]> Pileus Git - ~andy/fetchmail/blobdiff - socket.c
projects / ~andy / fetchmail / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reinstate SSLv2 support on legacy_63 branch.
[~andy/fetchmail] / socket.c
diff --git a/socket.c b/socket.c
index 26e37de8e553cb428d4806b844f2a7c0ef097807..f513d9ffdd3db4b1691a7beabecfa0fde715c8a9 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -899,14 +899,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
        /* Make sure a connection referring to an older context is not left */
        _ssl_context[sock] = NULL;
        if(myproto) {
-               if(!strcasecmp("ssl3",myproto)) {
+               if(!strcasecmp("ssl2",myproto)) {
+                       _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+               } else if(!strcasecmp("ssl3",myproto)) {
                        _ctx[sock] = SSL_CTX_new(SSLv3_client_method());
                } else if(!strcasecmp("tls1",myproto)) {
                        _ctx[sock] = SSL_CTX_new(TLSv1_client_method());
                } else if (!strcasecmp("ssl23",myproto)) {
                        myproto = NULL;
                } else {
-                       fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto);
+                       fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
                        myproto = NULL;
                }
        }
@@ -918,7 +920,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
                return(-1);
        }
 
-       SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2);
+       SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
 
        if (certck) {
                SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
Andy's fetchmail repository