src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch

   1 From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001
   2 From: Matthias Andree <matthias.andree@gmx.de>
   3 Date: Fri, 16 Jan 2015 20:48:46 +0100
   4 Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL,
   5
   6 providing that these also omit the declaration of SSLv3_client_method().
   7 Related to Debian Bug#775255.
   8 Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
   9 Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
  10
  11 diff --git a/configure.ac b/configure.ac
  12 index bdcbb20..9248b26 100644
  13 --- a/configure.ac
  14 +++ b/configure.ac
  15 @@ -803,6 +803,7 @@ fi
  16
  17  case "$LIBS" in *-lssl*)
  18         AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
  19 +       AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
  20         ;;
  21  esac
  22
  23 diff --git a/fetchmail.c b/fetchmail.c
  24 index 5f31d6e..be0e9ab 100644
  25 --- a/fetchmail.c
  26 +++ b/fetchmail.c
  27 @@ -263,6 +263,12 @@ int main(int argc, char **argv)
  28  #ifdef SSL_ENABLE
  29         "+SSL"
  30  #endif
  31 +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
  32 +       "-SSLv2"
  33 +#endif
  34 +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
  35 +       "-SSLv3"
  36 +#endif
  37  #ifdef OPIE_ENABLE
  38         "+OPIE"
  39  #endif /* OPIE_ENABLE */
  40
  41 diff --git a/socket.c b/socket.c
  42 index 58a8e15..91a21c2 100644
  43 --- a/socket.c
  44 +++ b/socket.c
  45 @@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
  46  #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
  47                         _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
  48  #else
  49 -                       report(stderr, GT_("Your operating system does not support SSLv2.\n"));
  50 +                       report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
  51                         return -1;
  52  #endif
  53                 } else if(!strcasecmp("ssl3",myproto)) {
  54 +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
  55                         _ctx[sock] = SSL_CTX_new(SSLv3_client_method());
  56 +#else
  57 +                       report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
  58 +                       return -1;
  59 +#endif
  60                 } else if(!strcasecmp("tls1",myproto)) {
  61                         _ctx[sock] = SSL_CTX_new(TLSv1_client_method());
  62                 } else if (!strcasecmp("ssl23",myproto)) {