From 1877c3d444e6109a3d9273e46b4b9c8e8c50ea2a Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 30 Mar 2020 14:25:05 +0200 Subject: "Require" OpenSSL 1.1.1 and tolerate/warn 1.0.2. OpenSSL 1.0.2 is EOL since end of 2019, so warn if it is to be used at configure and compile time. The assumption is that 1.0.2 may still be in use by maintainers that backport security fixes. Also warn, at configure time, about "OpenSSL" API-compatible libraries that do not declare TLS1_3_VERSION. --- fetchmail-FAQ.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'fetchmail-FAQ.html') diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 5b9a1203..58e89e72 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -2070,7 +2070,7 @@ SSL?

You'll need to have the OpenSSL libraries installed, and they -should at least be version 1.0.2. +should at least be version 1.1.1. Configure with --with-ssl (default since fetchmail v6.4.0). If you have the OpenSSL libraries installed in commonly-used default locations, this will suffice. If you have them installed in a non-default location, @@ -2459,14 +2459,14 @@ applications linked against older OpenSSL versions.

Note: OpenSSL's c_rehash script is broken in several versions, which can cause malfunction if several OpenSSL tools versions are installed in parallel in separate directories. In such cases, you may need a workaround to -get things going. Assuming your OpenSSL 1.0.2 is installed in -/opt/openssl1.0.2 and your certificates are in +get things going. Assuming your OpenSSL 1.1.1 is installed in +/opt/openssl1.1.1 and your certificates are in /home/hans/certs, you'd do this (the corresponding fetchmail option is --sslcertpath /home/hans/certs on the commandline and sslcertpath /home/hans/cert in the rcfile):

-env PATH=/opt/openssl1.0.2/bin /opt/openssl1.0.2/bin/c_rehash /home/hans/certs
+env PATH=/opt/openssl1.1.1/bin /opt/openssl1.1.1/bin/c_rehash /home/hans/certs

R15. Help, I'm getting Authorization failure!

-- cgit v1.2.3