[pkg-fetchmail-maint] Bug#294547: fetchmail hangs in SSL function
on non-SSL'ed account
Matthias Andree
matthias.andree at gmx.de
Wed Jul 26 21:41:56 UTC 2006
Reuben Thomas <rrt at sc3d.org> writes:
> Why is fetchmail doing SSL things when none of the accounts it's
> fetching from uses SSL? I double-checked that the process I gdb'ed was
> the same process listed in /var/run/fetchmail/fetchmail.pid.
If the server offers STLS in response to CAPA, fetchmail tries TLS v1,
as should be visible from a fetchmail -vv log.
Quoting the manpage:
--sslproto <name>
(Keyword: sslproto) Forces an SSL protocol. Possible
values are 'ssl2', 'ssl3', 'ssl23', and 'tls1'. Try this
if the default handshake does not work for your server. To
defeat automatic TLSv1 negotiation when the server
advertises STARTTLS or STLS, use '' or 'ssl23'. The
default is to try appropriate protocols depending on
context.
Note that you can use a "default" configuration entry to load such
options into all subsequent poll entries.
WRT the original "has to be restarted issue", Uli Zappe found a leak
where DNS resolver structures aren't freed properly when the connection
is interrupted and thus aborted by a timeout. This appears to cause
bogus caching of stale negative DNS replies at least on MacOS X and
perhaps elsewhere.
--
Matthias Andree
More information about the pkg-fetchmail-maint
mailing list