X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=socket.c;h=daa291d37f97badb24917d5f4136eb21b8811cd7;hb=0aa3f030cdb0ab4a8e45360e6c1ec599d97e8acd;hp=62fe9cbd7b9543961ad778422e267eb6b1f260fa;hpb=8bde3b2f911309bdac2d1dcea46c10a5190c37cb;p=~andy%2Ffetchmail diff --git a/socket.c b/socket.c index 62fe9cbd..daa291d3 100644 --- a/socket.c +++ b/socket.c @@ -320,6 +320,7 @@ int SockPrintf(int sock, const char* format, ...) } #ifdef SSL_ENABLE +#define OPENSSL_NO_SSL_INTERN 1 #include #include #include @@ -778,6 +779,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck { struct stat randstat; int i; + long sslopts = SSL_OP_ALL; SSL_load_error_strings(); SSL_library_init(); @@ -807,14 +809,21 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck /* Make sure a connection referring to an older context is not left */ _ssl_context[sock] = NULL; if(myproto) { - if(!strcasecmp("ssl3",myproto)) { + if(!strcasecmp("ssl2",myproto)) { +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 + _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); +#else + report(stderr, GT_("Your operating system does not support SSLv2.\n")); + return -1; +#endif + } else if(!strcasecmp("ssl3",myproto)) { _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); } else if(!strcasecmp("tls1",myproto)) { _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); } else if (!strcasecmp("ssl23",myproto)) { myproto = NULL; } else { - fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto); + fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto); myproto = NULL; } } @@ -826,7 +835,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck return(-1); } - SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2); + SSL_CTX_set_options(_ctx[sock], (SSL_OP_ALL | SSL_OP_NO_SSLv2) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);