diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2008-03-07 13:16:58 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2008-03-07 13:16:58 +0000 |
commit | 3948bb44ff30ebda9837480c42de7f0d384e4cb9 (patch) | |
tree | f81308db46bc55ae85e531f285481fd9966a0ea7 /pop3.c | |
parent | ee75486152cf3ded79d3aa5dfe8158f42472eb78 (diff) | |
download | fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.tar.gz fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.tar.bz2 fetchmail-3948bb44ff30ebda9837480c42de7f0d384e4cb9.zip |
Merge Daniel Richard G.'s --sslcommonname option.
Exception from no-features policy on 6.3.X is made to keep people away from
doing more dangerous things in order to get rid of CommonName mismatch
warnings.
svn path=/branches/BRANCH_6-3/; revision=5165
Diffstat (limited to 'pop3.c')
-rw-r--r-- | pop3.c | 17 |
1 files changed, 12 insertions, 5 deletions
@@ -307,7 +307,6 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) char *challenge; #endif /* OPIE_ENABLE */ #ifdef SSL_ENABLE - char *realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; flag connection_may_have_tls_errors = FALSE; flag got_tls = FALSE; #endif /* SSL_ENABLE */ @@ -476,6 +475,14 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) #ifdef SSL_ENABLE if (maybe_tls(ctl)) { + char *commonname; + + commonname = ctl->server.pollname; + if (ctl->server.via) + commonname = ctl->server.via; + if (ctl->sslcommonname) + commonname = ctl->sslcommonname; + if (has_stls) { /* Use "tls1" rather than ctl->sslproto because tls1 is the only @@ -484,7 +491,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * (see below). */ if (gen_transact(sock, "STLS") == PS_SUCCESS && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, - ctl->sslcertpath, ctl->sslfingerprint, realhost, + ctl->sslcertpath, ctl->sslfingerprint, commonname, ctl->server.pollname, &ctl->remotename) != -1) { /* @@ -508,7 +515,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } if (outlevel >= O_VERBOSE) { - report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost); + report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); } } } @@ -517,7 +524,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) if (must_tls(ctl)) { /* Config required TLS but we couldn't guarantee it, so we must * stop. */ - report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost); + report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname); return PS_SOCKET; } else { /* We don't know whether the connection is usable, and there's @@ -528,7 +535,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) connection_may_have_tls_errors = TRUE; if (outlevel >= O_VERBOSE) { - report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), realhost); + report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), commonname); } } } |