On Fri, Apr 19, 2002 at 12:11:23PM -0400, Rob Funk wrote:
Patrique Wolfrum wrote:
I compiled fetchmail wih SSL-Support (openssl 0.9.6b-18 (installed via
Redhat RPM)), and when it fetches mails from my GMX-account (via SSL), it
works fine. But when it tries to fetch mails from my university account,
which can only be accessed via SSL, I get the following error message via
'fetchmail -v -v':
POP3< +OK Communicate Pro POP3 Server 3.4.7 ready
POP3> CAPA
POP3< +OK capability list follows
POP3< SASL LOGIN PLAIN CRAM-MD5 DIGEST-MD5
POP3< TOP
POP3< USER
POP3< PIPELINING
POP3< UIDL
POP3< LAST
POP3< STLS
POP3< IMPLEMENTATION Communicate Pro
POP3< .
POP3> STLS
POP3< -ERR already secured
already secured
16157:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
SSL connection failed
Authorization failure
POP3> QUIT
It looks to me like fetchmail is connecting through SSL to start with
(via port 995), then seeing STLS listed in the capabilities and trying
to use it to (redundantly) encrypt the rest of the session.
It would help if you would show us your .fetchmailrc.
I don't think a server is supposed to advertise STLS as a capability
if the connection is already secure, but I also don't think fetchmail
should try to use STLS if the connection is already secure, so I'd say
they're both broken.
The following patch should fix this problem, but it seems
suboptimal.
Surprisingly, with fetchmail 5.9.8 it works just fine.
Interesting.
STLS support was added in 5.9.9.
Matt
--- fetchmail-5.9.11/pop3.c Fri Mar 8 20:10:24 2002
+++ fetchmail/pop3.c Fri Apr 19 09:24:54 2002
@@ -232,7 +232,7 @@
}
#ifdef SSL_ENABLE
- if (has_ssl &&
+ if (has_ssl && !ctl->use_ssl &&
#if INET6_ENABLE
ctl->server.service && (strcmp(ctl->server.service, "pop3s"))
#else /* INET6_ENABLE */
pgp8mgII5UVJb.pgp
Description: PGP signature