diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2008-07-03 14:46:39 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2008-07-03 14:46:39 +0000 |
| commit | 447370b6c73546db867c249a74a9f4863fddf735 (patch) | |
| tree | 260566c7490ba2f91af69f12be7a1eeba1c13a18 /socket.c | |
| parent | c8063ce622e7622fb58561dfc48028b39cba4906 (diff) | |
| download | fetchmail-447370b6c73546db867c249a74a9f4863fddf735.tar.gz fetchmail-447370b6c73546db867c249a74a9f4863fddf735.tar.bz2 fetchmail-447370b6c73546db867c249a74a9f4863fddf735.zip | |
SSL fix: check and report if SSL_set_fd fails.
SSL change: enable all workarounds with SSL_CTX_set_options(ctx,SSL_OP_ALL)
svn path=/branches/BRANCH_6-3/; revision=5214
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -801,7 +801,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char int i; SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); + SSLeay_add_ssl_algorithms(); /* synonym for SSL_library_init() */ #ifdef SSL_ENABLE if (stat("/dev/random", &randstat) && @@ -851,6 +851,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char return(-1); } + SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL); + if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback); } else { @@ -901,9 +903,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM); } - SSL_set_fd(_ssl_context[sock], sock); - - if(SSL_connect(_ssl_context[sock]) < 1) { + if (SSL_set_fd(_ssl_context[sock], sock) == 0 + || SSL_connect(_ssl_context[sock]) < 1) { ERR_print_errors_fp(stderr); SSL_CTX_free(_ctx[sock]); _ctx[sock] = NULL; |