* The Server certificate: message in verbose mode now appears on stdout like the
remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
+# CHANGE
+* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
+ newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
+ reference it (to fix the build) and print a run-time error that the OS
+ does not support SSLv2. Fixes Debian Bug #622054, but note that that bug
+ report has a more thorough patch that does away with SSLv2 altogether.
+
fetchmail-6.3.21 (released 2011-08-21, 26011 LoC):
AC_MSG_NOTICE(Disabling SSL support.)
fi
+case "$LIBS" in *-lssl*)
+ AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+ ;;
+esac
+
### use option --with-socks=DIR to point at SOCKS library
AC_ARG_WITH(socks,
[ --with-socks[=DIR] add built-in SOCKS firewall access],
(Keyword: sslproto)
.br
Forces an SSL/TLS protocol. Possible values are \fB''\fP,
-\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged
+\&'\fBSSL2\fP' (not supported on all systems),
+\&'\fBSSL23\fP', (use of these two values is discouraged
and should only be used as a last resort) \&'\fBSSL3\fP', and
\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for
connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
_ssl_context[sock] = NULL;
if(myproto) {
if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+ report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ return -1;
+#endif
} else if(!strcasecmp("ssl3",myproto)) {
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
} else if(!strcasecmp("tls1",myproto)) {
projects / ~andy / fetchmail / commitdiff