diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2015-04-11 11:39:19 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2015-04-11 11:39:19 +0200 |
| commit | 7204a2393e5969f71452c953021a9ca4deab5fd2 (patch) | |
| tree | cdf09914eae6e79168bea0177897b31c768a55f0 /socket.c | |
| parent | 4f2e17b9aa6b24c42eb3148d1331dd57aef3097b (diff) | |
| download | fetchmail-7204a2393e5969f71452c953021a9ca4deab5fd2.tar.gz fetchmail-7204a2393e5969f71452c953021a9ca4deab5fd2.tar.bz2 fetchmail-7204a2393e5969f71452c953021a9ca4deab5fd2.zip | |
Fix typo regarding SSL_OP_NO_SSLv3, and carry over one basic block from master branch.
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -911,7 +911,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck if(!strcasecmp("ssl3",myproto)) { #if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0) && (0 == OPENSSL_NO_SSL3 + 0) _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); - avoid_ssl_versions &= ~SSL_OP_NO_SSLv2; + avoid_ssl_versions &= ~SSL_OP_NO_SSLv3; #else report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); return -1; @@ -936,7 +936,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck myproto = NULL; } } - if(!myproto) { + // do not combine into an else { } as myproto may be nulled + // above! + if (!myproto) { + // SSLv23 is a misnomer and will in fact use the best + // available protocol, subject to SSL_OP_NO* + // constraints. _ctx[sock] = SSL_CTX_new(SSLv23_client_method()); } if(_ctx[sock] == NULL) { |