diff options
| -rw-r--r-- | configure.in | 46 | ||||
| -rw-r--r-- | fetchmail-FAQ.html | 65 | ||||
| -rw-r--r-- | socket.c | 8 |
3 files changed, 60 insertions, 59 deletions
diff --git a/configure.in b/configure.in index d1c91d2c..8c117434 100644 --- a/configure.in +++ b/configure.in @@ -348,20 +348,54 @@ fi ### use option --with-ssl to compile in the SSL support AC_ARG_WITH(ssl, - [ --with-ssl[=DIR] enable SSL and point its top directory]) + [ --with-ssl[=DIR] compile in SSL support using libraries in DIR]) -if test -n "$with_ssl" +if test -z "$with_ssl" -o "$with_ssl" = "yes" then +# He didn't specify an SSL location. Let's look at some common +# directories where SSL has been found in the past and try and auto +# configure for SSL. OpenSSL determination will be made later. +# This will screw up if an OpenSSL install is located in a later +# directory than an older SSLeay install, but the user should fix that +# anyways and he can override on the configure line. + + for ac_dir in \ + /usr/local/ssl \ + /usr/ssl \ + /local/ssl \ + /opt/ssl \ + ; \ + do + if test -d "$ac_dir" ; then + with_ssl=$ac_dir + break; + fi + done +fi + +if test -n "$with_ssl" -a "$with_ssl" != "no" +then + # With the autoconfigure above, the only time this is going to be + # true is going to be when we could not find the headers. If they + # are not in system standard locations, we are going to be broken. if test "$with_ssl" = "yes" then - # Let's just define the standard location for the SSLeay root +# Let's just define the standard location for the SSLeay root with_ssl="/usr/local/ssl" fi - includedir=$with_ssl/include - AC_DEFINE(SSL_ENABLE) - CEFLAGS="$CPPFLAGS -I$includedir" + if test -r $with_ssl/include/openssl/ssl.h + then +### ssl.h found under openssl. Use openssl configuration preferentially + echo "Enabling OpenSSL support in $with_ssl" + CEFLAGS="$CEFLAGS -DSSL_ENABLE -I$with_ssl/include -I$with_ssl/include/openssl" + else + echo "Enabling SSLeay support in $with_ssl" + CEFLAGS="$CEFLAGS -DSSL_ENABLE -I$with_ssl/include" + fi LDEFLAGS="$LDEFLAGS -L$with_ssl/lib" LIBS="$LIBS -lssl -lcrypto" +else + echo 'SSL support disabled' fi ### use option --with-kerberos=DIR to point at a Kerberos directory diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 563b68a2..cb56c633 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/10/26 18:18:05 $ +<td width="30%" align=right>$Date: 1999/10/31 17:17:42 $ </table> <HR> <H1>Frequently Asked Questions About Fetchmail</H1> @@ -444,9 +444,10 @@ OTP, you will specify a password but it will not be sent en clair.<P> Sadly, there is at present (September 1999) no OTP or APOP-like facility generally available on IMAP servers. However, there do exist patches which will OTP-enable the University of Washington IMAP -daemon, version 4.2-FINAL. And we have a report that the GSSAPI -support in fetchmail works with the GSSAPI support in the most recent -version of UW IMAP.<P> +daemon, version 4.2-FINAL. We have a report that the GSSAPI support +in fetchmail works with the GSSAPI support in the most recent version +of UW IMAP. Or you can use <a href="#K5">SSL</a> for complete +end-to-end encryption if you have an SSL-enabled mailserver.<P> You can get both POP3 and IMAP OTP patches from <a name="cmetz">Craig Metz</A>, over FTP via either @@ -1692,51 +1693,17 @@ your .fetchmailrc, or across the network.<p> <hr> <h2><a name="K5">K5. How can I use fetchmail with SSL?</a></h2> -The U.S. government's never-to-be-sufficiently-damned EAR regulations -prevent me from including SSL library hooks in the distribution. -However, the First Amendment of the U.S. Constitution hasn't been -eviscerated (not yet, anyway -- our would-be totalitarians are -working on trashing the Second Amendment first).<P> +You'll need to have the <a href="http://www.openssl.org/">OpenSSL</a> +libraries installed. Configure with --with-ssl. If you have the +OpenSSL libraries installed in the default location (/usr/local/ssl) +this will suffice. If you have them installed in a non-default +location, you'll need to specify it as an argument to --with-ssl after +an equal sign.<p> -<h3>Option 1:</h3> - -I can therefore safely <em>tell</em> you, in documentation, that there -appears to be a way to set up an SSL command chain using the `plugin' -option (originally designed for handling proxy connections across -firewalls).<P> - -Get your hands on the <a -href="http://www.psy.uq.edu.au:8080/~ftp/Crypto/">SSLeay</a> code. -Now make yourself a script called `ssl_connect' that calls the SSLeay -utility `s_client' as follows:<P> - -<pre> -/usr/local/ssl/bin/s_client -quiet -ssl2 -connect $1:$2 -</pre> - -Now add `plugin ssl_connect' to the server options for your connection.<P> - -<h3>Option 2:</h3> - -For those in the U.S., there is a set of SSL patches for fetchmail -available from the <a href="http://www.cryptography.org">North -American Cryptographic Archives</a>, in the SSL directory. You have -to answer three questions about your qualification to access the -archive, before you are allowed in. You can enter through the main -page for the server and browse the archive, or you can go <a -href="http://www.cryptography.org/cgi-bin/crypto.cgi/SSL">straight to -the SSL directory</a>. There you will find patch files against the -fetchmail release sources as well as patched source tarballs.<P> - -While we cannot make the SSL sources available to anyone outside of the -U.S. at this time, if the patches do leak out of the U.S. through no -fault of our own, and someone informs us of their location, we can -provide the URL pointing to archive sites outside of the U.S.<P> - -Newer versions of the SSL patches make appear in the `new' directory -and stay there a while until they can be processed and moved to the SSL -directory. Check for patches in `new' if you do not find patches -for the latest fetchmail release.<P> +Fetchmail binaries built this way support <code>ssl</code>, +<code>sslkey</code>, and <code>sslcert</code> options that control +SSL encryption. You will need to have an SSL-enabled mailserver +to use these options. See the manual page for detals.<p> <hr> <h2><a name="R1">R1. Fetchmail isn't working, and -v shows `SMTP connect failed' messages.</a></h2> @@ -2514,7 +2481,7 @@ inactivity timeout.<p> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/10/26 18:18:05 $ +<td width="30%" align=right>$Date: 1999/10/31 17:17:42 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> @@ -300,10 +300,10 @@ va_dcl { } #ifdef SSL_ENABLE -#include "openssl/ssl.h" -#include "openssl/err.h" -#include "openssl/pem.h" -#include "openssl/x509.h" +#include "ssl.h" +#include "err.h" +#include "pem.h" +#include "x509.h" static SSL_CTX *_ctx = NULL; static SSL *_ssl_context[FD_SETSIZE]; |