X-Git-Url: http://pileus.org/git/?p=~andy%2Ffetchmail;a=blobdiff_plain;f=socket.c;h=634b4760b87d0ffa106620e62a436967a50d1ea8;hp=5f168b5b463e8aa88c93aaef0174cc7fdf6ea9c9;hb=a2f52629d0dce57bf1a0c290b33cff9706087918;hpb=43515cd32a275ed67e5b85fdf42429deda4bd5be

diff --git a/socket.c b/socket.c
index 5f168b5b..634b4760 100644
--- a/socket.c
+++ b/socket.c
@@ -844,6 +844,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 {
         struct stat randstat;
         int i;
+	long sslopts = SSL_OP_ALL;
 
 	SSL_load_error_strings();
 	SSL_library_init();
@@ -899,14 +900,14 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		return(-1);
 	}
 
-	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
-
 	{
 	    char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
 	    if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
-		SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+		sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
 	}
 
+	SSL_CTX_set_options(_ctx[sock], sslopts);
+
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
 	} else {