diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2011-05-17 18:00:56 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2011-05-17 20:12:12 +0200 |
| commit | aee0a1be4163b06ae8d32dff93d13a87668423b3 (patch) | |
| tree | 7a9b03cfdbe16ff4f92a1e7aa05834e9edf27f41 /socket.c | |
| parent | eb9e1e4176d89ee30d33381273e22325584675d3 (diff) | |
| download | fetchmail-aee0a1be4163b06ae8d32dff93d13a87668423b3.tar.gz fetchmail-aee0a1be4163b06ae8d32dff93d13a87668423b3.tar.bz2 fetchmail-aee0a1be4163b06ae8d32dff93d13a87668423b3.zip | |
Reinstate SSLv2 support on legacy_63 branch.
Revert "Remove support for SSLv2 (fixes Debian Bug #622054)."
This reverts commit c22a3afca46c83ee6d53a6ee58deb122f309c460.
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -899,14 +899,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck /* Make sure a connection referring to an older context is not left */ _ssl_context[sock] = NULL; if(myproto) { - if(!strcasecmp("ssl3",myproto)) { + if(!strcasecmp("ssl2",myproto)) { + _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); + } else if(!strcasecmp("ssl3",myproto)) { _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); } else if(!strcasecmp("tls1",myproto)) { _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); } else if (!strcasecmp("ssl23",myproto)) { myproto = NULL; } else { - fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto); + fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto); myproto = NULL; } } @@ -918,7 +920,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck return(-1); } - SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2); + SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL); if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback); |