aboutsummaryrefslogtreecommitdiffstats
path: root/pop3.c
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2008-03-07 13:16:58 +0000
committerMatthias Andree <matthias.andree@gmx.de>2008-03-07 13:16:58 +0000
commit3948bb44ff30ebda9837480c42de7f0d384e4cb9 (patch)
treef81308db46bc55ae85e531f285481fd9966a0ea7 /pop3.c
parentee75486152cf3ded79d3aa5dfe8158f42472eb78 (diff)
downloadfetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.tar.gz
fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.tar.bz2
fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.zip
Merge Daniel Richard G.'s --sslcommonname option.
Exception from no-features policy on 6.3.X is made to keep people away from doing more dangerous things in order to get rid of CommonName mismatch warnings. svn path=/branches/BRANCH_6-3/; revision=5165
Diffstat (limited to 'pop3.c')
-rw-r--r--pop3.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/pop3.c b/pop3.c
index 84dbc69c..561a4b59 100644
--- a/pop3.c
+++ b/pop3.c
@@ -307,7 +307,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
char *challenge;
#endif /* OPIE_ENABLE */
#ifdef SSL_ENABLE
- char *realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
flag connection_may_have_tls_errors = FALSE;
flag got_tls = FALSE;
#endif /* SSL_ENABLE */
@@ -476,6 +475,14 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
#ifdef SSL_ENABLE
if (maybe_tls(ctl)) {
+ char *commonname;
+
+ commonname = ctl->server.pollname;
+ if (ctl->server.via)
+ commonname = ctl->server.via;
+ if (ctl->sslcommonname)
+ commonname = ctl->sslcommonname;
+
if (has_stls)
{
/* Use "tls1" rather than ctl->sslproto because tls1 is the only
@@ -484,7 +491,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
* (see below). */
if (gen_transact(sock, "STLS") == PS_SUCCESS
&& SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
- ctl->sslcertpath, ctl->sslfingerprint, realhost,
+ ctl->sslcertpath, ctl->sslfingerprint, commonname,
ctl->server.pollname, &ctl->remotename) != -1)
{
/*
@@ -508,7 +515,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
}
if (outlevel >= O_VERBOSE)
{
- report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost);
+ report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
}
}
}
@@ -517,7 +524,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
if (must_tls(ctl)) {
/* Config required TLS but we couldn't guarantee it, so we must
* stop. */
- report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost);
+ report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
return PS_SOCKET;
} else {
/* We don't know whether the connection is usable, and there's
@@ -528,7 +535,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
connection_may_have_tls_errors = TRUE;
if (outlevel >= O_VERBOSE)
{
- report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), realhost);
+ report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), commonname);
}
}
}