fetchmail-friends
[Top] [All Lists]

Re: [fetchmail] Fetchmail 6.1.1 can't login to a server that 5.9.14 can handle?

2002-11-19 04:47:25
Quoting from Nerijus Baliunas's mail on Tue, Nov 19, 2002 at 12:06:11AM +0200:
I do not think that security was requested by the user here (unless
you want to call compiling with SSL and not specifying an auth method
as that). Currently, there is no option to enable or disable TLS
explicitly.

IMHO there is:
user aa with pass "xxx" is nerijus here sslproto tls1

Your configuration has given me a hint.

If I understand this correctly, STLS supports only tls1 as the
protocol. Here, if sslproto is not specified, it is using the default.
Could this be causing the socket error?

Here is a patch which uses STLS if and only if sslproto is "tls1".
This change has been done in imap also.

=============================================================
diff -Naur fetchmail-6.1.2.orig/imap.c fetchmail-6.1.2/imap.c
--- fetchmail-6.1.2.orig/imap.c Fri Oct 18 18:39:57 2002
+++ fetchmail-6.1.2/imap.c      Tue Nov 19 16:53:18 2002
@@ -360,17 +360,14 @@
 #ifdef SSL_ENABLE
     if ((ctl->server.authenticate == A_ANY)
         && !ctl->use_ssl
-        && strstr(capabilities, "STARTTLS"))
+        && strstr(capabilities, "STARTTLS")
+       && ctl->sslproto && !strcmp(ctl->sslproto, "tls1"))
     {
            char *realhost;
 
            realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
            gen_transact(sock, "STARTTLS");
-
-           /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS,
-            * not other SSL protocols
-            */
-           if (SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, 
ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+           if 
(SSLOpen(sock,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck, 
ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
            {
                report(stderr,
                       GT_("SSL connection failed.\n"));
diff -Naur fetchmail-6.1.2.orig/pop3.c fetchmail-6.1.2/pop3.c
--- fetchmail-6.1.2.orig/pop3.c Thu Oct 31 18:11:37 2002
+++ fetchmail-6.1.2/pop3.c      Tue Nov 19 16:53:44 2002
@@ -249,7 +249,8 @@
 #ifdef SSL_ENABLE
        if (has_ssl
            && !ctl->use_ssl
-           && (ctl->server.authenticate == A_ANY))
+           && (ctl->server.authenticate == A_ANY)
+           && ctl->sslproto && !strcmp(ctl->sslproto, "tls1"))
        {
            char *realhost;
 
=============================================================

Sunil Shetye.

<Prev in Thread] Current Thread [Next in Thread>