| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
There are no sslcertck (rcfile) and --nosslcertck (command line) options
that can be combined with [--]sslfingerprint if so desired.
The documentation is deliberately not updated everywhere, so that
recommendations to use --sslcertck stand, this is for the benefit of
users that read fetchmail v6.4.0 manuals to configure a fetchmail v6.3.X
implementation.
|
| |
|
| |
|
|
|
|
|
|
| |
This condition does not leave traces in the SSL error queue,
and must be checked explicitly. Result from debugging Jerry Seibert's
issue with outlook.com/pop3.live.com.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removes SSLv2, enables TLSv1.1 and v1.2 more easily,
permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS.
Only negotiates TLSv1 and newer by default, SSLv3 must now be specified
explicitly, as a consequence of the POODLE attack.
This is meant to be a minimally upgraded version, and cannot be usefully
done as a 6.3.X release.
It is strongly recommended that users review their configuration -
especially --sslproto - per instructions in the NEWS file and manual
page. It has changed semantics and in many cases --sslproto auto or
perhaps --sslproto tls1.2+ should be used now.
|
|
|
|
|
| |
These are the macros OpenSSL defines when configured with no-ssl2 or no-ssl3,
the actual macro names are OPENSSL_NO_SSL2 and OPENSSL_NO_SSL3.
|
|
|
|
|
|
|
| |
providing that these also omit the declaration of SSLv3_client_method().
Related to Debian Bug#775255.
Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
|
|
|
|
| |
In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users.
|
| |
|
|
|
|
| |
Re-sign EN and SAs because that broke signatures.
|
|
|
|
| |
Reported by Gonzalo Pérez de Olaguer Córdoba, Debian Bug#744907.
|
|
|
|
| |
Fixes Debian Bug#706776, submitted by David Lawyer.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mimedecode feature failed to ship the last line of the body if it
was encoded as quoted-printable and had a MIME soft line break in the
very last line. Reported by Lars Hecking in June 2011.
Bug introduced on 1998-03-20 when the mimedecode support was added by
ESR before release 4.4.1 through code contributed by Henrik Storner,
in driver.c.
Workaround for older releases: do not use mimedecode feature.
|
| |
|
| |
|
|
|
|
|
| |
The fetchmail manual page now refers the user to --softbounce from the
SMTP/ESMTP ERROR HANDLING section. Reported by Anton Shterenlikht.
|
|
|
|
|
|
|
| |
The fetchmail manual page no longer claims that MD5 were the default OpenSSL
hash format (for use with --sslfingerprint).
Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Improved reporting when SSL/TLS X.509 certificate validation has failed,
working around a not-so-recent swapping of two OpenSSL error codes, and
a practical impossibility to distinguish broken certification chains from
missing trust anchors (root certificates).
* OpenSSL decoded errors are now reported through report(), rather than dumped
to stderr, so that they should show up in logfiles and/or syslog.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older systems that provide the older RFC-2553 implementation of
getaddrinfo, rather than the current RFC-3493, and systems that do not
provide this getaddrinfo() interface at all and thus use the replacement
functions from libesmtp/getaddrinfo.?, might return EAI_NODATA when a
host is registered in DNS as MX or similar, but without A or AAAA
records. Handle this situation when checking for multidrop aliases and
treat EAI_NODATA the same as EAI_NONAME, i. e. name cannot be resolved.
The proper fix, however, is to upgrade the operating system.
|
|
|
|
|
|
|
| |
IBiblio no longer accepts submissions, and considers itself an archive.
There is no point in our carrying forward any related material, if
needed for reference purposes, it can be fetched from older versions in
the Git repository.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This would affect fetchmail configurations running with SSL in daemon mode
more than one-shot runs.
Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015.
This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29)
when support for subjectAltName was added through a patch by Roland
Stigge, submitted as Debian Bug#201113.
|
|
|
|
| |
reported by Heinz Diehl.
|
| |
|
| |
|
|
|
|
|
| |
to encompass Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported
by Eddie via fetchmail-users mailing list, 2012-10-13.
|
|
|
|
|
| |
In case logfile overrides syslog, send a message to the latter stating
where logging goes. Also revise manual page.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
The Python-related Makefile.am parts were simplified to avoid an
automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995.
http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt
|
|
|
|
|
|
| |
The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
|
|
|
|
|
| |
This is to avoid reading from bad locations, and possibly conveying
confidential data. Credit to Nico Golde.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
|
|
|
|
|
|
|
| |
...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE
is a non-empty environment variable.
Suggested by Apple.
|
| |
|
|
|
|
|
|
|
|
| |
On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer
Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to
fix the build) and print a run-time error that the OS does not support SSLv2.
Fixes Debian Bug #622054, but note that that bug report has a more thorough
patch that does away with SSLv2 altogether.
|