}
#endif /* HAVE_SOCKETPAIR */
-static int setsocktimeout(int sock, int which, int timeout) {
- struct timeval tv;
- int rc;
-
- tv.tv_sec = timeout;
- tv.tv_usec = 0;
- rc = setsockopt(sock, SOL_SOCKET, which, &tv, sizeof(tv));
- if (rc) {
- report(stderr, GT_("setsockopt(%d, SOL_SOCKET) failed: %s\n"), sock, strerror(errno));
- }
- return rc;
-}
-
-/** Configure socket options such as send/receive timeout at the socket
- * level, to avoid network-induced stalls.
- */
-int SockTimeout(int sock, int timeout)
-{
- int err = 0;
-
- if (setsocktimeout(sock, SO_RCVTIMEO, timeout)) err = 1;
- if (setsocktimeout(sock, SO_SNDTIMEO, timeout)) err = 1;
- return err;
-}
-
/** Set socket to SO_KEEPALIVE. \return 0 for success. */
int SockKeepalive(int sock) {
int keepalive = 1;
*/
mailserver_socket_temp = sock;
- SockTimeout(sock, mytimeout);
if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0)
{
int olderr = errno;
continue;
}
- SockTimeout(i, mytimeout);
SockKeepalive(i);
/* Save socket descriptor.
#endif
vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
- SockTimeout(sock, mytimeout);
return SockWrite(sock, buf, strlen(buf));
+
}
#ifdef SSL_ENABLE
if (outlevel >= O_VERBOSE) {
if (depth == 0 && SSLverbose)
- report(stderr, GT_("Server certificate:\n"));
+ report(stdout, GT_("Server certificate:\n"));
else {
if (_firstrun) {
_firstrun = 0;
}
}
}
- sk_GENERAL_NAME_free(gens);
+ GENERAL_NAMES_free(gens);
}
if (name_match(p1, p2)) {
matched = 1;
{
struct stat randstat;
int i;
+ long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
SSL_library_init();
_ssl_context[sock] = NULL;
if(myproto) {
if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+ report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ return -1;
+#endif
} else if(!strcasecmp("ssl3",myproto)) {
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
} else if(!strcasecmp("tls1",myproto)) {
return(-1);
}
- SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+ {
+ char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
+ if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
+ sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ }
+
+ SSL_CTX_set_options(_ctx[sock], sslopts);
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);