Enable --sslcertck by default.

There are no sslcertck (rcfile) and --nosslcertck (command line) options that can be combined with [--]sslfingerprint if so desired. The documentation is deliberately not updated everywhere, so that recommendations to use --sslcertck stand, this is for the benefit of users that read fetchmail v6.4.0 manuals to configure a fetchmail v6.3.X implementation.
author: Matthias Andree <matthias.andree@gmx.de> 2015-11-15 12:07:02 +0100
committer: Matthias Andree <matthias.andree@gmx.de> 2015-11-15 12:07:02 +0100
commit: 6adcb0cc60e672ea36e3044451c9683b2eb49d64 (patch)
tree: 2697341bdd9f0e3811c70421770a9cb94671c51d /options.c
parent: 9be5aeaeba1041e7cce034832dace6c0f0b64c82 (diff)
download: fetchmail-6adcb0cc60e672ea36e3044451c9683b2eb49d64.tar.gz
fetchmail-6adcb0cc60e672ea36e3044451c9683b2eb49d64.tar.bz2
fetchmail-6adcb0cc60e672ea36e3044451c9683b2eb49d64.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/options.c b/options.c
index d53044fc..15928b34 100644
--- a/options.c
+++ b/options.c
@@ -45,6 +45,7 @@ enum {
     LA_SSLCERT,
     LA_SSLPROTO,
     LA_SSLCERTCK,
+    LA_NOSSLCERTCK,
     LA_SSLCERTFILE,
     LA_SSLCERTPATH,
     LA_SSLCOMMONNAME,
@@ -132,6 +133,7 @@ static const struct option longoptions[] = {
   {"sslcert",	required_argument, (int *) 0, LA_SSLCERT },
   {"sslproto",	 required_argument, (int *) 0, LA_SSLPROTO },
   {"sslcertck", no_argument,	   (int *) 0, LA_SSLCERTCK },
+  {"nosslcertck", no_argument,	   (int *) 0, LA_NOSSLCERTCK },
   {"sslcertfile",   required_argument, (int *) 0, LA_SSLCERTFILE },
   {"sslcertpath",   required_argument, (int *) 0, LA_SSLCERTPATH },
   {"sslcommonname",    required_argument, (int *) 0, LA_SSLCOMMONNAME },
@@ -562,6 +564,10 @@ int parsecmdline (int argc /** argument count */,
 	    ctl->sslcertck = FLAG_TRUE;
 	    break;
 
+	case LA_NOSSLCERTCK:
+	    ctl->sslcertck = FLAG_FALSE;
+	    break;
+
 	case LA_SSLCERTFILE:
 	    ctl->sslcertfile = prependdir(optarg, currentwd);
 	    break;
@@ -647,6 +653,7 @@ int parsecmdline (int argc /** argument count */,
 	P(GT_("      --sslkey      ssl private key file\n"));
 	P(GT_("      --sslcert     ssl client certificate\n"));
 	P(GT_("      --sslcertck   do strict server certificate check (recommended)\n"));
+	P(GT_("      --nosslcertck skip strict server certificate check (insecure)\n"));
 	P(GT_("      --sslcertfile path to trusted-CA ssl certificate file\n"));
 	P(GT_("      --sslcertpath path to trusted-CA ssl certificate directory\n"));
 	P(GT_("      --sslcommonname  expect this CommonName from server (discouraged)\n"));
author	Matthias Andree <matthias.andree@gmx.de>	2015-11-15 12:07:02 +0100
committer	Matthias Andree <matthias.andree@gmx.de>	2015-11-15 12:07:02 +0100
commit	6adcb0cc60e672ea36e3044451c9683b2eb49d64 (patch)
tree	2697341bdd9f0e3811c70421770a9cb94671c51d /options.c
parent	9be5aeaeba1041e7cce034832dace6c0f0b64c82 (diff)
download	fetchmail-6adcb0cc60e672ea36e3044451c9683b2eb49d64.tar.gz fetchmail-6adcb0cc60e672ea36e3044451c9683b2eb49d64.tar.bz2 fetchmail-6adcb0cc60e672ea36e3044451c9683b2eb49d64.zip