rpms/fetchmail/devel fetchmail-6.3.4-ssl.patch, NONE, 1.1 fetchmail.spec, 1.45, 1.46
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Sep 24 02:05:06 UTC 2006
Author: mitr
Update of /cvs/dist/rpms/fetchmail/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28152
Modified Files:
fetchmail.spec
Added Files:
fetchmail-6.3.4-ssl.patch
Log Message:
* Sun Sep 24 2006 Miloslav Trmac <mitr at redhat.com> - 6.3.4-2
- Don't increase the certificate search path on each poll (#206346)
fetchmail-6.3.4-ssl.patch:
socket.c | 70 +++++++++++++++++++++++++++++++++------------------------------
1 files changed, 37 insertions(+), 33 deletions(-)
--- NEW FILE fetchmail-6.3.4-ssl.patch ---
--- fetchmail-6.3.4/socket.c.ssl 2006-09-24 03:15:03.000000000 +0200
+++ fetchmail-6.3.4/socket.c 2006-09-24 03:34:39.000000000 +0200
@@ -348,7 +348,7 @@
#include <openssl/x509v3.h>
#include <openssl/rand.h>
-static SSL_CTX *_ctx = NULL;
+static SSL_CTX *_ctx[FD_SETSIZE];
static SSL *_ssl_context[FD_SETSIZE];
static SSL *SSLGetContext( int );
@@ -590,12 +590,10 @@
SSL *SSLGetContext( int sock )
{
- /* If SSLOpen has never initialized - just return NULL */
- if( NULL == _ctx )
- return NULL;
-
if( sock < 0 || (unsigned)sock > FD_SETSIZE )
return NULL;
+ if( _ctx[sock] == NULL )
+ return NULL;
return _ssl_context[sock];
}
@@ -814,48 +812,48 @@
return( -1 );
}
- if( ! _ctx ) {
- /* Be picky and make sure the memory is cleared */
- memset( _ssl_context, 0, sizeof( _ssl_context ) );
- if(myproto) {
- if(!strcmp("ssl2",myproto)) {
- _ctx = SSL_CTX_new(SSLv2_client_method());
- } else if(!strcmp("ssl3",myproto)) {
- _ctx = SSL_CTX_new(SSLv3_client_method());
- } else if(!strcmp("tls1",myproto)) {
- _ctx = SSL_CTX_new(TLSv1_client_method());
- } else if (!strcmp("ssl23",myproto)) {
- myproto = NULL;
- } else {
- fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
- myproto = NULL;
- }
- }
- if(!myproto) {
- _ctx = SSL_CTX_new(SSLv23_client_method());
- }
- if(_ctx == NULL) {
- ERR_print_errors_fp(stderr);
- return(-1);
+ /* Make sure a connection referring to an older context is not left */
+ _ssl_context[sock] = NULL;
+ if(myproto) {
+ if(!strcmp("ssl2",myproto)) {
+ _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+ } else if(!strcmp("ssl3",myproto)) {
+ _ctx[sock] = SSL_CTX_new(SSLv3_client_method());
+ } else if(!strcmp("tls1",myproto)) {
+ _ctx[sock] = SSL_CTX_new(TLSv1_client_method());
+ } else if (!strcmp("ssl23",myproto)) {
+ myproto = NULL;
+ } else {
+ fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
+ myproto = NULL;
}
}
+ if(!myproto) {
+ _ctx[sock] = SSL_CTX_new(SSLv23_client_method());
+ }
+ if(_ctx[sock] == NULL) {
+ ERR_print_errors_fp(stderr);
+ return(-1);
+ }
if (certck) {
- SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_ck_verify_callback);
+ SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
} else {
/* In this case, we do not fail if verification fails. However,
* we provide the callback for output and possible fingerprint checks. */
- SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_nock_verify_callback);
+ SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_nock_verify_callback);
}
if (certpath)
- SSL_CTX_load_verify_locations(_ctx, NULL, certpath);
+ SSL_CTX_load_verify_locations(_ctx[sock], NULL, certpath);
else
- SSL_CTX_set_default_verify_paths(_ctx);
+ SSL_CTX_set_default_verify_paths(_ctx[sock]);
- _ssl_context[sock] = SSL_new(_ctx);
+ _ssl_context[sock] = SSL_new(_ctx[sock]);
if(_ssl_context[sock] == NULL) {
ERR_print_errors_fp(stderr);
+ SSL_CTX_free(_ctx[sock]);
+ _ctx[sock] = NULL;
return(-1);
}
@@ -885,6 +883,8 @@
if(SSL_connect(_ssl_context[sock]) < 1) {
ERR_print_errors_fp(stderr);
+ SSL_CTX_free(_ctx[sock]);
+ _ctx[sock] = NULL;
return(-1);
}
@@ -898,6 +898,8 @@
SSL_shutdown( _ssl_context[sock] );
SSL_free( _ssl_context[sock] );
_ssl_context[sock] = NULL;
+ SSL_CTX_free(_ctx[sock]);
+ _ctx[sock] = NULL;
}
return(-1);
}
@@ -916,6 +918,8 @@
SSL_shutdown( _ssl_context[sock] );
SSL_free( _ssl_context[sock] );
_ssl_context[sock] = NULL;
+ SSL_CTX_free(_ctx[sock]);
+ _ctx[sock] = NULL;
}
#endif
Index: fetchmail.spec
===================================================================
RCS file: /cvs/dist/rpms/fetchmail/devel/fetchmail.spec,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- fetchmail.spec 12 Jul 2006 05:48:03 -0000 1.45
+++ fetchmail.spec 24 Sep 2006 02:05:04 -0000 1.46
@@ -4,11 +4,12 @@
Summary: A remote mail retrieval and forwarding utility.
Name: fetchmail
Version: 6.3.4
-Release: 1.1
+Release: 2
Requires: smtpdaemon
Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
Patch0: fetchmail-6.2.5-addrconf.patch
+Patch1: fetchmail-6.3.4-ssl.patch
URL: http://fetchmail.berlios.de/
License: GPL
Group: Applications/Internet
@@ -46,6 +47,7 @@
%prep
%setup -q
%patch0 -p1 -b .addrconf
+%patch1 -p1 -b .sshl
%build
%configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -83,6 +85,9 @@
%endif
%changelog
+* Sun Sep 24 2006 Miloslav Trmac <mitr at redhat.com> - 6.3.4-2
+- Don't increase the certificate search path on each poll (#206346)
+
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 6.3.4-1.1
- rebuild
More information about the fedora-cvs-commits
mailing list