X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=3e4a3acd68390b721a72597e020704f709519ab7;hb=91644ff0b2e6eb3b26c5544a4a769ca4aaf08a14;hp=33b7c40c2a74124368886508432d4b2059baadd4;hpb=f3b0aa05fd1a1912d9c5fad7ebbaa7dcec31e047;p=~andy%2Ffetchmail diff --git a/socket.c b/socket.c index 33b7c40c..3e4a3acd 100644 --- a/socket.c +++ b/socket.c @@ -200,31 +200,6 @@ static int handle_plugin(const char *host, } #endif /* HAVE_SOCKETPAIR */ -static int setsocktimeout(int sock, int which, int timeout) { - struct timeval tv; - int rc; - - tv.tv_sec = timeout; - tv.tv_usec = 0; - rc = setsockopt(sock, SOL_SOCKET, which, &tv, sizeof(tv)); - if (rc) { - report(stderr, GT_("setsockopt(%d, SOL_SOCKET) failed: %s"), sock, strerror(errno)); - } - return rc; -} - -/** Configure socket options such as send/receive timeout at the socket - * level, to avoid network-induced stalls. - */ -int SockTimeout(int sock, int timeout) -{ - int err = 0; - - if (setsocktimeout(sock, SO_RCVTIMEO, timeout)) err = 1; - if (setsocktimeout(sock, SO_SNDTIMEO, timeout)) err = 1; - return err; -} - /** Set socket to SO_KEEPALIVE. \return 0 for success. */ int SockKeepalive(int sock) { int keepalive = 1; @@ -325,7 +300,6 @@ int SockOpen(const char *host, const char *service, continue; } - SockTimeout(i, mytimeout); SockKeepalive(i); /* Save socket descriptor. @@ -628,7 +602,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) if (outlevel >= O_VERBOSE) { if (depth == 0 && SSLverbose) - report(stderr, GT_("Server certificate:\n")); + report(stdout, GT_("Server certificate:\n")); else { if (_firstrun) { _firstrun = 0; @@ -715,7 +689,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) } } } - sk_GENERAL_NAME_free(gens); + GENERAL_NAMES_free(gens); } if (name_match(p1, p2)) { matched = 1; @@ -870,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck { struct stat randstat; int i; + long sslopts = SSL_OP_ALL; SSL_load_error_strings(); SSL_library_init(); @@ -900,7 +875,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck _ssl_context[sock] = NULL; if(myproto) { if(!strcasecmp("ssl2",myproto)) { +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); +#else + report(stderr, GT_("Your operating system does not support SSLv2.\n")); + return -1; +#endif } else if(!strcasecmp("ssl3",myproto)) { _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); } else if(!strcasecmp("tls1",myproto)) { @@ -920,7 +900,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck return(-1); } - SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL); + { + char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE"); + if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp)) + sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + } + + SSL_CTX_set_options(_ctx[sock], sslopts); if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);