From: Matthias Andree Date: Tue, 25 Oct 2011 22:30:32 +0000 (+0200) Subject: Fix build on SSLv2-disabled OpenSSL setups X-Git-Url: http://pileus.org/git/?p=~andy%2Ffetchmail;a=commitdiff_plain;h=9f9c3cbd8d825f80e99ddfdefa530be3955bcd56 Fix build on SSLv2-disabled OpenSSL setups On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether. --- diff --git a/NEWS b/NEWS index e4656ecb..7e4fd664 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,13 @@ removed from a 6.4.0 or newer release.) * The Server certificate: message in verbose mode now appears on stdout like the remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807. +# CHANGE +* On systems where SSLv2_client_method isn't defined in OpenSSL (such as + newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't + reference it (to fix the build) and print a run-time error that the OS + does not support SSLv2. Fixes Debian Bug #622054, but note that that bug + report has a more thorough patch that does away with SSLv2 altogether. + fetchmail-6.3.21 (released 2011-08-21, 26011 LoC): diff --git a/configure.ac b/configure.ac index b66ad809..de3a37a3 100644 --- a/configure.ac +++ b/configure.ac @@ -799,6 +799,11 @@ else AC_MSG_NOTICE(Disabling SSL support.) fi +case "$LIBS" in *-lssl*) + AC_CHECK_DECLS([SSLv2_client_method],,,[#include ]) + ;; +esac + ### use option --with-socks=DIR to point at SOCKS library AC_ARG_WITH(socks, [ --with-socks[=DIR] add built-in SOCKS firewall access], diff --git a/fetchmail.man b/fetchmail.man index 237710f8..e953a5dd 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -474,7 +474,8 @@ Also see \-\-sslcert above. (Keyword: sslproto) .br Forces an SSL/TLS protocol. Possible values are \fB''\fP, -\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged +\&'\fBSSL2\fP' (not supported on all systems), +\&'\fBSSL23\fP', (use of these two values is discouraged and should only be used as a last resort) \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will diff --git a/socket.c b/socket.c index d2004819..260b0aa3 100644 --- a/socket.c +++ b/socket.c @@ -874,7 +874,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck _ssl_context[sock] = NULL; if(myproto) { if(!strcasecmp("ssl2",myproto)) { +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); +#else + report(stderr, GT_("Your operating system does not support SSLv2.\n")); + return -1; +#endif } else if(!strcasecmp("ssl3",myproto)) { _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); } else if(!strcasecmp("tls1",myproto)) {