X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=3e4a3acd68390b721a72597e020704f709519ab7;hb=ecade79a63e9abad933e3705a02533620ddc92b5;hp=5f168b5b463e8aa88c93aaef0174cc7fdf6ea9c9;hpb=48809c5b9f6c9081f4031fa938dd63b060c18a4b;p=~andy%2Ffetchmail

diff --git a/socket.c b/socket.c
index 5f168b5b..3e4a3acd 100644
--- a/socket.c
+++ b/socket.c
@@ -689,7 +689,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
 							}
 						}
 					}
-					sk_GENERAL_NAME_free(gens);
+					GENERAL_NAMES_free(gens);
 				}
 				if (name_match(p1, p2)) {
 					matched = 1;
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 {
         struct stat randstat;
         int i;
+	long sslopts = SSL_OP_ALL;
 
 	SSL_load_error_strings();
 	SSL_library_init();
@@ -899,14 +900,14 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		return(-1);
 	}
 
-	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
-
 	{
 	    char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
 	    if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
-		SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+		sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
 	}
 
+	SSL_CTX_set_options(_ctx[sock], sslopts);
+
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
 	} else {