Permit build on SSLv3-disabled OpenSSL,

providing that these also omit the declaration of SSLv3_client_method(). Related to Debian Bug#775255. Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().

Permit build on SSLv3-disabled OpenSSL,
a2ae6f8d · Matthias Andree · fd20cf68 · a2ae6f8d · a2ae6f8d · a2ae6f8d
Commit a2ae6f8d authored 10 years ago by Matthias Andree
--- a/NEWS
+++ b/NEWS
@@ -53,6 +53,8 @@ removed from a 6.4.0 or newer release.)
  fetchmail may switch to a different SSL library.
 * SSLv2 support will be removed from a future fetchmail release. It has been
  obsolete for more than a decade.
+* SSLv3 support may be removed from a future fetchmail release. It has been
+  obsolete for many years and found insecure. Use TLS.

 --------------------------------------------------------------------------------

@@ -71,6 +73,10 @@ fetchmail-6.3.27 (not yet released, if ever):
 * Point to --idle from GENERAL OPERATION to clarify --idle and multiple
  mailboxes do not mix.  In response to Jeremy Chadwick's trouble 2014-11-19,
  fetchmail-users mailing list.
+* Fix SSL-enabled build on systems that do not declare SSLv3_client_method().
+  Related to Debian Bug#775255.
+* Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
+* Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().

 # KNOWN BUGS AND WORKAROUNDS
  (This section floats upwards through the NEWS file so it stays with the

--- a/configure.ac
+++ b/configure.ac
@@ -803,6 +803,7 @@ fi

 case "$LIBS" in *-lssl*)
 	AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+	AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
 	;;
 esac


--- a/fetchmail.c
+++ b/fetchmail.c
@@ -263,6 +263,12 @@ int main(int argc, char **argv)
 #ifdef SSL_ENABLE
 	"+SSL"
 #endif
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
+	"-SSLv2"
+#endif
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
+	"-SSLv3"
+#endif
 #ifdef OPIE_ENABLE
 	"+OPIE"
 #endif /* OPIE_ENABLE */

--- a/po/de.po
+++ b/po/de.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: fetchmail 6.3.26\n"
 "Report-Msgid-Bugs-To: fetchmail-devel@lists.sourceforge.net\n"
-"POT-Creation-Date: 2014-11-22 00:12+0100\n"
+"POT-Creation-Date: 2015-01-16 20:42+0100\n"
 "PO-Revision-Date: 2014-11-22 00:29+0100\n"
 "Last-Translator: Matthias Andree <matthias.andree@gmx.de>\n"
 "Language-Team: Deutsch <de@li.org>\n"
@@ -1046,7 +1046,8 @@ msgstr ""
 #: fetchmail.c:1399
 msgid ""
 "fetchmail: Error: idle mode does not work for multiple folders or accounts!\n"
-msgstr "fetchmail: Fehler: idle funktioniert nicht für mehrere Ordner oder Kontos!\n"
+msgstr ""
+"fetchmail: Fehler: idle funktioniert nicht für mehrere Ordner oder Kontos!\n"

 #: fetchmail.c:1423
 #, c-format
@@ -3199,20 +3200,24 @@ msgid "File descriptor out of range for SSL"
 msgstr "Datei-Deskriptor außerhalb des Bereichs für SSL"

 #: socket.c:913
-msgid "Your operating system does not support SSLv2.\n"
-msgstr "Ihr Betriebssystem unterstützt SSLv2 nicht.\n"
+msgid "Your OpenSSL version does not support SSLv2.\n"
+msgstr "Ihre OpenSSL-Version unterstützt SSLv2 nicht.\n"
+
+#: socket.c:920
+msgid "Your OpenSSL version does not support SSLv3.\n"
+msgstr "Ihre OpenSSL-Version unterstützt SSLv3 nicht.\n"

-#: socket.c:923
+#: socket.c:928
 #, c-format
 msgid "Invalid SSL protocol '%s' specified, using default (SSLv23).\n"
 msgstr ""
 "Ungültiges SSL-Protokoll „%s“ angegeben, benutze Voreinstellung (SSLv23).\n"

-#: socket.c:1022
+#: socket.c:1027
 msgid "Certificate/fingerprint verification was somehow skipped!\n"
 msgstr "Zertifikat-/Fingerabdruck-Überprüfung wurde irgendwie übersprungen!\n"

-#: socket.c:1039
+#: socket.c:1044
 msgid ""
 "Warning: the connection is insecure, continuing anyways. (Better use --"
 "sslcertck!)\n"
@@ -3220,11 +3225,11 @@ msgstr ""
 "Warnung: Die Verbindung ist unsicher, mache trotzdem weiter. (Nehmen Sie "
 "lieber --sslcertck!)\n"

-#: socket.c:1081
+#: socket.c:1086
 msgid "Cygwin socket read retry\n"
 msgstr "Cygwin-Socket-Lese-Wiederholung\n"

-#: socket.c:1084
+#: socket.c:1089
 msgid "Cygwin socket read retry failed!\n"
 msgstr "Cygwin-Socket-Lese-Wiederholung fehlgeschlagen!\n"


--- a/socket.c
+++ b/socket.c
@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
 			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
 #else
-			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+			report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
 			return -1;
 #endif
 		} else if(!strcasecmp("ssl3",myproto)) {
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
+#else
+			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
+			return -1;
+#endif
 		} else if(!strcasecmp("tls1",myproto)) {
 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
 		} else if (!strcasecmp("ssl23",myproto)) {