aboutsummaryrefslogtreecommitdiffstats
path: root/socket.c
Commit message (Collapse)AuthorAgeFilesLines
* TLS overhaul, bumping version to 6.4Matthias Andree2015-01-261-11/+17
| | | | | | | | | | | | | | | Removes SSLv2, enables TLSv1.1 and v1.2 more easily, permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS. Only negotiates TLSv1 and newer by default, SSLv3 must now be specified explicitly, as a consequence of the POODLE attack. This is meant to be a minimally upgraded version, and cannot be usefully done as a 6.3.X release. It is strongly recommended that users review their configuration - especially --sslproto - per instructions in the NEWS file and manual page. It has changed semantics and in many cases --sslproto auto or perhaps --sslproto tls1.2+ should be used now.
* Also report SSL/TLS protocol version in verbose mode.Matthias Andree2015-01-161-2/+6
|
* Report SSL/TLS cipher, in verbose mode.Matthias Andree2015-01-161-0/+14
| | | | (socket.c cherry-pick from master)
* Also recognize OPENSSL_NO_SSLx.Matthias Andree2015-01-161-2/+2
| | | | | These are the macros OpenSSL defines when configured with no-ssl2 or no-ssl3, the actual macro names are OPENSSL_NO_SSL2 and OPENSSL_NO_SSL3.
* Permit build on SSLv3-disabled OpenSSL,Matthias Andree2015-01-161-1/+6
| | | | | | | providing that these also omit the declaration of SSLv3_client_method(). Related to Debian Bug#775255. Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
* Minor bug fixes for socket.cJohn Beck2013-02-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While running a static code analysis tool (Parfait) on fetchmail, it found some bugs: Error: Memory leak (CWE 401) Memory leak of pointer 'plugin_copy' allocated with malloc((plugin_copy_len + 1)) at line 137 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'parse_plugin'. 'plugin_copy' allocated at line 107 with malloc((plugin_copy_len + 1)). plugin_copy leaks when plugin_copy_offset >= plugin_copy_len at line 114. Error: Null pointer dereference (CWE 476) Read from null pointer 'argvec' at line 189 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'. Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188. Null pointer introduced at line 137 in function 'parse_plugin'. at line 190 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'. Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188. Null pointer introduced at line 137 in function 'parse_plugin'. (I realize these are on 6.3.22; I checked and verified that this portion of the code is the same in 6.3.24.) The attached patch fixes each of these. (Note by Matthias Andree: The NULL pointer dereference fix does not require error reporting, because parse_plugin() will already have reported the out-of-memory error that causes the NULL to be returned.)
* Improve X.509 certificate validation reporting.Matthias Andree2013-02-061-13/+42
| | | | | | | | | * Improved reporting when SSL/TLS X.509 certificate validation has failed, working around a not-so-recent swapping of two OpenSSL error codes, and a practical impossibility to distinguish broken certification chains from missing trust anchors (root certificates). * OpenSSL decoded errors are now reported through report(), rather than dumped to stderr, so that they should show up in logfiles and/or syslog.
* Plug a memory leak in OpenSSL's certificate verification callback.Matthias Andree2012-12-131-1/+1
| | | | | | | | | | | This would affect fetchmail configurations running with SSL in daemon mode more than one-shot runs. Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015. This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29) when support for subjectAltName was added through a patch by Roland Stigge, submitted as Debian Bug#201113.
* Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()Earl Chew2012-09-031-3/+4
| | | | | | | | | | | | A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently: http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch Older implementations of OpenSSL do not support SSL_CTX_clear_options(). This patch reworks the previous change to avoid the use of SL_CTX_clear_options() and instead clears the corresponding bit in SSL_OP_ALL before calling SSL_CTX_set_options().
* Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...Matthias Andree2012-05-031-0/+6
| | | | | | | ...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE is a non-empty environment variable. Suggested by Apple.
* Fix build on SSLv2-disabled OpenSSL setupsMatthias Andree2011-10-261-0/+5
| | | | | | | | On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether.
* Print Server certificate: banner on stdout rather than stderr.Matthias Andree2011-08-301-1/+1
| | | | Reported by Henry Jensen, fixes Debian Bug #639807.
* Revert SO_???TIMEO-based STARTTLS timeout handling.Matthias Andree2011-05-261-28/+1
| | | | | | | | | This reverts commits 47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 and 72ce8bce8dd655b6aefa33d0a74e883dad5202b5, the code isn't portable, for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO. These socket-level options are known, but Solaris returns EAFNOSUPPORT. Reported by Jonathan Buschmann.
* Fix error string.Matthias Andree2011-05-231-1/+1
|
* Fix socket timeout handling.Matthias Andree2011-05-221-1/+2
| | | | Fixes STARTTLS hangs reported by Thomas Jarosch.
* Reindent.Matthias Andree2011-05-221-9/+9
|
* Reinstate SSLv2 support on legacy_63 branch.Matthias Andree2011-05-171-3/+5
| | | | | Revert "Remove support for SSLv2 (fixes Debian Bug #622054)." This reverts commit c22a3afca46c83ee6d53a6ee58deb122f309c460.
* Drop broken test code.Matthias Andree2011-05-171-18/+0
|
* SockOpen(): set SO_KEEPALIVE.Matthias Andree2011-05-131-0/+9
|
* Add a SockTimeout(int socket, int seconds) function.Matthias Andree2011-04-291-0/+25
| | | | Uses setsockopt(..., SOL_SOCKET, SO_{SND|RCV}TIMEO, ...).
* In the plugin child, call _exit, not exit.Matthias Andree2011-04-291-2/+2
|
* Properly report EXIT_FAILURE if the plugin/plugout execvp() fails.Matthias Andree2011-04-291-2/+2
|
* Remove unused code.Matthias Andree2011-04-291-48/+0
|
* Fix typo in comment.Matthias Andree2011-04-281-1/+1
|
* Remove support for SSLv2 (fixes Debian Bug #622054).Matthias Andree2011-04-111-5/+3
| | | | | | | | | | | | | SSLv2 has been deprecated since 1996, and is insecure. Remove --sslproto SSL2 support. Set SSL_OP_NO_SSLvSSL_CTX 2 option so that the SSLv23 multi-version client no longer negotiates SSLv2. Note that some distributions (such as Debian) build OpenSSL 1.0.0 without SSLv2 support, so on those, the build would fail. Fixes Debian Bug #622054 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622054
* Fix compiler warnings.Matthias Andree2010-12-121-1/+1
|
* Fix Intel C++ var shadowing warnings.Matthias Andree2010-10-091-5/+5
|
* X.509 matching split out; disallow TLD wildcards.Matthias Andree2010-08-271-36/+0
|
* Disallow X.509 wildcard matches in domain literals.Matthias Andree2010-08-271-1/+17
|
* Require that X.509 wildcards start with "*.",Matthias Andree2010-08-271-1/+1
| | | | rather than just "*", to make abuse harder.
* Factor out name/wildcard matching code.Matthias Andree2010-08-271-17/+23
|
* Only report connection failures in verbose mode or if all addresses fail.Matthias Andree2010-05-191-7/+18
|
* Omit warning of insecure connection if --sslfingerprint matches.Matthias Andree2010-05-091-2/+2
| | | | Fixes Debian Bug#580796 reported by Roland Stigge.
* Hack types for cygwin_read().Matthias Andree2010-04-291-4/+4
|
* --sslcert{file|path} overrides default store, add environment var...Matthias Andree2010-04-231-9/+18
| | | | | | | | | | If at least one of --sslcertfile and --sslcertpath is given, fetchmail skips loading the default OpenSSL X.509 trusted CA cert locations. If the environment variable FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS is set to a non-empty value, fetchmail will additionally load the default locations. The old FETCHMAIL_NO_DEFAULT_X509_PATHS variable was dropped.
* Add --sslcertfile option and FETCHMAIL_NO_DEFAULT_X509_PATHS env var,Matthias Andree2010-04-181-5/+12
| | | | and always load the default X.509 trust stores, unless the latter is set.
* Improve SSL error messages for common issuesMatthias Andree2010-04-181-27/+77
|
* Call OpenSSL_add_all_algorithms().Matthias Andree2010-04-061-4/+2
| | | | To fix Debian Bug #576430, reported by Sjoerd Simons.
* Use SSL_library_init(), not SSLeay_add_ssl_algorithms().Matthias Andree2010-04-011-1/+1
|
* Further warning fixes.Matthias Andree2010-03-191-7/+8
|
* Fix lots of warnings, most around string literals...Matthias Andree2010-03-181-2/+2
| | | | | | | ...that were converted to char* when they should have been converted to const char *. Use braces for empty if/else statements.
* Properly check for h_errno declaration and include netdb.h.Matthias Andree2010-03-051-8/+2
|
* Remove unused assignments/initializations found with llvm-clang.Matthias Andree2010-02-281-2/+2
|
* Fix free() of unallocated memory on intact/non-verbose SSL-connections.Matthias Andree2009-08-171-2/+3
| | | | | | | Problem was improper scoping of xfree(tt). Patch courtesy of Thomas Heinz. Fixes Gentoo bug #280760. svn path=/branches/BRANCH_6-3/; revision=5415
* Report Subject Alternative Name before checking for NULs.Matthias Andree2009-08-051-4/+4
| | | | svn path=/branches/BRANCH_6-3/; revision=5396
* Use sdump to display non-printing characters in certificate subject names.Matthias Andree2009-08-051-6/+14
| | | | svn path=/branches/BRANCH_6-3/; revision=5393
* Abort verification if Subject CommonName/AltName contains NUL.Matthias Andree2009-08-041-7/+20
| | | | svn path=/branches/BRANCH_6-3/; revision=5389
* Merge and extend Redhat's AI_ADDRCONFIG patch.Matthias Andree2009-06-141-0/+3
| | | | svn path=/branches/BRANCH_6-3/; revision=5357
* case-insensitive check of SSL fingerprints (Daniel Richard G.)Matthias Andree2009-01-221-1/+1
| | | | | | | | | | | | | | | | | | | | Daniel Richard G. writes: | I was clearing out an old Fetchmail SVN checkout I had lying around | here, and came across one small change that I forgot to send in. | | In socket.c, there's a bit of code that compares SSL certificate | fingerprints: [...] | | That strcmp() call should be an strcasecmp(). At one point, I | encountered a certificate where the fingerprint's hex digits were in a | different case than what was expected, and the connection attempt failed | because of that. Not exactly what you'd call a potential MitM attack | :-) He's right, we can compare case-insensitively without sacrificing fetchmail's security, so let's just do that for the sake of ease of use. svn path=/branches/BRANCH_6-3/; revision=5262
* Fix a few compiler warnings around implicit conversion or extra ";".Matthias Andree2009-01-141-2/+2
| | | | svn path=/branches/BRANCH_6-3/; revision=5261