diff options
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | fetchmail.c | 6 | ||||
| -rw-r--r-- | po/de.po | 23 | ||||
| -rw-r--r-- | socket.c | 7 |
5 files changed, 33 insertions, 10 deletions
@@ -53,6 +53,8 @@ removed from a 6.4.0 or newer release.) fetchmail may switch to a different SSL library. * SSLv2 support will be removed from a future fetchmail release. It has been obsolete for more than a decade. +* SSLv3 support may be removed from a future fetchmail release. It has been + obsolete for many years and found insecure. Use TLS. -------------------------------------------------------------------------------- @@ -71,6 +73,10 @@ fetchmail-6.3.27 (not yet released, if ever): * Point to --idle from GENERAL OPERATION to clarify --idle and multiple mailboxes do not mix. In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users mailing list. +* Fix SSL-enabled build on systems that do not declare SSLv3_client_method(). + Related to Debian Bug#775255. +* Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). +* Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method(). # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the diff --git a/configure.ac b/configure.ac index bdcbb20c..9248b265 100644 --- a/configure.ac +++ b/configure.ac @@ -803,6 +803,7 @@ fi case "$LIBS" in *-lssl*) AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>]) + AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>]) ;; esac diff --git a/fetchmail.c b/fetchmail.c index 5f31d6ec..be0e9abd 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -263,6 +263,12 @@ int main(int argc, char **argv) #ifdef SSL_ENABLE "+SSL" #endif +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 + "-SSLv2" +#endif +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 + "-SSLv3" +#endif #ifdef OPIE_ENABLE "+OPIE" #endif /* OPIE_ENABLE */ @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: fetchmail 6.3.26\n" "Report-Msgid-Bugs-To: fetchmail-devel@lists.sourceforge.net\n" -"POT-Creation-Date: 2014-11-22 00:12+0100\n" +"POT-Creation-Date: 2015-01-16 20:42+0100\n" "PO-Revision-Date: 2014-11-22 00:29+0100\n" "Last-Translator: Matthias Andree <matthias.andree@gmx.de>\n" "Language-Team: Deutsch <de@li.org>\n" @@ -1046,7 +1046,8 @@ msgstr "" #: fetchmail.c:1399 msgid "" "fetchmail: Error: idle mode does not work for multiple folders or accounts!\n" -msgstr "fetchmail: Fehler: idle funktioniert nicht für mehrere Ordner oder Kontos!\n" +msgstr "" +"fetchmail: Fehler: idle funktioniert nicht für mehrere Ordner oder Kontos!\n" #: fetchmail.c:1423 #, c-format @@ -3199,20 +3200,24 @@ msgid "File descriptor out of range for SSL" msgstr "Datei-Deskriptor außerhalb des Bereichs für SSL" #: socket.c:913 -msgid "Your operating system does not support SSLv2.\n" -msgstr "Ihr Betriebssystem unterstützt SSLv2 nicht.\n" +msgid "Your OpenSSL version does not support SSLv2.\n" +msgstr "Ihre OpenSSL-Version unterstützt SSLv2 nicht.\n" + +#: socket.c:920 +msgid "Your OpenSSL version does not support SSLv3.\n" +msgstr "Ihre OpenSSL-Version unterstützt SSLv3 nicht.\n" -#: socket.c:923 +#: socket.c:928 #, c-format msgid "Invalid SSL protocol '%s' specified, using default (SSLv23).\n" msgstr "" "Ungültiges SSL-Protokoll „%s“ angegeben, benutze Voreinstellung (SSLv23).\n" -#: socket.c:1022 +#: socket.c:1027 msgid "Certificate/fingerprint verification was somehow skipped!\n" msgstr "Zertifikat-/Fingerabdruck-Überprüfung wurde irgendwie übersprungen!\n" -#: socket.c:1039 +#: socket.c:1044 msgid "" "Warning: the connection is insecure, continuing anyways. (Better use --" "sslcertck!)\n" @@ -3220,11 +3225,11 @@ msgstr "" "Warnung: Die Verbindung ist unsicher, mache trotzdem weiter. (Nehmen Sie " "lieber --sslcertck!)\n" -#: socket.c:1081 +#: socket.c:1086 msgid "Cygwin socket read retry\n" msgstr "Cygwin-Socket-Lese-Wiederholung\n" -#: socket.c:1084 +#: socket.c:1089 msgid "Cygwin socket read retry failed!\n" msgstr "Cygwin-Socket-Lese-Wiederholung fehlgeschlagen!\n" @@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); #else - report(stderr, GT_("Your operating system does not support SSLv2.\n")); + report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); return -1; #endif } else if(!strcasecmp("ssl3",myproto)) { +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); +#else + report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); + return -1; +#endif } else if(!strcasecmp("tls1",myproto)) { _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); } else if (!strcasecmp("ssl23",myproto)) { |