From 5cb9328ff8133c17f3e1665da2f801f027f19c71 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Tue, 6 Apr 2010 10:10:04 +0200 Subject: Extend documentation on recent OpenSSL fix. --- NEWS | 1 + fetchmail-FAQ.html | 2 +- fetchmail.man | 9 +++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index c52426ad..0f6b6af2 100644 --- a/NEWS +++ b/NEWS @@ -54,6 +54,7 @@ fetchmail-6.3.16 (not yet released): # BUG FIXES * Call OpenSSL_add_all_algorithms(). Sjoerd Simons, to fix Debian Bug #576430. + OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default. Not that OpenSSL would document this in any findable or useful way :-( fetchmail-6.3.15 (released 2010-03-28, 25572 LoC): diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index dd198677..9cc325f6 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -2105,7 +2105,7 @@ SSL?

You'll need to have the OpenSSL libraries installed, and they -should at least be version 0.9.6. +should at least be version 0.9.7. Configure with --with-ssl. If you have the OpenSSL libraries installed in commonly-used default locations, this will suffice. If you have them installed in a non-default location, diff --git a/fetchmail.man b/fetchmail.man index 9054b3b3..25b1088e 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -1173,6 +1173,15 @@ username and the part to the right as the NTLM domain. .SS Secure Socket Layers (SSL) and Transport Layer Security (TLS) .PP +Note that fetchmail currently uses the OpenSSL library, which is +severely underdocumented, so failures may occur just because the +programmers are not aware of OpenSSL's requirement of the day. +For instance, since v6.3.16, fetchmail calls +OpenSSL_add_all_algorithms(), which is necessary to support certificates +with SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in the +documentation and not at all obvious. Please do not hesitate to report +subtle SSL failures. +.PP You can access SSL encrypted services by specifying the \-\-ssl option. You can also do this using the "ssl" user option in the .fetchmailrc file. With SSL encryption enabled, queries are initiated over a -- cgit v1.2.3