[pkg-fetchmail-maint] Bug#775255: Bug#775255: fetchmail: Fails to start when libssl has SSLv3 disabled

Nico Golde nion at debian.org
Tue Jan 13 23:38:54 UTC 2015 

Hi,
* Chiraag Nataraj <chiraag.nataraj at gmail.com> [2015-01-13 12:22]:
> Package: fetchmail
> Version: 6.3.26-1+b1
> Severity: grave
> Justification: renders package unusable

You filed a bug against a version that works absolutely fine with the openssl 
version it is supposed to work with. Hence, I'm inclined to close that bug or 
downgrade it to wishlist in favor of removing/disabling sslv3 support in 
fetchmail.

> When the latest version of libssl1.0.0 is installed from experimental (which has SSLv3 disabled), Fetchmail exits with the following error:
> 
> fetchmail: relocation error: fetchmail: symbol SSLv3_client_method, version OPENSSL_1.0.0 not defined in file libssl.so.1.0.0 with link time reference

See above

> Fetchmail should be rebuilt to not require SSLv3.

The patch you included simply removes this feature entirely:
--- fetchmail-6.3.26/socket.c   2013-04-23 22:00:45.000000000 +0200
+++ socket.c    2015-01-14 00:29:53.412608735 +0100
@@ -913,8 +913,6 @@
                        report(stderr, GT_("Your operating system does not support SSLv2.\n"));
                        return -1;
 #endif
-               } else if(!strcasecmp("ssl3",myproto)) {
-                       _ctx[sock] = SSL_CTX_new(SSLv3_client_method());
                } else if(!strcasecmp("tls1",myproto)) {
                        _ctx[sock] = SSL_CTX_new(TLSv1_client_method());
                } else if (!strcasecmp("ssl23",myproto)) {

In the current git version of fetchmail, sslv3 is not negotiated by default, 
unless a user explicitly requests to do so. As such I'm not sure how useful 
this patch is as well.

Matthias, do you mind weighing in on this?

Thanks
Nico
-- 
Nico Golde - XMPP: nion at jabber.ccc.de - GPG: 0xA0A0AAAA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20150114/5cc7b264/attachment.sig>

More information about the pkg-fetchmail-maint mailing list