]>
Commit | Line | Data |
---|---|---|
d3cd9983 MT |
1 | From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001 |
2 | From: Matthias Andree <matthias.andree@gmx.de> | |
3 | Date: Fri, 16 Jan 2015 20:48:46 +0100 | |
4 | Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL, | |
5 | ||
6 | providing that these also omit the declaration of SSLv3_client_method(). | |
7 | Related to Debian Bug#775255. | |
8 | Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). | |
9 | Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method(). | |
10 | ||
11 | diff --git a/configure.ac b/configure.ac | |
12 | index bdcbb20..9248b26 100644 | |
13 | --- a/configure.ac | |
14 | +++ b/configure.ac | |
15 | @@ -803,6 +803,7 @@ fi | |
16 | ||
17 | case "$LIBS" in *-lssl*) | |
18 | AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>]) | |
19 | + AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>]) | |
20 | ;; | |
21 | esac | |
22 | ||
23 | diff --git a/fetchmail.c b/fetchmail.c | |
24 | index 5f31d6e..be0e9ab 100644 | |
25 | --- a/fetchmail.c | |
26 | +++ b/fetchmail.c | |
27 | @@ -263,6 +263,12 @@ int main(int argc, char **argv) | |
28 | #ifdef SSL_ENABLE | |
29 | "+SSL" | |
30 | #endif | |
31 | +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 | |
32 | + "-SSLv2" | |
33 | +#endif | |
34 | +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 | |
35 | + "-SSLv3" | |
36 | +#endif | |
37 | #ifdef OPIE_ENABLE | |
38 | "+OPIE" | |
39 | #endif /* OPIE_ENABLE */ | |
40 | ||
41 | diff --git a/socket.c b/socket.c | |
42 | index 58a8e15..91a21c2 100644 | |
43 | --- a/socket.c | |
44 | +++ b/socket.c | |
45 | @@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck | |
46 | #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 | |
47 | _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); | |
48 | #else | |
49 | - report(stderr, GT_("Your operating system does not support SSLv2.\n")); | |
50 | + report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); | |
51 | return -1; | |
52 | #endif | |
53 | } else if(!strcasecmp("ssl3",myproto)) { | |
54 | +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 | |
55 | _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); | |
56 | +#else | |
57 | + report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); | |
58 | + return -1; | |
59 | +#endif | |
60 | } else if(!strcasecmp("tls1",myproto)) { | |
61 | _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); | |
62 | } else if (!strcasecmp("ssl23",myproto)) { |