Attempt merging from 6.3.24.

[~andy/fetchmail] / socket.c

diff --git a/socket.c b/socket.c
index c8117a554ed759ae6f28522d924d17d6515994d9..1f90efe8d89dbece28b43a14e540a019cfeba249 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -101,6 +101,7 @@ static char *const *parse_plugin(const char *plugin, const char *host, const cha
        if (!argvec)
        {
                report(stderr, GT_("fetchmail: malloc failed\n"));
+               free(plugin_copy);
                return NULL;
        }
        memset(argvec, 0, s);
@@ -135,10 +136,6 @@ static int handle_plugin(const char *host,
        report(stderr, GT_("fetchmail: socketpair failed\n"));
        return -1;
     }
-
-    if (SockTimeout(fds[0], mytimeout)) return -1;
-    if (SockTimeout(fds[1], mytimeout)) return -1;
-
     switch (fork()) {
        case -1:
                /* error */
@@ -170,32 +167,6 @@ static int handle_plugin(const char *host,
     return fds[1];
 }
 
-static int setsocktimeout(int sock, int which, int timeout) {
-    struct timeval tv;
-    int rc;
-
-    tv.tv_sec = timeout;
-    tv.tv_usec = 0;
-    rc = setsockopt(sock, SOL_SOCKET, which, &tv, sizeof(tv));
-    if (rc) {
-       report(stderr, GT_("setsockopt(%d, SOL_SOCKET) failed: %s"), sock, strerror(errno));
-    }
-    return rc;
-}
-
-/** Configure socket options such as send/receive timeout at the socket
- * level, to avoid network-induced stalls. \return 0 for success, 1 for
- * error.
- */
-int SockTimeout(int sock, int timeout)
-{
-    int err = 0;
-
-    if (setsocktimeout(sock, SO_RCVTIMEO, timeout)) err = 1;
-    if (setsocktimeout(sock, SO_SNDTIMEO, timeout)) err = 1;
-    return err;
-}
-
 /** Set socket to SO_KEEPALIVE. \return 0 for success. */
 int SockKeepalive(int sock) {
     int keepalive = 1;
@@ -294,7 +265,6 @@ int SockOpen(const char *host, const char *service,
            continue;
        }
 
-       SockTimeout(i, mytimeout);
        SockKeepalive(i);
 
        /* Save socket descriptor.
@@ -350,6 +320,7 @@ int SockPrintf(int sock, const char* format, ...)
 }
 
 #ifdef SSL_ENABLE
+#define OPENSSL_NO_SSL_INTERN 1
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
@@ -566,7 +537,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
 
        if (outlevel >= O_VERBOSE) {
                if (depth == 0 && SSLverbose)
-                       report(stderr, GT_("Server certificate:\n"));
+                       report(stdout, GT_("Server certificate:\n"));
                else {
                        if (_firstrun) {
                                _firstrun = 0;
@@ -653,7 +624,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
                                                        }
                                                }
                                        }
-                                       sk_GENERAL_NAME_free(gens);
+                                       GENERAL_NAMES_free(gens);
                                }
                                if (name_match(p1, p2)) {
                                        matched = 1;
@@ -856,7 +827,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
                return(-1);
        }
 
-       SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2);
+       SSL_CTX_set_options(_ctx[sock], (SSL_OP_ALL | SSL_OP_NO_SSLv2) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
 
        if (certck) {
                SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);