diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2010-04-23 01:40:04 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2010-04-23 01:40:04 +0200 |
| commit | e87f96bd9730e2bdb407d0a9cca2a05ee0dabce5 (patch) | |
| tree | ec6908aa50451103ad3399c751ce7149065c762e /NEWS | |
| parent | 2d82d591db0c102bf9d2d29586bb347ef802bc39 (diff) | |
| download | fetchmail-e87f96bd9730e2bdb407d0a9cca2a05ee0dabce5.tar.gz fetchmail-e87f96bd9730e2bdb407d0a9cca2a05ee0dabce5.tar.bz2 fetchmail-e87f96bd9730e2bdb407d0a9cca2a05ee0dabce5.zip | |
--sslcert{file|path} overrides default store, add environment var...
If at least one of --sslcertfile and --sslcertpath is given, fetchmail
skips loading the default OpenSSL X.509 trusted CA cert locations.
If the environment variable FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS is set
to a non-empty value, fetchmail will additionally load the default locations.
The old FETCHMAIL_NO_DEFAULT_X509_PATHS variable was dropped.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 12 |
1 files changed, 4 insertions, 8 deletions
@@ -67,9 +67,10 @@ fetchmail-6.3.17 (not yet released): * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle" file (a file that contains trusted CA certificates). Since these bundled CA files do not require c_rehash to be run, they are easier to use and immune to - OpenSSL library updates. Also see CHANGES below. -* Fetchmail now supports a FETCHMAIL_NO_DEFAULT_X509_PATHS environment variable - to defeat loading the default SSL CA certificate locations. Also see CHANGES. + OpenSSL library updates that affect the hash function. +* Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS + environment variable to force loading the default SSL CA certificate + locations. # REGRESSION FIX * Fix string handling in rcfile scanner, which caused fetchmail to misparse a @@ -87,11 +88,6 @@ fetchmail-6.3.17 (not yet released): are now helpful pointers to --sslcertpath and c_rehash for "unable to get local issuer certificate" and self-signed certificates -- these usually hint to missing root signing CAs in the certs directory. -* Default locations: Fetchmail will now always load the SSL default trusted CA - certificate locations, unless the environmental variable - FETCHMAIL_NO_DEFAULT_X509_PATHS is set and non-empty. Fetchmail used to load - the default locations only if --sslcertpath was not given. - This is a migration aid for systems upgrading to OpenSSL 1.0.0. # DOCUMENTATION * Fix table of global option to read "set softbounce" where there used to be a |