Complete Dominik's name.

[~andy/fetchmail] / socket.c

diff --git a/socket.c b/socket.c
index e338207a0a97a6c476286d3ed8c5996480c6a3d3..3e4a3acd68390b721a72597e020704f709519ab7 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -602,7 +602,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
 
        if (outlevel >= O_VERBOSE) {
                if (depth == 0 && SSLverbose)
-                       report(stderr, GT_("Server certificate:\n"));
+                       report(stdout, GT_("Server certificate:\n"));
                else {
                        if (_firstrun) {
                                _firstrun = 0;
@@ -689,7 +689,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
                                                        }
                                                }
                                        }
-                                       sk_GENERAL_NAME_free(gens);
+                                       GENERAL_NAMES_free(gens);
                                }
                                if (name_match(p1, p2)) {
                                        matched = 1;
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 {
         struct stat randstat;
         int i;
+       long sslopts = SSL_OP_ALL;
 
        SSL_load_error_strings();
        SSL_library_init();
@@ -874,7 +875,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
        _ssl_context[sock] = NULL;
        if(myproto) {
                if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
                        _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+                       report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+                       return -1;
+#endif
                } else if(!strcasecmp("ssl3",myproto)) {
                        _ctx[sock] = SSL_CTX_new(SSLv3_client_method());
                } else if(!strcasecmp("tls1",myproto)) {
@@ -894,7 +900,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
                return(-1);
        }
 
-       SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+       {
+           char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
+           if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
+               sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+       }
+
+       SSL_CTX_set_options(_ctx[sock], sslopts);
 
        if (certck) {
                SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);