Add patch from upstream to fix bogus ssl check warning when the

sslfingerprint option is used. hints and ok sthen@
2010-06-09 08:34:59 +00:00 · 2010-06-09 08:34:59 +00:00 · 8d294869c6
commit 8d294869c6
parent b7b315e8de
2 changed files with 19 additions and 1 deletions
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.121 2010/05/19 15:27:18 giovanni Exp $
+# $OpenBSD: Makefile,v 1.122 2010/06/09 08:34:59 stsp Exp $

 COMMENT=	mail retrieval utility for POP2, POP3, KPOP, IMAP and more

 DISTNAME=	fetchmail-6.3.17
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_BERLIOS:=fetchmail/}

--- a/mail/fetchmail/patches/patch-socket_c
+++ b/mail/fetchmail/patches/patch-socket_c
@ -0,0 +1,17 @@
+$OpenBSD: patch-socket_c,v 1.2 2010/06/09 08:34:59 stsp Exp $
+
+http://gitorious.org/fetchmail/fetchmail/commit/8476bffcb54f81d028bcd86e2a9090161738a980
+
+--- socket.c.orig	Fri Apr 30 01:29:05 2010
+++ socket.c	Tue Jun  8 00:45:09 2010
+@@ -1009,8 +1009,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
+ 		}
+ 	}
+ 
+-	if (!certck && (SSL_get_verify_result(_ssl_context[sock]) != X509_V_OK
+-|| !_verify_ok)) {
+	if (!certck && !fingerprint &&
+		(SSL_get_verify_result(_ssl_context[sock]) != X509_V_OK || !_verify_ok)) {
+ 		report(stderr, GT_("Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)\n"));
+ 	}
+