diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2016-12-12 02:32:55 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2016-12-12 02:54:27 +0100 |
| commit | 9f4c705e3832bf8d01e0069c2987ba7ae12b3ada (patch) | |
| tree | 3c61d4d0abc2fff4535a251bf82682637519dea4 /socket.c | |
| parent | f49b6dcc977dbb7537bd8b243e569c049f62d230 (diff) | |
| download | fetchmail-9f4c705e3832bf8d01e0069c2987ba7ae12b3ada.tar.gz fetchmail-9f4c705e3832bf8d01e0069c2987ba7ae12b3ada.tar.bz2 fetchmail-9f4c705e3832bf8d01e0069c2987ba7ae12b3ada.zip | |
Support for Debian/Ubuntu mutilated SSLv3 support.
Ubuntu 16.04 LTS, in a misguided attempt to avoid SSLv3 without breaking
the API, does not declare SSLv3 unsupported through the headers, so
applications can only detect this situation at run-time.
The symptom is that SSL_CTX_new errors out with
SSL_R_NULL_SSL_METHOD_PASSED on the error stack, issue an additional
note telling the user to select a newer version.
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -1064,7 +1064,11 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck _ctx[sock] = SSL_CTX_new(SSLv23_client_method()); } if(_ctx[sock] == NULL) { + unsigned long ec = ERR_peek_last_error(); ERR_print_errors_fp(stderr); + if (ERR_GET_REASON(ec) == SSL_R_NULL_SSL_METHOD_PASSED) { + report(stderr, GT_("Note that some distributions disable older protocol versions in weird non-standard ways. Try a newer protocol version.\n")); + } return(-1); } |