X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=5f168b5b463e8aa88c93aaef0174cc7fdf6ea9c9;hb=c91b9afbdf2e7c96924a646013fbf0243ef18143;hp=d3025b7bee723f187c238f8cb057d9fb32b5979d;hpb=47c05b10018f5ec7493e4bd9f521aaa18d96f1e2;p=~andy%2Ffetchmail diff --git a/socket.c b/socket.c index d3025b7b..5f168b5b 100644 --- a/socket.c +++ b/socket.c @@ -200,31 +200,6 @@ static int handle_plugin(const char *host, } #endif /* HAVE_SOCKETPAIR */ -static int setsocktimeout(int sock, int which, int timeout) { - struct timeval tv; - int rc; - - tv.tv_sec = timeout; - tv.tv_usec = 0; - rc = setsockopt(sock, SOL_SOCKET, which, &tv, sizeof(tv)); - if (rc) { - report(stderr, GT_("setsockopt(%d, SOL_SOCKET) failed: %s"), sock, strerror(errno)); - } - return rc; -} - -/** Configure socket options such as send/receive timeout at the socket - * level, to avoid network-induced stalls. - */ -int SockTimeout(int sock, int timeout) -{ - int err = 0; - - if (setsocktimeout(sock, SO_RCVTIMEO, timeout)) err = 1; - if (setsocktimeout(sock, SO_SNDTIMEO, timeout)) err = 1; - return err; -} - /** Set socket to SO_KEEPALIVE. \return 0 for success. */ int SockKeepalive(int sock) { int keepalive = 1; @@ -251,7 +226,6 @@ int UnixOpen(const char *path) */ mailserver_socket_temp = sock; - SockTimeout(sock, mytimeout); if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0) { int olderr = errno; @@ -326,7 +300,6 @@ int SockOpen(const char *host, const char *service, continue; } - SockTimeout(i, mytimeout); SockKeepalive(i); /* Save socket descriptor. @@ -391,8 +364,8 @@ va_dcl { #endif vsnprintf(buf, sizeof(buf), format, ap); va_end(ap); - SockTimeout(sock, mytimeout); return SockWrite(sock, buf, strlen(buf)); + } #ifdef SSL_ENABLE @@ -629,7 +602,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) if (outlevel >= O_VERBOSE) { if (depth == 0 && SSLverbose) - report(stderr, GT_("Server certificate:\n")); + report(stdout, GT_("Server certificate:\n")); else { if (_firstrun) { _firstrun = 0; @@ -901,7 +874,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck _ssl_context[sock] = NULL; if(myproto) { if(!strcasecmp("ssl2",myproto)) { +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); +#else + report(stderr, GT_("Your operating system does not support SSLv2.\n")); + return -1; +#endif } else if(!strcasecmp("ssl3",myproto)) { _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); } else if(!strcasecmp("tls1",myproto)) { @@ -923,6 +901,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL); + { + char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE"); + if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp)) + SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); + } + if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback); } else {