From 59600d8b6d22683c2b5cd79ee7bfe31596d038b2 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Sat, 9 Mar 2002 04:17:15 +0000 Subject: Minor fixes. svn path=/trunk/; revision=3584 --- NEWS | 4 ++++ pop3.c | 28 ++++++++++++++++++++++++++++ rcfile_y.y | 2 +- sink.c | 3 +++ socket.c | 4 ++-- 5 files changed, 38 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 52c3a8db..3d855172 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) +* Renamed misnamed tr.po and da.po files +* Jakub Ulanowski's patch to fix SSL fingerprint handling. +* Matt Kraai's patch for supporting STLS over POP3. + fetchmail-5.9.8 (Thu Feb 14 23:47:31 EST 2002), 21358 lines: * Added de translation catalog; updated da and tr catalogs. diff --git a/pop3.c b/pop3.c index fac2b185..41723b48 100644 --- a/pop3.c +++ b/pop3.c @@ -141,6 +141,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) #ifdef OPIE_ENABLE flag has_otp = FALSE; #endif /* OPIE_ENABLE */ +#ifdef SSL_ENABLE + flag has_ssl = FALSE; +#endif /* SSL_ENABLE */ #ifdef SDPS_ENABLE /* @@ -207,6 +210,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) { if (DOTLINE(buffer)) break; +#ifdef SSL_ENABLE + if (strstr(buffer, "STLS")) + has_ssl = TRUE; +#endif /* SSL_ENABLE */ #if defined(GSSAPI) if (strstr(buffer, "GSSAPI")) has_gssapi = TRUE; @@ -224,6 +231,27 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } } +#ifdef SSL_ENABLE + if (has_ssl && +#if INET6_ENABLE + ctl->server.service && (strcmp(ctl->server.service, "pop3s")) +#else /* INET6_ENABLE */ + ctl->server.port != 995 +#endif /* INET6_ENABLE */ + ) + { + char *realhost; + + realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; gen_transact(sock, "STLS"); + if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1) + { + report(stderr, + GT_("SSL connection failed.\n")); + return(PS_AUTHFAIL); + } + } +#endif /* SSL_ENABLE */ + /* * OK, we have an authentication type now. */ diff --git a/rcfile_y.y b/rcfile_y.y index a7246cf5..7701d2c4 100644 --- a/rcfile_y.y +++ b/rcfile_y.y @@ -368,7 +368,7 @@ user_option : TO localnames HERE #ifdef SSL_ENABLE current.use_ssl = FLAG_FALSE; #else - yyerror(GT_("SSL is not enabled")) + yyerror(GT_("SSL is not enabled")); #endif } diff --git a/sink.c b/sink.c index 5ffe142f..ebd674b9 100644 --- a/sink.c +++ b/sink.c @@ -1029,8 +1029,11 @@ int open_sink(struct query *ctl, struct msgblk *msg, /* * User was delivering locally. We have a fallback MDA. * Latch it in place, logging the error, and fall through. + * Set stripcr as we would if MDA had been the initial transport */ ctl->mda = FALLBACK_MDA; + if (!ctl->forcecr) + ctl->stripcr = TRUE; report(stderr, GT_("can't raise the listener; falling back to %s"), FALLBACK_MDA); diff --git a/socket.c b/socket.c index ceadc960..27b928cc 100644 --- a/socket.c +++ b/socket.c @@ -807,10 +807,10 @@ int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) if (outlevel > O_SILENT) report(stdout, GT_("%s key fingerprint: %s\n"), _server_label, text); if (_check_digest != NULL) { - if (strcmp(text, _check_digest) == 0) + if (strcmp(text, _check_digest) == 0) { if (outlevel > O_SILENT) report(stdout, GT_("%s fingerprints match.\n"), _server_label); - else { + } else { if (outlevel > O_SILENT) report(stderr, GT_("%s fingerprints do not match!\n"), _server_label); return (0); -- cgit v1.2.3