aboutsummaryrefslogtreecommitdiffstats
path: root/socket.c
diff options
context:
space:
mode:
authorEarl Chew <earl_chew@yahoo.com>2012-09-03 23:04:08 +0200
committerMatthias Andree <matthias.andree@gmx.de>2012-09-03 23:04:08 +0200
commita2f52629d0dce57bf1a0c290b33cff9706087918 (patch)
treeba22b304efb096e12fc3aa462eec37b5b637ff03 /socket.c
parent43515cd32a275ed67e5b85fdf42429deda4bd5be (diff)
downloadfetchmail-a2f52629d0dce57bf1a0c290b33cff9706087918.tar.gz
fetchmail-a2f52629d0dce57bf1a0c290b33cff9706087918.tar.bz2
fetchmail-a2f52629d0dce57bf1a0c290b33cff9706087918.zip
Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()
A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently: http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch Older implementations of OpenSSL do not support SSL_CTX_clear_options(). This patch reworks the previous change to avoid the use of SL_CTX_clear_options() and instead clears the corresponding bit in SSL_OP_ALL before calling SSL_CTX_set_options().
Diffstat (limited to 'socket.c')
-rw-r--r--socket.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/socket.c b/socket.c
index 5f168b5b..634b4760 100644
--- a/socket.c
+++ b/socket.c
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
{
struct stat randstat;
int i;
+ long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
SSL_library_init();
@@ -899,14 +900,14 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
return(-1);
}
- SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
-
{
char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
- SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+ sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
}
+ SSL_CTX_set_options(_ctx[sock], sslopts);
+
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
} else {