X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=634b4760b87d0ffa106620e62a436967a50d1ea8;hb=464bab19acf0aaeb8c5512c2092042162266de2d;hp=260b0aa31f16eaf5f0d9023716a57834ff024983;hpb=9f9c3cbd8d825f80e99ddfdefa530be3955bcd56;p=~andy%2Ffetchmail

diff --git a/socket.c b/socket.c
index 260b0aa3..634b4760 100644
--- a/socket.c
+++ b/socket.c
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 {
         struct stat randstat;
         int i;
+	long sslopts = SSL_OP_ALL;
 
 	SSL_load_error_strings();
 	SSL_library_init();
@@ -899,7 +900,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		return(-1);
 	}
 
-	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+	{
+	    char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
+	    if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
+		sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+	}
+
+	SSL_CTX_set_options(_ctx[sock], sslopts);
 
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);