diff options
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | fetchmail.c | 10 | ||||
| -rw-r--r-- | socket.c | 4 |
3 files changed, 14 insertions, 7 deletions
@@ -73,10 +73,13 @@ fetchmail-6.3.27 (not yet released, if ever): * Point to --idle from GENERAL OPERATION to clarify --idle and multiple mailboxes do not mix. In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users mailing list. -* Fix SSL-enabled build on systems that do not declare SSLv3_client_method(). - Related to Debian Bug#775255. +* Fix SSL-enabled build on systems that do not declare SSLv3_client_method(), + or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h>, the canonical + way that OpenSSL communicates this. Related to Debian Bug#775255. * Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). * Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method(). +* Also recognize SSLv2 as unsupported if #include <openssl/ssl.h> + defines the OPENSSL_NO_SSL2 macro. # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the diff --git a/fetchmail.c b/fetchmail.c index be0e9abd..d6452e08 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -54,6 +54,10 @@ #define ENETUNREACH 128 /* Interactive doesn't know this */ #endif /* ENETUNREACH */ +#ifdef SSL_ENABLE +#include <openssl/ssl.h> /* for OPENSSL_NO_SSL2 and ..._SSL3 checks */ +#endif + /* prototypes for internal functions */ static int load_params(int, char **, int); static void dump_params (struct runctl *runp, struct query *, flag implicit); @@ -262,13 +266,13 @@ int main(int argc, char **argv) #endif /* ODMR_ENABLE */ #ifdef SSL_ENABLE "+SSL" -#endif -#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 +#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0) || defined(OPENSSL_NO_SSL2) "-SSLv2" #endif -#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 +#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0) || defined(OPENSSL_NO_SSL3) "-SSLv3" #endif +#endif #ifdef OPIE_ENABLE "+OPIE" #endif /* OPIE_ENABLE */ @@ -907,14 +907,14 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck _ssl_context[sock] = NULL; if(myproto) { if(!strcasecmp("ssl2",myproto)) { -#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 +#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0) && (0 == OPENSSL_NO_SSL2 + 0) _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); #else report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); return -1; #endif } else if(!strcasecmp("ssl3",myproto)) { -#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 +#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0) && (0 == OPENSSL_NO_SSL3 + 0) _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); #else report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); |