Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix socket timeout handling. | Matthias Andree | 2011-05-22 | 1 | -1/+2 |
| | | | | Fixes STARTTLS hangs reported by Thomas Jarosch. | ||||
* | Reindent. | Matthias Andree | 2011-05-22 | 1 | -9/+9 |
| | |||||
* | Reinstate SSLv2 support on legacy_63 branch. | Matthias Andree | 2011-05-17 | 1 | -3/+5 |
| | | | | | Revert "Remove support for SSLv2 (fixes Debian Bug #622054)." This reverts commit c22a3afca46c83ee6d53a6ee58deb122f309c460. | ||||
* | Drop broken test code. | Matthias Andree | 2011-05-17 | 1 | -18/+0 |
| | |||||
* | SockOpen(): set SO_KEEPALIVE. | Matthias Andree | 2011-05-13 | 1 | -0/+9 |
| | |||||
* | Add a SockTimeout(int socket, int seconds) function. | Matthias Andree | 2011-04-29 | 1 | -0/+25 |
| | | | | Uses setsockopt(..., SOL_SOCKET, SO_{SND|RCV}TIMEO, ...). | ||||
* | In the plugin child, call _exit, not exit. | Matthias Andree | 2011-04-29 | 1 | -2/+2 |
| | |||||
* | Properly report EXIT_FAILURE if the plugin/plugout execvp() fails. | Matthias Andree | 2011-04-29 | 1 | -2/+2 |
| | |||||
* | Remove unused code. | Matthias Andree | 2011-04-29 | 1 | -48/+0 |
| | |||||
* | Fix typo in comment. | Matthias Andree | 2011-04-28 | 1 | -1/+1 |
| | |||||
* | Remove support for SSLv2 (fixes Debian Bug #622054). | Matthias Andree | 2011-04-11 | 1 | -5/+3 |
| | | | | | | | | | | | | | SSLv2 has been deprecated since 1996, and is insecure. Remove --sslproto SSL2 support. Set SSL_OP_NO_SSLvSSL_CTX 2 option so that the SSLv23 multi-version client no longer negotiates SSLv2. Note that some distributions (such as Debian) build OpenSSL 1.0.0 without SSLv2 support, so on those, the build would fail. Fixes Debian Bug #622054 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622054 | ||||
* | Fix compiler warnings. | Matthias Andree | 2010-12-12 | 1 | -1/+1 |
| | |||||
* | Fix Intel C++ var shadowing warnings. | Matthias Andree | 2010-10-09 | 1 | -5/+5 |
| | |||||
* | X.509 matching split out; disallow TLD wildcards. | Matthias Andree | 2010-08-27 | 1 | -36/+0 |
| | |||||
* | Disallow X.509 wildcard matches in domain literals. | Matthias Andree | 2010-08-27 | 1 | -1/+17 |
| | |||||
* | Require that X.509 wildcards start with "*.", | Matthias Andree | 2010-08-27 | 1 | -1/+1 |
| | | | | rather than just "*", to make abuse harder. | ||||
* | Factor out name/wildcard matching code. | Matthias Andree | 2010-08-27 | 1 | -17/+23 |
| | |||||
* | Only report connection failures in verbose mode or if all addresses fail. | Matthias Andree | 2010-05-19 | 1 | -7/+18 |
| | |||||
* | Omit warning of insecure connection if --sslfingerprint matches. | Matthias Andree | 2010-05-09 | 1 | -2/+2 |
| | | | | Fixes Debian Bug#580796 reported by Roland Stigge. | ||||
* | Hack types for cygwin_read(). | Matthias Andree | 2010-04-29 | 1 | -4/+4 |
| | |||||
* | --sslcert{file|path} overrides default store, add environment var... | Matthias Andree | 2010-04-23 | 1 | -9/+18 |
| | | | | | | | | | | If at least one of --sslcertfile and --sslcertpath is given, fetchmail skips loading the default OpenSSL X.509 trusted CA cert locations. If the environment variable FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS is set to a non-empty value, fetchmail will additionally load the default locations. The old FETCHMAIL_NO_DEFAULT_X509_PATHS variable was dropped. | ||||
* | Add --sslcertfile option and FETCHMAIL_NO_DEFAULT_X509_PATHS env var, | Matthias Andree | 2010-04-18 | 1 | -5/+12 |
| | | | | and always load the default X.509 trust stores, unless the latter is set. | ||||
* | Improve SSL error messages for common issues | Matthias Andree | 2010-04-18 | 1 | -27/+77 |
| | |||||
* | Call OpenSSL_add_all_algorithms(). | Matthias Andree | 2010-04-06 | 1 | -4/+2 |
| | | | | To fix Debian Bug #576430, reported by Sjoerd Simons. | ||||
* | Use SSL_library_init(), not SSLeay_add_ssl_algorithms(). | Matthias Andree | 2010-04-01 | 1 | -1/+1 |
| | |||||
* | Further warning fixes. | Matthias Andree | 2010-03-19 | 1 | -7/+8 |
| | |||||
* | Fix lots of warnings, most around string literals... | Matthias Andree | 2010-03-18 | 1 | -2/+2 |
| | | | | | | | ...that were converted to char* when they should have been converted to const char *. Use braces for empty if/else statements. | ||||
* | Properly check for h_errno declaration and include netdb.h. | Matthias Andree | 2010-03-05 | 1 | -8/+2 |
| | |||||
* | Remove unused assignments/initializations found with llvm-clang. | Matthias Andree | 2010-02-28 | 1 | -2/+2 |
| | |||||
* | Fix free() of unallocated memory on intact/non-verbose SSL-connections. | Matthias Andree | 2009-08-17 | 1 | -2/+3 |
| | | | | | | | Problem was improper scoping of xfree(tt). Patch courtesy of Thomas Heinz. Fixes Gentoo bug #280760. svn path=/branches/BRANCH_6-3/; revision=5415 | ||||
* | Report Subject Alternative Name before checking for NULs. | Matthias Andree | 2009-08-05 | 1 | -4/+4 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5396 | ||||
* | Use sdump to display non-printing characters in certificate subject names. | Matthias Andree | 2009-08-05 | 1 | -6/+14 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5393 | ||||
* | Abort verification if Subject CommonName/AltName contains NUL. | Matthias Andree | 2009-08-04 | 1 | -7/+20 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5389 | ||||
* | Merge and extend Redhat's AI_ADDRCONFIG patch. | Matthias Andree | 2009-06-14 | 1 | -0/+3 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5357 | ||||
* | case-insensitive check of SSL fingerprints (Daniel Richard G.) | Matthias Andree | 2009-01-22 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | Daniel Richard G. writes: | I was clearing out an old Fetchmail SVN checkout I had lying around | here, and came across one small change that I forgot to send in. | | In socket.c, there's a bit of code that compares SSL certificate | fingerprints: [...] | | That strcmp() call should be an strcasecmp(). At one point, I | encountered a certificate where the fingerprint's hex digits were in a | different case than what was expected, and the connection attempt failed | because of that. Not exactly what you'd call a potential MitM attack | :-) He's right, we can compare case-insensitively without sacrificing fetchmail's security, so let's just do that for the sake of ease of use. svn path=/branches/BRANCH_6-3/; revision=5262 | ||||
* | Fix a few compiler warnings around implicit conversion or extra ";". | Matthias Andree | 2009-01-14 | 1 | -2/+2 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5261 | ||||
* | SSL_free(context) when SSL_connect fails, plugging memleak. By Seiichi Ikarashi. | Matthias Andree | 2008-11-13 | 1 | -0/+2 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5237 | ||||
* | SSL fix: check and report if SSL_set_fd fails. | Matthias Andree | 2008-07-03 | 1 | -4/+5 |
| | | | | | | SSL change: enable all workarounds with SSL_CTX_set_options(ctx,SSL_OP_ALL) svn path=/branches/BRANCH_6-3/; revision=5214 | ||||
* | Partially uncommit the botched commit r5117 so I can create proper changelogs. | Matthias Andree | 2008-07-03 | 1 | -5/+4 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5212 | ||||
* | Drop dead code under FORCE_STUFFING condition. | Matthias Andree | 2008-01-31 | 1 | -49/+0 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5155 | ||||
* | Document arcane SSL/TLS UI issue and require docs, Debian Bug#432618. | Matthias Andree | 2007-07-24 | 1 | -4/+5 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5117 | ||||
* | Fix Debian Bug#400950, certificate CN overrides --user option. Now it's only a | Matthias Andree | 2006-12-18 | 1 | -1/+1 |
| | | | | | | default and --user takes precedence. svn path=/branches/BRANCH_6-3/; revision=4994 | ||||
* | SSL_CTX handling fix by Miloslav Trmac (Red Hat), | Matthias Andree | 2006-09-25 | 1 | -33/+37 |
| | | | | | | fixes growing SSL certpaths without bounds (Red Hat Bug #206346). svn path=/branches/BRANCH_6-3/; revision=4912 | ||||
* | Add IMAP AUTH=EXTERNAL support. BerliOS Patch #1095. | Matthias Andree | 2006-08-14 | 1 | -5/+43 |
| | | | | | | | Courtesy of Götz 'nimrill' Babin-Ebell. This patch also makes --sslproto arguments case insensitive. svn path=/branches/BRANCH_6-3/; revision=4896 | ||||
* | Wrap getaddrinfo() and block SIGALRM where needed. | Matthias Andree | 2006-08-14 | 1 | -2/+2 |
| | | | | | | Also wrap freeaddrinfo() without added functionality. svn path=/branches/BRANCH_6-3/; revision=4895 | ||||
* | Freeaddrinfo() fix for Uli Zappe's bug. | Matthias Andree | 2006-08-07 | 1 | -5/+7 |
| | | | | | | This might fix Debian Bug#294547 and Bug#377135. svn path=/branches/BRANCH_6-3/; revision=4880 | ||||
* | When trying to connect or upon connection failure, log the numeric service ↵ | Matthias Andree | 2006-08-01 | 1 | -3/+6 |
| | | | | | | port, too. svn path=/branches/BRANCH_6-3/; revision=4875 | ||||
* | When connect()ing fails, log host and service as well. | Matthias Andree | 2006-08-01 | 1 | -1/+1 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4873 | ||||
* | In verbose mode, log every IP fetchmail tries to connect to, to avoid | Matthias Andree | 2006-05-14 | 1 | -4/+36 |
| | | | | | | | misleading the user. Suppress EAFNOSUPPORT errors from socket() call, too. Fixes Debian Bug #361825. svn path=/branches/BRANCH_6-3/; revision=4836 | ||||
* | Trivial: Revise comment. | Matthias Andree | 2006-05-12 | 1 | -3/+2 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4822 |