if (!argvec)
{
report(stderr, GT_("fetchmail: malloc failed\n"));
+ free(plugin_copy);
return NULL;
}
memset(argvec, 0, s);
(void) close(fds[1]);
if ( (dup2(fds[0],0) == -1) || (dup2(fds[0],1) == -1) ) {
report(stderr, GT_("dup2 failed\n"));
- exit(1);
+ _exit(EXIT_FAILURE);
}
/* fds[0] is now connected to 0 and 1; close it */
(void) close(fds[0]);
argvec = parse_plugin(plugin,host,service);
execvp(*argvec, argvec);
report(stderr, GT_("execvp(%s) failed\n"), *argvec);
- exit(0);
+ _exit(EXIT_FAILURE);
break;
default: /* parent */
/* NOP */
return fds[1];
}
+/** Set socket to SO_KEEPALIVE. \return 0 for success. */
+int SockKeepalive(int sock) {
+ int keepalive = 1;
+ return setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive, sizeof keepalive);
+}
+
int UnixOpen(const char *path)
{
int sock = -1;
return -1;
}
- /* Socket opened saved. Usefull if connect timeout
- * because it can be closed.
- */
- mailserver_socket_temp = sock;
-
- if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0)
+ /* Socket opened saved. Useful if connect timeout
+ * because it can be closed.
+ */
+ mailserver_socket_temp = sock;
+
+ if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0)
{
int olderr = errno;
fm_close(sock); /* don't use SockClose, no traffic yet */
errno = olderr;
sock = -1;
}
-
- /* No connect timeout, then no need to set mailserver_socket_temp */
- mailserver_socket_temp = -1;
+
+ /* No connect timeout, then no need to set mailserver_socket_temp */
+ mailserver_socket_temp = -1;
return sock;
}
continue;
}
+ SockKeepalive(i);
+
/* Save socket descriptor.
* Used to close the socket after connect timeout. */
mailserver_socket_temp = i;
return i;
}
-
int SockPrintf(int sock, const char* format, ...)
{
va_list ap;
}
#ifdef SSL_ENABLE
+#define OPENSSL_NO_SSL_INTERN 1
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
/* OK... SSL_peek works a little different from MSG_PEEK
Problem is that SSL_peek can return 0 if there
is no data currently available. If, on the other
- hand, we loose the socket, we also get a zero, but
+ hand, we lose the socket, we also get a zero, but
the SSL_read then SEGFAULTS! To deal with this,
we'll check the error code any time we get a return
of zero from SSL_peek. If we have an error, we bail.
if (outlevel >= O_VERBOSE) {
if (depth == 0 && SSLverbose)
- report(stderr, GT_("Server certificate:\n"));
+ report(stdout, GT_("Server certificate:\n"));
else {
if (_firstrun) {
_firstrun = 0;
{
struct stat randstat;
int i;
+ long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
SSL_library_init();
_ssl_context[sock] = NULL;
if(myproto) {
if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+ report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ return -1;
+#endif
} else if(!strcasecmp("ssl3",myproto)) {
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
} else if(!strcasecmp("tls1",myproto)) {
return(-1);
}
- SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+ SSL_CTX_set_options(_ctx[sock], (SSL_OP_ALL | SSL_OP_NO_SSLv2) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
return count;
}
#endif /* __CYGWIN__ */
-
-#ifdef MAIN
-/*
- * Use the chargen service to test input buffering directly.
- * You may have to uncomment the `chargen' service description in your
- * inetd.conf (and then SIGHUP inetd) for this to work. */
-main()
-{
- int sock = SockOpen("localhost", "chargen", NULL);
- char buf[80];
-
- while (SockRead(sock, buf, sizeof(buf)-1))
- SockWrite(1, buf, strlen(buf));
- SockClose(sock);
-}
-#endif /* MAIN */
-
-/* socket.c ends here */