Add new gai.c debug source.

[~andy/fetchmail] / socket.c

diff --git a/socket.c b/socket.c
index 260b0aa31f16eaf5f0d9023716a57834ff024983..3e4a3acd68390b721a72597e020704f709519ab7 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -689,7 +689,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
                                                        }
                                                }
                                        }
-                                       sk_GENERAL_NAME_free(gens);
+                                       GENERAL_NAMES_free(gens);
                                }
                                if (name_match(p1, p2)) {
                                        matched = 1;
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 {
         struct stat randstat;
         int i;
+       long sslopts = SSL_OP_ALL;
 
        SSL_load_error_strings();
        SSL_library_init();
@@ -899,7 +900,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
                return(-1);
        }
 
-       SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+       {
+           char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
+           if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
+               sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+       }
+
+       SSL_CTX_set_options(_ctx[sock], sslopts);
 
        if (certck) {
                SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);