[ipfire-2.x.git] / src / patches / fetchmail-6.3.26-permit-build-without-ssl3.patch

From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 16 Jan 2015 20:48:46 +0100
Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL,

providing that these also omit the declaration of SSLv3_client_method().
Related to Debian Bug#775255.
Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().

diff --git a/configure.ac b/configure.ac
index bdcbb20..9248b26 100644
--- a/configure.ac
+++ b/configure.ac
@@ -803,6 +803,7 @@ fi
 
 case "$LIBS" in *-lssl*)
 	AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+	AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
 	;;
 esac
 
diff --git a/fetchmail.c b/fetchmail.c
index 5f31d6e..be0e9ab 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -263,6 +263,12 @@ int main(int argc, char **argv)
 #ifdef SSL_ENABLE
 	"+SSL"
 #endif
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
+	"-SSLv2"
+#endif
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
+	"-SSLv3"
+#endif
 #ifdef OPIE_ENABLE
 	"+OPIE"
 #endif /* OPIE_ENABLE */

diff --git a/socket.c b/socket.c
index 58a8e15..91a21c2 100644
--- a/socket.c
+++ b/socket.c
@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
 			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
 #else
-			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+			report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
 			return -1;
 #endif
 		} else if(!strcasecmp("ssl3",myproto)) {
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
+#else
+			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
+			return -1;
+#endif
 		} else if(!strcasecmp("tls1",myproto)) {
 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
 		} else if (!strcasecmp("ssl23",myproto)) {
Commit	Line	Data
d3cd9983 MT	1	From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001
	2	From: Matthias Andree <matthias.andree@gmx.de>
	3	Date: Fri, 16 Jan 2015 20:48:46 +0100
	4	Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL,
	5
	6	providing that these also omit the declaration of SSLv3_client_method().
	7	Related to Debian Bug#775255.
	8	Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
	9	Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
	10
	11	diff --git a/configure.ac b/configure.ac
	12	index bdcbb20..9248b26 100644
	13	--- a/configure.ac
	14	+++ b/configure.ac
	15	@@ -803,6 +803,7 @@ fi
	16
	17	case "$LIBS" in -lssl)
	18	AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
	19	+ AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
	20	;;
	21	esac
	22
	23	diff --git a/fetchmail.c b/fetchmail.c
	24	index 5f31d6e..be0e9ab 100644
	25	--- a/fetchmail.c
	26	+++ b/fetchmail.c
	27	@@ -263,6 +263,12 @@ int main(int argc, char **argv)
	28	#ifdef SSL_ENABLE
	29	"+SSL"
	30	#endif
	31	+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
	32	+ "-SSLv2"
	33	+#endif
	34	+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
	35	+ "-SSLv3"
	36	+#endif
	37	#ifdef OPIE_ENABLE
	38	"+OPIE"
	39	#endif /* OPIE_ENABLE */
	40
	41	diff --git a/socket.c b/socket.c
	42	index 58a8e15..91a21c2 100644
	43	--- a/socket.c
	44	+++ b/socket.c
	45	@@ -910,11 +910,16 @@ int SSLOpen(int sock, char mycert, char mykey, const char *myproto, int certck
	46	#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
	47	_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
	48	#else
	49	- report(stderr, GT_("Your operating system does not support SSLv2.\n"));
	50	+ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
	51	return -1;
	52	#endif
	53	} else if(!strcasecmp("ssl3",myproto)) {
	54	+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
	55	_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
	56	+#else
	57	+ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
	58	+ return -1;
	59	+#endif
	60	} else if(!strcasecmp("tls1",myproto)) {
	61	_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
	62	} else if (!strcasecmp("ssl23",myproto)) {