908f303231b2639f56ef75eecfb4260ac8b1dae (diff) | |
| download | fetchmail-c3c106aceaf735c80d71b8bfc1c9927d39ed587e.tar.gz fetchmail-c3c106aceaf735c80d71b8bfc1c9927d39ed587e.tar.bz2 fetchmail-c3c106aceaf735c80d71b8bfc1c9927d39ed587e.zip | |
Detect/report server hang-up in SSL_connect().
This condition does not leave traces in the SSL error queue,
and must be checked explicitly. Result from debugging Jerry Seibert's
issue with outlook.com/pop3.live.com.
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | socket.c | 13 |
2 files changed, 16 insertions, 2 deletions
@@ -81,10 +81,13 @@ fetchmail-6.4.0 (not yet released): tls1.2+ (case insensitively). ## CHANGES +* fetchmail 6.3.X is unsupported. * Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23). * --sslproto tls1.1+ and tls1.2+ are now supported for auto-negotiation with a minimum specified TLS protocol version. -* fetchmail 6.3.X is unsupported. +* Fetchmail now detects if the server hangs up prematurely during SSL_connect() + and reports this condition as such, and not just as SSL connection failure. + (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert). ## FIXES * Fix a typo in the FAQ. Submitted by David Lawyer, Debian Bug#706776. @@ -878,6 +878,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck int i; int avoid_ssl_versions = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; long sslopts = SSL_OP_ALL; + int ssle_connect = 0; SSL_load_error_strings(); SSL_library_init(); @@ -1019,8 +1020,18 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck } if (SSL_set_fd(_ssl_context[sock], sock) == 0 - || SSL_connect(_ssl_context[sock]) < 1) { + || (ssle_connect = SSL_connect(_ssl_context[sock])) < 1) { + int e = errno; + unsigned long ssle_err_from_queue = ERR_peek_error(); + unsigned long ssle_err_from_get_error = SSL_get_error(_ssl_context[sock], ssle_connect); ERR_print_errors_fp(stderr); + if (SSL_ERROR_SYSCALL == ssle_err_from_get_error && 0 == ssle_err_from_queue) { + if (0 == ssle_connect) { + report(stderr, GT_("Server shut down connection prematurely during SSL_connect().\n")); + } else if (ssle_connect < 0) { + report(stderr, GT_("System error during SSL_connect(): %s\n"), strerror(e)); + } + } SSL_free( _ssl_context[sock] ); _ssl_context[sock] = NULL; SSL_CTX_free(_ctx[sock]); |