aboutsummaryrefslogtreecommitdiffstats
path: root/socket.c
Commit message (Collapse)AuthorAgeFilesLines
* case-insensitive check of SSL fingerprints (Daniel Richard G.)Matthias Andree2009-01-221-1/+1
| | | | | | | | | | | | | | | | | | | | Daniel Richard G. writes: | I was clearing out an old Fetchmail SVN checkout I had lying around | here, and came across one small change that I forgot to send in. | | In socket.c, there's a bit of code that compares SSL certificate | fingerprints: [...] | | That strcmp() call should be an strcasecmp(). At one point, I | encountered a certificate where the fingerprint's hex digits were in a | different case than what was expected, and the connection attempt failed | because of that. Not exactly what you'd call a potential MitM attack | :-) He's right, we can compare case-insensitively without sacrificing fetchmail's security, so let's just do that for the sake of ease of use. svn path=/branches/BRANCH_6-3/; revision=5262
* Fix a few compiler warnings around implicit conversion or extra ";".Matthias Andree2009-01-141-2/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=5261
* SSL_free(context) when SSL_connect fails, plugging memleak. By Seiichi Ikarashi.Matthias Andree2008-11-131-0/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=5237
* SSL fix: check and report if SSL_set_fd fails.Matthias Andree2008-07-031-4/+5
| | | | | | SSL change: enable all workarounds with SSL_CTX_set_options(ctx,SSL_OP_ALL) svn path=/branches/BRANCH_6-3/; revision=5214
* Partially uncommit the botched commit r5117 so I can create proper changelogs.Matthias Andree2008-07-031-5/+4
| | | | svn path=/branches/BRANCH_6-3/; revision=5212
* Drop dead code under FORCE_STUFFING condition.Matthias Andree2008-01-311-49/+0
| | | | svn path=/branches/BRANCH_6-3/; revision=5155
* Document arcane SSL/TLS UI issue and require docs, Debian Bug#432618.Matthias Andree2007-07-241-4/+5
| | | | svn path=/branches/BRANCH_6-3/; revision=5117
* Fix Debian Bug#400950, certificate CN overrides --user option. Now it's only aMatthias Andree2006-12-181-1/+1
| | | | | | default and --user takes precedence. svn path=/branches/BRANCH_6-3/; revision=4994
* SSL_CTX handling fix by Miloslav Trmac (Red Hat),Matthias Andree2006-09-251-33/+37
| | | | | | fixes growing SSL certpaths without bounds (Red Hat Bug #206346). svn path=/branches/BRANCH_6-3/; revision=4912
* Add IMAP AUTH=EXTERNAL support. BerliOS Patch #1095.Matthias Andree2006-08-141-5/+43
| | | | | | | Courtesy of Götz 'nimrill' Babin-Ebell. This patch also makes --sslproto arguments case insensitive. svn path=/branches/BRANCH_6-3/; revision=4896
* Wrap getaddrinfo() and block SIGALRM where needed.Matthias Andree2006-08-141-2/+2
| | | | | | Also wrap freeaddrinfo() without added functionality. svn path=/branches/BRANCH_6-3/; revision=4895
* Freeaddrinfo() fix for Uli Zappe's bug.Matthias Andree2006-08-071-5/+7
| | | | | | This might fix Debian Bug#294547 and Bug#377135. svn path=/branches/BRANCH_6-3/; revision=4880
* When trying to connect or upon connection failure, log the numeric service ↵Matthias Andree2006-08-011-3/+6
| | | | | | port, too. svn path=/branches/BRANCH_6-3/; revision=4875
* When connect()ing fails, log host and service as well.Matthias Andree2006-08-011-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4873
* In verbose mode, log every IP fetchmail tries to connect to, to avoidMatthias Andree2006-05-141-4/+36
| | | | | | | misleading the user. Suppress EAFNOSUPPORT errors from socket() call, too. Fixes Debian Bug #361825. svn path=/branches/BRANCH_6-3/; revision=4836
* Trivial: Revise comment.Matthias Andree2006-05-121-3/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=4822
* * SSL/TLS: if, for a certain server, an sslfingerprint is specified and Matthias Andree2006-04-061-9/+8
| | | | | | | | | sslcertck is NOT set, suppress printing SSL certificate mismatch errors. (Reported by Hannes Erven.) * SSL/TLS: always print if the sslfingerprint mismatches, even in silent mode. (This is for consistency with certificate verification errors.) svn path=/branches/BRANCH_6-3/; revision=4781
* Fix typo on comment.Matthias Andree2006-04-021-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4771
* a few more type fixes for report/snprintf, patch by Miloslav Trmac.Matthias Andree2006-04-011-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4767
* More warning fixes (from FreeBSD 6.1).Matthias Andree2006-03-251-2/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=4753
* Further cleanups to compile with C++ compiler.Matthias Andree2006-03-151-3/+3
| | | | svn path=/branches/BRANCH_6-3/; revision=4744
* merge Mirek's fetchmail-signed.patchMatthias Andree2006-03-141-8/+10
| | | | svn path=/branches/BRANCH_6-3/; revision=4734
* Fix a few compiler warnings through casts.Matthias Andree2006-01-111-1/+1
| | | | | | Make MD5Update argument const. svn path=/branches/BRANCH_6-3/; revision=4621
* Some verbose output disappeared in debug mode. Adding further -v optionsMatthias Andree2006-01-041-4/+4
| | | | | | | | would alternate between verbose and debug mode. debug mode now comprises all verbose output, and adding more -v options does not switch back from debug to verbose mode. svn path=/branches/BRANCH_6-3/; revision=4597
* Add a comment.Matthias Andree2006-01-041-0/+4
| | | | svn path=/branches/BRANCH_6-3/; revision=4595
* Actually set default SSL certificate path if --sslcertpath is unset.Matthias Andree2005-12-071-0/+2
| | | | | | Reported by Heino Tiedemann and Rob MacGregor. svn path=/branches/BRANCH_6-3/; revision=4516
* Add support for SubjectAltName (RFC-2595 or 2818). Patch by Roland Stigge, ↵Matthias Andree2005-10-291-2/+32
| | | | | | Debian Bug#201113. svn path=/trunk/; revision=4368
* Properly shut down SSL connections. Berlios Patch #647 by Arkadiusz Miśkiewicz.Matthias Andree2005-10-211-0/+2
| | | | svn path=/trunk/; revision=4360
* Put pointer to FAQ in parentheses.Matthias Andree2005-09-221-1/+1
| | | | svn path=/trunk/; revision=4317
* Add full support for --service option.Matthias Andree2005-09-211-1/+1
| | | | svn path=/trunk/; revision=4308
* Revise error messages, suggested by Thomas Wolff.Matthias Andree2005-09-211-1/+3
| | | | svn path=/trunk/; revision=4306
* Large protocol independence patch.Matthias Andree2005-08-281-136/+5
| | | | svn path=/trunk/; revision=4280
* Don't convert service to port and back, but pass service to plugin.Matthias Andree2005-08-031-3/+1
| | | | svn path=/trunk/; revision=4233
* Remove junk.Matthias Andree2005-08-031-4/+0
| | | | svn path=/trunk/; revision=4232
* Remove port/service dualism and make everything a service.Matthias Andree2005-08-021-7/+11
| | | | svn path=/trunk/; revision=4219
* Cleanup: Drop inner_connect and ipv6-connect.c.Matthias Andree2005-08-011-8/+0
| | | | svn path=/trunk/; revision=4214
* INCOMPATIBLE: DROP --netsec/-T option, NET_SECURITY macro - the required ↵Matthias Andree2005-07-301-24/+2
| | | | | | library is no longer available. svn path=/trunk/; revision=4192
* Merge SuSE's fetchmail-6.2.5-implicit-declaration.patchMatthias Andree2005-04-251-0/+11
| | | | svn path=/trunk/; revision=4036
* Clean up the horrible HAVE_[V]SNPRINTF mess, use Trio on systems that lackMatthias Andree2004-11-101-14/+1
| | | | | | real snprintf or vsnprintf. svn path=/trunk/; revision=3996
* SSL validation handling fixes by Brian Candler.Matthias Andree2004-11-101-13/+21
| | | | svn path=/trunk/; revision=3991
* Honor sslcertpath setting even if sslcertck is unset. Patch by Brian Candler.Matthias Andree2004-11-081-2/+2
| | | | svn path=/trunk/; revision=3987
* Fix miscellaneous warnings.Matthias Andree2004-10-201-1/+7
| | | | svn path=/trunk/; revision=3953
* Safe fixes for compiler warnings.Matthias Andree2004-08-091-6/+3
| | | | svn path=/trunk/; revision=3929
* Cast arguments of is*() ctype.h functions to unsigned char to be 8-bit safe.Matthias Andree2004-06-191-3/+3
| | | | svn path=/trunk/; revision=3903
* Compiler warnings fixes, preprocessor and minor general cleanup.Matthias Andree2004-06-181-6/+3
| | | | svn path=/trunk/; revision=3901
* Fix various compiler warnings.Matthias Andree2004-06-181-4/+4
| | | | svn path=/trunk/; revision=3899
* Sunil Shetye's fix for SSL configuration.Eric S. Raymond2004-01-131-6/+6
| | | | svn path=/trunk/; revision=3875
* SSL stuff actually builds.Eric S. Raymond2003-10-101-0/+1
| | | | svn path=/trunk/; revision=3839
* Merge in various small fixes, including two remote DOSEric S. Raymond2003-10-101-0/+21
| | | | svn path=/trunk/; revision=3838
* Ready to ship.Eric S. Raymond2003-08-061-2/+5
| | | | svn path=/trunk/; revision=3831