X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=1655bf3cdb31c42c4539eebd6963bbf5327a4121;hb=fcf6c62bd9054d5c01c290fa9adc24a173440209;hp=1fab09ed0bbb94513e5ff4bba4574e3b266b834f;hpb=fb51627acfd79972c71f899cbfa9e112d1338575;p=~andy%2Ffetchmail

diff --git a/socket.c b/socket.c
index 1fab09ed..1655bf3c 100644
--- a/socket.c
+++ b/socket.c
@@ -101,6 +101,7 @@ static char *const *parse_plugin(const char *plugin, const char *host, const cha
 	if (!argvec)
 	{
 		report(stderr, GT_("fetchmail: malloc failed\n"));
+		free(plugin_copy);
 		return NULL;
 	}
 	memset(argvec, 0, s);
@@ -319,6 +320,7 @@ int SockPrintf(int sock, const char* format, ...)
 }
 
 #ifdef SSL_ENABLE
+#define OPENSSL_NO_SSL_INTERN 1
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
@@ -535,7 +537,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
 
 	if (outlevel >= O_VERBOSE) {
 		if (depth == 0 && SSLverbose)
-			report(stderr, GT_("Server certificate:\n"));
+			report(stdout, GT_("Server certificate:\n"));
 		else {
 			if (_firstrun) {
 				_firstrun = 0;
@@ -806,14 +808,21 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 	/* Make sure a connection referring to an older context is not left */
 	_ssl_context[sock] = NULL;
 	if(myproto) {
-		if(!strcasecmp("ssl3",myproto)) {
+		if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
+			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+			return -1;
+#endif
+		} else if(!strcasecmp("ssl3",myproto)) {
 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
 		} else if(!strcasecmp("tls1",myproto)) {
 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
 		} else if (!strcasecmp("ssl23",myproto)) {
 			myproto = NULL;
 		} else {
-			fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto);
+			fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
 			myproto = NULL;
 		}
 	}
@@ -825,7 +834,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		return(-1);
 	}
 
-	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2);
+	SSL_CTX_set_options(_ctx[sock], (SSL_OP_ALL | SSL_OP_NO_SSLv2) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
 
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);