aboutsummaryrefslogtreecommitdiffstats
path: root/socket.c
Commit message (Collapse)AuthorAgeFilesLines
* X.509 matching split out; disallow TLD wildcards.Matthias Andree2010-08-271-36/+0
|
* Disallow X.509 wildcard matches in domain literals.Matthias Andree2010-08-271-1/+17
|
* Require that X.509 wildcards start with "*.",Matthias Andree2010-08-271-1/+1
| | | | rather than just "*", to make abuse harder.
* Factor out name/wildcard matching code.Matthias Andree2010-08-271-17/+23
|
* Only report connection failures in verbose mode or if all addresses fail.Matthias Andree2010-05-191-7/+18
|
* Omit warning of insecure connection if --sslfingerprint matches.Matthias Andree2010-05-091-2/+2
| | | | Fixes Debian Bug#580796 reported by Roland Stigge.
* Hack types for cygwin_read().Matthias Andree2010-04-291-4/+4
|
* --sslcert{file|path} overrides default store, add environment var...Matthias Andree2010-04-231-9/+18
| | | | | | | | | | If at least one of --sslcertfile and --sslcertpath is given, fetchmail skips loading the default OpenSSL X.509 trusted CA cert locations. If the environment variable FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS is set to a non-empty value, fetchmail will additionally load the default locations. The old FETCHMAIL_NO_DEFAULT_X509_PATHS variable was dropped.
* Add --sslcertfile option and FETCHMAIL_NO_DEFAULT_X509_PATHS env var,Matthias Andree2010-04-181-5/+12
| | | | and always load the default X.509 trust stores, unless the latter is set.
* Improve SSL error messages for common issuesMatthias Andree2010-04-181-27/+77
|
* Call OpenSSL_add_all_algorithms().Matthias Andree2010-04-061-4/+2
| | | | To fix Debian Bug #576430, reported by Sjoerd Simons.
* Use SSL_library_init(), not SSLeay_add_ssl_algorithms().Matthias Andree2010-04-011-1/+1
|
* Further warning fixes.Matthias Andree2010-03-191-7/+8
|
* Fix lots of warnings, most around string literals...Matthias Andree2010-03-181-2/+2
| | | | | | | ...that were converted to char* when they should have been converted to const char *. Use braces for empty if/else statements.
* Properly check for h_errno declaration and include netdb.h.Matthias Andree2010-03-051-8/+2
|
* Remove unused assignments/initializations found with llvm-clang.Matthias Andree2010-02-281-2/+2
|
* Fix free() of unallocated memory on intact/non-verbose SSL-connections.Matthias Andree2009-08-171-2/+3
| | | | | | | Problem was improper scoping of xfree(tt). Patch courtesy of Thomas Heinz. Fixes Gentoo bug #280760. svn path=/branches/BRANCH_6-3/; revision=5415
* Report Subject Alternative Name before checking for NULs.Matthias Andree2009-08-051-4/+4
| | | | svn path=/branches/BRANCH_6-3/; revision=5396
* Use sdump to display non-printing characters in certificate subject names.Matthias Andree2009-08-051-6/+14
| | | | svn path=/branches/BRANCH_6-3/; revision=5393
* Abort verification if Subject CommonName/AltName contains NUL.Matthias Andree2009-08-041-7/+20
| | | | svn path=/branches/BRANCH_6-3/; revision=5389
* Merge and extend Redhat's AI_ADDRCONFIG patch.Matthias Andree2009-06-141-0/+3
| | | | svn path=/branches/BRANCH_6-3/; revision=5357
* case-insensitive check of SSL fingerprints (Daniel Richard G.)Matthias Andree2009-01-221-1/+1
| | | | | | | | | | | | | | | | | | | | Daniel Richard G. writes: | I was clearing out an old Fetchmail SVN checkout I had lying around | here, and came across one small change that I forgot to send in. | | In socket.c, there's a bit of code that compares SSL certificate | fingerprints: [...] | | That strcmp() call should be an strcasecmp(). At one point, I | encountered a certificate where the fingerprint's hex digits were in a | different case than what was expected, and the connection attempt failed | because of that. Not exactly what you'd call a potential MitM attack | :-) He's right, we can compare case-insensitively without sacrificing fetchmail's security, so let's just do that for the sake of ease of use. svn path=/branches/BRANCH_6-3/; revision=5262
* Fix a few compiler warnings around implicit conversion or extra ";".Matthias Andree2009-01-141-2/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=5261
* SSL_free(context) when SSL_connect fails, plugging memleak. By Seiichi Ikarashi.Matthias Andree2008-11-131-0/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=5237
* SSL fix: check and report if SSL_set_fd fails.Matthias Andree2008-07-031-4/+5
| | | | | | SSL change: enable all workarounds with SSL_CTX_set_options(ctx,SSL_OP_ALL) svn path=/branches/BRANCH_6-3/; revision=5214
* Partially uncommit the botched commit r5117 so I can create proper changelogs.Matthias Andree2008-07-031-5/+4
| | | | svn path=/branches/BRANCH_6-3/; revision=5212
* Drop dead code under FORCE_STUFFING condition.Matthias Andree2008-01-311-49/+0
| | | | svn path=/branches/BRANCH_6-3/; revision=5155
* Document arcane SSL/TLS UI issue and require docs, Debian Bug#432618.Matthias Andree2007-07-241-4/+5
| | | | svn path=/branches/BRANCH_6-3/; revision=5117
* Fix Debian Bug#400950, certificate CN overrides --user option. Now it's only aMatthias Andree2006-12-181-1/+1
| | | | | | default and --user takes precedence. svn path=/branches/BRANCH_6-3/; revision=4994
* SSL_CTX handling fix by Miloslav Trmac (Red Hat),Matthias Andree2006-09-251-33/+37
| | | | | | fixes growing SSL certpaths without bounds (Red Hat Bug #206346). svn path=/branches/BRANCH_6-3/; revision=4912
* Add IMAP AUTH=EXTERNAL support. BerliOS Patch #1095.Matthias Andree2006-08-141-5/+43
| | | | | | | Courtesy of Götz 'nimrill' Babin-Ebell. This patch also makes --sslproto arguments case insensitive. svn path=/branches/BRANCH_6-3/; revision=4896
* Wrap getaddrinfo() and block SIGALRM where needed.Matthias Andree2006-08-141-2/+2
| | | | | | Also wrap freeaddrinfo() without added functionality. svn path=/branches/BRANCH_6-3/; revision=4895
* Freeaddrinfo() fix for Uli Zappe's bug.Matthias Andree2006-08-071-5/+7
| | | | | | This might fix Debian Bug#294547 and Bug#377135. svn path=/branches/BRANCH_6-3/; revision=4880
* When trying to connect or upon connection failure, log the numeric service ↵Matthias Andree2006-08-011-3/+6
| | | | | | port, too. svn path=/branches/BRANCH_6-3/; revision=4875
* When connect()ing fails, log host and service as well.Matthias Andree2006-08-011-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4873
* In verbose mode, log every IP fetchmail tries to connect to, to avoidMatthias Andree2006-05-141-4/+36
| | | | | | | misleading the user. Suppress EAFNOSUPPORT errors from socket() call, too. Fixes Debian Bug #361825. svn path=/branches/BRANCH_6-3/; revision=4836
* Trivial: Revise comment.Matthias Andree2006-05-121-3/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=4822
* * SSL/TLS: if, for a certain server, an sslfingerprint is specified and Matthias Andree2006-04-061-9/+8
| | | | | | | | | sslcertck is NOT set, suppress printing SSL certificate mismatch errors. (Reported by Hannes Erven.) * SSL/TLS: always print if the sslfingerprint mismatches, even in silent mode. (This is for consistency with certificate verification errors.) svn path=/branches/BRANCH_6-3/; revision=4781
* Fix typo on comment.Matthias Andree2006-04-021-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4771
* a few more type fixes for report/snprintf, patch by Miloslav Trmac.Matthias Andree2006-04-011-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4767
* More warning fixes (from FreeBSD 6.1).Matthias Andree2006-03-251-2/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=4753
* Further cleanups to compile with C++ compiler.Matthias Andree2006-03-151-3/+3
| | | | svn path=/branches/BRANCH_6-3/; revision=4744
* merge Mirek's fetchmail-signed.patchMatthias Andree2006-03-141-8/+10
| | | | svn path=/branches/BRANCH_6-3/; revision=4734
* Fix a few compiler warnings through casts.Matthias Andree2006-01-111-1/+1
| | | | | | Make MD5Update argument const. svn path=/branches/BRANCH_6-3/; revision=4621
* Some verbose output disappeared in debug mode. Adding further -v optionsMatthias Andree2006-01-041-4/+4
| | | | | | | | would alternate between verbose and debug mode. debug mode now comprises all verbose output, and adding more -v options does not switch back from debug to verbose mode. svn path=/branches/BRANCH_6-3/; revision=4597
* Add a comment.Matthias Andree2006-01-041-0/+4
| | | | svn path=/branches/BRANCH_6-3/; revision=4595
* Actually set default SSL certificate path if --sslcertpath is unset.Matthias Andree2005-12-071-0/+2
| | | | | | Reported by Heino Tiedemann and Rob MacGregor. svn path=/branches/BRANCH_6-3/; revision=4516
* Add support for SubjectAltName (RFC-2595 or 2818). Patch by Roland Stigge, ↵Matthias Andree2005-10-291-2/+32
| | | | | | Debian Bug#201113. svn path=/trunk/; revision=4368
* Properly shut down SSL connections. Berlios Patch #647 by Arkadiusz Miśkiewicz.Matthias Andree2005-10-211-0/+2
| | | | svn path=/trunk/; revision=4360
* Put pointer to FAQ in parentheses.Matthias Andree2005-09-221-1/+1
| | | | svn path=/trunk/; revision=4317
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 22:41:44 +0000