From 6adcb0cc60e672ea36e3044451c9683b2eb49d64 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 15 Nov 2015 12:07:02 +0100 Subject: Enable --sslcertck by default. There are no sslcertck (rcfile) and --nosslcertck (command line) options that can be combined with [--]sslfingerprint if so desired. The documentation is deliberately not updated everywhere, so that recommendations to use --sslcertck stand, this is for the benefit of users that read fetchmail v6.4.0 manuals to configure a fetchmail v6.3.X implementation. --- fetchmail.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'fetchmail.c') diff --git a/fetchmail.c b/fetchmail.c index 0758d3e3..3250a0f6 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -1268,7 +1268,7 @@ static int load_params(int argc, char **argv, int optind) DEFAULT(ctl->server.dns, TRUE); DEFAULT(ctl->server.uidl, FALSE); DEFAULT(ctl->use_ssl, FALSE); - DEFAULT(ctl->sslcertck, FALSE); + DEFAULT(ctl->sslcertck, TRUE); DEFAULT(ctl->server.checkalias, FALSE); #ifndef SSL_ENABLE /* @@ -1720,6 +1720,8 @@ static void dump_params (struct runctl *runp, printf(GT_(" SSL protocol: %s.\n"), ctl->sslproto); if (ctl->sslcertck) { printf(GT_(" SSL server certificate checking enabled.\n")); + } else { + printf(GT_(" SSL server certificate checking disabled.\n")); } if (ctl->sslcertfile != NULL) printf(GT_(" SSL trusted certificate file: %s\n"), ctl->sslcertfile); -- cgit v1.2.3