diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2008-03-07 13:16:58 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2008-03-07 13:16:58 +0000 |
| commit | 3948bb44ff30ebda9837480c42de7f0d384e4cb9 (patch) | |
| tree | f81308db46bc55ae85e531f285481fd9966a0ea7 /imap.c | |
| parent | ee75486152cf3ded79d3aa5dfe8158f42472eb78 (diff) | |
| download | fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.tar.gz fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.tar.bz2 fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.zip | |
Merge Daniel Richard G.'s --sslcommonname option.
Exception from no-features policy on 6.3.X is made to keep people away from
doing more dangerous things in order to get rid of CommonName mismatch
warnings.
svn path=/branches/BRANCH_6-3/; revision=5165
Diffstat (limited to 'imap.c')
| -rw-r--r-- | imap.c | 19 |
1 files changed, 12 insertions, 7 deletions
@@ -381,7 +381,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) int ok = 0; #ifdef SSL_ENABLE int got_tls = 0; - char *realhost; #endif (void)greeting; @@ -407,9 +406,15 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) } #ifdef SSL_ENABLE - realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; - if (maybe_tls(ctl)) { + char *commonname; + + commonname = ctl->server.pollname; + if (ctl->server.via) + commonname = ctl->server.via; + if (ctl->sslcommonname) + commonname = ctl->sslcommonname; + if (strstr(capabilities, "STARTTLS")) { /* Use "tls1" rather than ctl->sslproto because tls1 is the only @@ -418,7 +423,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) * (see below). */ if (gen_transact(sock, "STARTTLS") == PS_SUCCESS && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, - ctl->sslcertpath, ctl->sslfingerprint, realhost, + ctl->sslcertpath, ctl->sslfingerprint, commonname, ctl->server.pollname, &ctl->remotename) != -1) { /* @@ -438,7 +443,7 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) capa_probe(sock, ctl); if (outlevel >= O_VERBOSE) { - report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost); + report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); } } } @@ -447,11 +452,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ - report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost); + report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); return PS_SOCKET; } else { if (outlevel >= O_VERBOSE) { - report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), realhost); + report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname); } /* We don't know whether the connection is in a working state, so * test by issuing a NOOP. */ |