From 625b34b34f98514d8ba41490662a54fecfd39fe8 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Sun, 31 Oct 1999 17:17:43 +0000
Subject: Final integration.

svn path=/trunk/; revision=2645
---
 configure.in       | 46 +++++++++++++++++++++++++++++++++-----
 fetchmail-FAQ.html | 65 ++++++++++++++----------------------------------------
 socket.c           |  8 +++----
 3 files changed, 60 insertions(+), 59 deletions(-)

diff --git a/configure.in b/configure.in
index d1c91d2c..8c117434 100644
--- a/configure.in
+++ b/configure.in
@@ -348,20 +348,54 @@ fi
 
 ###	use option --with-ssl to compile in the SSL support
 AC_ARG_WITH(ssl,
-	[  --with-ssl[=DIR]       enable SSL and point its top directory])
+	[  --with-ssl[=DIR]        compile in SSL support using libraries in DIR])
 
-if test -n "$with_ssl"
+if test -z "$with_ssl" -o "$with_ssl" = "yes"
 then
+#	He didn't specify an SSL location.  Let's look at some common
+#	directories where SSL has been found in the past and try and auto
+#	configure for SSL.  OpenSSL determination will be made later.
+#	This will screw up if an OpenSSL install is located in a later
+#	directory than an older SSLeay install, but the user should fix that
+#	anyways and he can override on the configure line.
+
+    for ac_dir in \
+      /usr/local/ssl \
+      /usr/ssl \
+      /local/ssl \
+      /opt/ssl \
+      ; \
+    do
+        if test -d "$ac_dir" ; then
+            with_ssl=$ac_dir
+            break;
+        fi
+    done
+fi
+
+if test -n "$with_ssl" -a "$with_ssl" != "no"
+then
+    # With the autoconfigure above, the only time this is going to be
+    # true is going to be when we could not find the headers.  If they
+    # are not in system standard locations, we are going to be broken.
     if test "$with_ssl" = "yes"
     then
-	# Let's just define the standard location for the SSLeay root
+# Let's just define the standard location for the SSLeay root
         with_ssl="/usr/local/ssl"
     fi
-    includedir=$with_ssl/include
-    AC_DEFINE(SSL_ENABLE)
-    CEFLAGS="$CPPFLAGS -I$includedir"
+    if test -r $with_ssl/include/openssl/ssl.h
+    then
+###	ssl.h found under openssl.  Use openssl configuration preferentially
+        echo "Enabling OpenSSL support in $with_ssl"
+        CEFLAGS="$CEFLAGS -DSSL_ENABLE -I$with_ssl/include -I$with_ssl/include/openssl"
+    else
+        echo "Enabling SSLeay support in $with_ssl"
+        CEFLAGS="$CEFLAGS -DSSL_ENABLE -I$with_ssl/include"
+    fi
     LDEFLAGS="$LDEFLAGS -L$with_ssl/lib"
     LIBS="$LIBS -lssl -lcrypto"
+else
+    echo 'SSL support disabled'
 fi
 
 ###	use option --with-kerberos=DIR to point at a Kerberos directory
diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html
index 563b68a2..cb56c633 100644
--- a/fetchmail-FAQ.html
+++ b/fetchmail-FAQ.html
@@ -10,7 +10,7 @@
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
 <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/10/26 18:18:05 $
+<td width="30%" align=right>$Date: 1999/10/31 17:17:42 $
 </table>
 <HR>
 <H1>Frequently Asked Questions About Fetchmail</H1>
@@ -444,9 +444,10 @@ OTP, you will specify a password but it will not be sent en clair.<P>
 Sadly, there is at present (September 1999) no OTP or APOP-like
 facility generally available on IMAP servers.  However, there do exist
 patches which will OTP-enable the University of Washington IMAP
-daemon, version 4.2-FINAL.  And we have a report that the GSSAPI
-support in fetchmail works with the GSSAPI support in the most recent
-version of UW IMAP.<P>
+daemon, version 4.2-FINAL.  We have a report that the GSSAPI support
+in fetchmail works with the GSSAPI support in the most recent version
+of UW IMAP.  Or you can use <a href="#K5">SSL</a> for complete
+end-to-end encryption if you have an SSL-enabled mailserver.<P>
 
 You can get both POP3 and IMAP OTP patches from <a name="cmetz">Craig
 Metz</A>, over FTP via either
@@ -1692,51 +1693,17 @@ your .fetchmailrc, or across the network.<p>
 <hr>
 <h2><a name="K5">K5. How can I use fetchmail with SSL?</a></h2>
 
-The U.S. government's never-to-be-sufficiently-damned EAR regulations
-prevent me from including SSL library hooks in the distribution.
-However, the First Amendment of the U.S. Constitution hasn't been
-eviscerated (not yet, anyway -- our would-be totalitarians are
-working on trashing the Second Amendment first).<P>
+You'll need to have the <a href="http://www.openssl.org/">OpenSSL</a>
+libraries installed.  Configure with --with-ssl.  If you have the
+OpenSSL libraries installed in the default location (/usr/local/ssl)
+this will suffice.  If you have them installed in a non-default
+location, you'll need to specify it as an argument to --with-ssl after
+an equal sign.<p>
 
-<h3>Option 1:</h3>
-
-I can therefore safely <em>tell</em> you, in documentation, that there
-appears to be a way to set up an SSL command chain using the `plugin'
-option (originally designed for handling proxy connections across
-firewalls).<P>
-
-Get your hands on the <a
-href="http://www.psy.uq.edu.au:8080/~ftp/Crypto/">SSLeay</a> code.
-Now make yourself a script called `ssl_connect' that calls the SSLeay
-utility `s_client' as follows:<P>
-
-<pre>
-/usr/local/ssl/bin/s_client -quiet -ssl2 -connect $1:$2
-</pre>
-
-Now add `plugin ssl_connect' to the server options for your connection.<P>
-
-<h3>Option 2:</h3>
-
-For those in the U.S., there is a set of SSL patches for fetchmail
-available from the <a href="http://www.cryptography.org">North
-American Cryptographic Archives</a>, in the SSL directory.  You have
-to answer three questions about your qualification to access the
-archive, before you are allowed in.  You can enter through the main
-page for the server and browse the archive, or you can go <a
-href="http://www.cryptography.org/cgi-bin/crypto.cgi/SSL">straight to
-the SSL directory</a>.  There you will find patch files against the
-fetchmail release sources as well as patched source tarballs.<P>
-
-While we cannot make the SSL sources available to anyone outside of the
-U.S. at this time, if the patches do leak out of the U.S. through no
-fault of our own, and someone informs us of their location, we can
-provide the URL pointing to archive sites outside of the U.S.<P>
-
-Newer versions of the SSL patches make appear in the `new' directory
-and stay there a while until they can be processed and moved to the SSL
-directory.  Check for patches in `new' if you do not find patches
-for the latest fetchmail release.<P>
+Fetchmail binaries built this way support <code>ssl</code>,
+<code>sslkey</code>, and <code>sslcert</code> options that control
+SSL encryption.  You will need to have an SSL-enabled mailserver
+to use these options.  See the manual page for detals.<p>
 
 <hr>
 <h2><a name="R1">R1. Fetchmail isn't working, and -v shows `SMTP connect failed' messages.</a></h2>
@@ -2514,7 +2481,7 @@ inactivity timeout.<p>
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
 <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/10/26 18:18:05 $
+<td width="30%" align=right>$Date: 1999/10/31 17:17:42 $
 </table>
 
 <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com">&lt;esr@snark.thyrsus.com&gt;</A></ADDRESS>
diff --git a/socket.c b/socket.c
index 6d82c428..78859a4b 100644
--- a/socket.c
+++ b/socket.c
@@ -300,10 +300,10 @@ va_dcl {
 }
 
 #ifdef SSL_ENABLE
-#include "openssl/ssl.h"
-#include "openssl/err.h"
-#include "openssl/pem.h"
-#include "openssl/x509.h"
+#include "ssl.h"
+#include "err.h"
+#include "pem.h"
+#include "x509.h"
 
 static	SSL_CTX *_ctx = NULL;
 static	SSL *_ssl_context[FD_SETSIZE];
-- 
cgit v1.2.3