A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently:
http://gitorious.org/fetchmail/fetchmail/commit/
48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch
Older implementations of OpenSSL do not support SSL_CTX_clear_options().
This patch reworks the previous change to avoid the use of
SL_CTX_clear_options() and instead clears the corresponding bit in
SSL_OP_ALL before calling SSL_CTX_set_options().
{
struct stat randstat;
int i;
+ long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
SSL_library_init();
return(-1);
}
- SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
-
{
char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
- SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+ sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
}
+ SSL_CTX_set_options(_ctx[sock], sslopts);
+
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
} else {