From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Fri, 16 Jan 2015 20:48:46 +0100 Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL, providing that these also omit the declaration of SSLv3_client_method(). Related to Debian Bug#775255. Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method(). --- NEWS | 6 ++++++ configure.ac | 1 + fetchmail.c | 6 ++++++ po/de.po | 23 ++++++++++++++--------- socket.c | 7 ++++++- 5 files changed, 33 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index bdcbb20..9248b26 100644 --- a/configure.ac +++ b/configure.ac @@ -803,6 +803,7 @@ fi case "$LIBS" in *-lssl*) AC_CHECK_DECLS([SSLv2_client_method],,,[#include ]) + AC_CHECK_DECLS([SSLv3_client_method],,,[#include ]) ;; esac diff --git a/fetchmail.c b/fetchmail.c index 5f31d6e..be0e9ab 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -263,6 +263,12 @@ int main(int argc, char **argv) #ifdef SSL_ENABLE "+SSL" #endif +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 + "-SSLv2" +#endif +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 + "-SSLv3" +#endif #ifdef OPIE_ENABLE "+OPIE" #endif /* OPIE_ENABLE */ diff --git a/socket.c b/socket.c index 58a8e15..91a21c2 100644 --- a/socket.c +++ b/socket.c @@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); #else - report(stderr, GT_("Your operating system does not support SSLv2.\n")); + report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); return -1; #endif } else if(!strcasecmp("ssl3",myproto)) { +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); +#else + report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); + return -1; +#endif } else if(!strcasecmp("tls1",myproto)) { _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); } else if (!strcasecmp("ssl23",myproto)) { -- libgit2 0.24.0