Improve previous fix (SNI), backported from upstream

2018-09-24 12:17:49 +02:00 · 2018-09-24 12:17:49 +02:00 · c83a681b92
commit c83a681b92
parent f5f23defac
2 changed files with 27 additions and 11 deletions
--- a/fetchmail-6.3.26-ssl-set-sni.patch
+++ b/fetchmail-6.3.26-ssl-set-sni.patch
@ -1,12 +1,24 @@
 diff -up fetchmail-6.3.26/socket.c.orig fetchmail-6.3.26/socket.c
--- fetchmail-6.3.26/socket.c.orig	2018-08-06 13:01:04.859681651 +0200
-+++ fetchmail-6.3.26/socket.c	2018-08-06 13:00:55.005670522 +0200
-@@ -1050,6 +1050,8 @@ int SSLOpen(int sock, char *mycert, char
-         	SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM);
- 	}
+--- fetchmail-6.3.26/socket.c.orig	2018-09-24 11:40:26.324633999 +0200
+++ fetchmail-6.3.26/socket.c	2018-09-24 11:40:37.437652606 +0200
+@@ -1029,6 +1029,20 @@ int SSLOpen(int sock, char *mycert, char
+ 	_verify_ok = 1;
+ 	_prev_err = -1;
 
-+	SSL_set_tlsext_host_name(_ssl_context[sock], servercname);
+	/*
+	 * Support SNI, some servers (googlemail) appear to require it.
+	 */
+	{
+	    long r;
+	    r = SSL_set_tlsext_host_name(_ssl_context[sock], servercname);
 +
- 	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
- 	    || SSL_connect(_ssl_context[sock]) < 1) {
- 		ERR_print_errors_fp(stderr);
+	    if (0 == r) {
+		/* handle error */
+		report(stderr, GT_("Warning: SSL_set_tlsext_host_name(%p, \"%s\") failed (code %#lx), trying to continue.\n"), _ssl_context[sock], servercname, r);
+		ERR_print_errors_fp(stderr);
+	    }
+	}
+
+ 	if( mycert || mykey ) {
+ 
+ 	/* Ok...  He has a certificate file defined, so lets declare it.  If
--- a/fetchmail.spec
+++ b/fetchmail.spec
@ -1,7 +1,7 @@
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
 Version: 6.3.26
-Release: 21%{?dist}
+Release: 22%{?dist}
 Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
 Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
 # systemd service file
@ -13,7 +13,7 @@ Patch0: fetchmail-6.3.26-ssl-backport.patch
 # Minor fixes of inacurracies in options, usage message and man page (accepted upstream)
 Patch1: fetchmail-6.3.26-options-usage-manpage.patch
 Patch2: fetchmail-6.3.24-sslv3-in-ssllib-check.patch
-# Set SNI (patch by Valdis Kletnieks), see bz#1611815
+# Set SNI, see bz#1611815 (backported from upstream)
 Patch3: fetchmail-6.3.26-ssl-set-sni.patch
 URL: http://www.fetchmail.info/
 # For a breakdown of the licensing, see COPYING
@ -70,6 +70,10 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man1/fetchmailconf.1*
 %config(noreplace) %attr(0600, mail, mail) %{_sysconfdir}/fetchmailrc.example

 %changelog
+* Mon Sep 24 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-22
+- Improve previous fix (SNI), backported from upstream
+  Resolves: #1611815
+
 * Wed Aug 08 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-21
 - Set SNI (patch by Valdis Kletnieks)
  Resolves: #1611815