aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS4
-rw-r--r--pop3.c28
-rw-r--r--rcfile_y.y2
-rw-r--r--sink.c3
-rw-r--r--socket.c4
5 files changed, 38 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index 52c3a8db..3d855172 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@
(The `lines' figures total .c, .h, .l, and .y files under version control.)
+* Renamed misnamed tr.po and da.po files
+* Jakub Ulanowski's patch to fix SSL fingerprint handling.
+* Matt Kraai's patch for supporting STLS over POP3.
+
fetchmail-5.9.8 (Thu Feb 14 23:47:31 EST 2002), 21358 lines:
* Added de translation catalog; updated da and tr catalogs.
diff --git a/pop3.c b/pop3.c
index fac2b185..41723b48 100644
--- a/pop3.c
+++ b/pop3.c
@@ -141,6 +141,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
#ifdef OPIE_ENABLE
flag has_otp = FALSE;
#endif /* OPIE_ENABLE */
+#ifdef SSL_ENABLE
+ flag has_ssl = FALSE;
+#endif /* SSL_ENABLE */
#ifdef SDPS_ENABLE
/*
@@ -207,6 +210,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
{
if (DOTLINE(buffer))
break;
+#ifdef SSL_ENABLE
+ if (strstr(buffer, "STLS"))
+ has_ssl = TRUE;
+#endif /* SSL_ENABLE */
#if defined(GSSAPI)
if (strstr(buffer, "GSSAPI"))
has_gssapi = TRUE;
@@ -224,6 +231,27 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
}
}
+#ifdef SSL_ENABLE
+ if (has_ssl &&
+#if INET6_ENABLE
+ ctl->server.service && (strcmp(ctl->server.service, "pop3s"))
+#else /* INET6_ENABLE */
+ ctl->server.port != 995
+#endif /* INET6_ENABLE */
+ )
+ {
+ char *realhost;
+
+ realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; gen_transact(sock, "STLS");
+ if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+ {
+ report(stderr,
+ GT_("SSL connection failed.\n"));
+ return(PS_AUTHFAIL);
+ }
+ }
+#endif /* SSL_ENABLE */
+
/*
* OK, we have an authentication type now.
*/
diff --git a/rcfile_y.y b/rcfile_y.y
index a7246cf5..7701d2c4 100644
--- a/rcfile_y.y
+++ b/rcfile_y.y
@@ -368,7 +368,7 @@ user_option : TO localnames HERE
#ifdef SSL_ENABLE
current.use_ssl = FLAG_FALSE;
#else
- yyerror(GT_("SSL is not enabled"))
+ yyerror(GT_("SSL is not enabled"));
#endif
}
diff --git a/sink.c b/sink.c
index 5ffe142f..ebd674b9 100644
--- a/sink.c
+++ b/sink.c
@@ -1029,8 +1029,11 @@ int open_sink(struct query *ctl, struct msgblk *msg,
/*
* User was delivering locally. We have a fallback MDA.
* Latch it in place, logging the error, and fall through.
+ * Set stripcr as we would if MDA had been the initial transport
*/
ctl->mda = FALLBACK_MDA;
+ if (!ctl->forcecr)
+ ctl->stripcr = TRUE;
report(stderr, GT_("can't raise the listener; falling back to %s"),
FALLBACK_MDA);
diff --git a/socket.c b/socket.c
index ceadc960..27b928cc 100644
--- a/socket.c
+++ b/socket.c
@@ -807,10 +807,10 @@ int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
if (outlevel > O_SILENT)
report(stdout, GT_("%s key fingerprint: %s\n"), _server_label, text);
if (_check_digest != NULL) {
- if (strcmp(text, _check_digest) == 0)
+ if (strcmp(text, _check_digest) == 0) {
if (outlevel > O_SILENT)
report(stdout, GT_("%s fingerprints match.\n"), _server_label);
- else {
+ } else {
if (outlevel > O_SILENT)
report(stderr, GT_("%s fingerprints do not match!\n"), _server_label);
return (0);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 16:23:16 +0000