X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=5f168b5b463e8aa88c93aaef0174cc7fdf6ea9c9;hb=e75c62b234a699557c023970466a8accd0b5a7b2;hp=e338207a0a97a6c476286d3ed8c5996480c6a3d3;hpb=ad72be8e9a6eeb93668cf51975d8df22e2f45beb;p=~andy%2Ffetchmail

diff --git a/socket.c b/socket.c
index e338207a..5f168b5b 100644
--- a/socket.c
+++ b/socket.c
@@ -602,7 +602,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
 
 	if (outlevel >= O_VERBOSE) {
 		if (depth == 0 && SSLverbose)
-			report(stderr, GT_("Server certificate:\n"));
+			report(stdout, GT_("Server certificate:\n"));
 		else {
 			if (_firstrun) {
 				_firstrun = 0;
@@ -874,7 +874,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 	_ssl_context[sock] = NULL;
 	if(myproto) {
 		if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
 			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+			return -1;
+#endif
 		} else if(!strcasecmp("ssl3",myproto)) {
 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
 		} else if(!strcasecmp("tls1",myproto)) {
@@ -896,6 +901,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 
 	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
 
+	{
+	    char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
+	    if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
+		SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+	}
+
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
 	} else {