[pkg-fetchmail-maint] Bug#768843: fetchmail: Improved TLS support
Kurt Roeckx
kurt at roeckx.be
Sun Nov 9 16:02:58 UTC 2014
Package: fetchmail
Tags: patch
Hi,
The attached patch improves fethcmail SSL/TLS support. It seems
to have some misunderstandings of openssl / SSL / TLS.
First, STARTTLS should work with both SSL and TLS, not just from
TLS 1.0. The TLS in STARTTLS does not mean it's TLS only, TLS is
just a different name for SSL.
It also still seems to think only TLS 1.0 is supported while there
are more recent versions, and it encourages SSL3 because SSL2 is
broken.
I've also changed the way in which opportunistic TLS works a
little. It seems to have only done this with TLS1 for the above
stated reasons which were wrong.
This patch results in the following changes with a server support
STARTTLS:
| --ssl | no option | sslproto ssl23| sslproto tls1
Old: | TLS 1.2 | TLS1.0 | not working | TLS1.0
New: | TLS 1.2 | TLS1.2 | TLS1.2 | TLS1.0
The "sslproto ssl23" case just send logout, I assume because
maybe_tls returns false.
This started by making the call to SSLv3_client_method() optional
in case openssl doesn't support it.
Kurt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fetchmail-tls.patch
Type: text/x-diff
Size: 12072 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20141109/a0df3d72/attachment.patch>
More information about the pkg-fetchmail-maint
mailing list