diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2019-01-20 11:25:07 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2019-01-20 11:25:07 +0000 |
| commit | f7cd8bfb78a2ae011e17dbdc0d7c0b1e6eb3e653 (patch) | |
| tree | d80d3a39788dbcfa89ba41aa7e03e22aac5ee243 /mail/fetchmail/files/patch-SNI-Gitlab-9b8b634 | |
| parent | Update to 2.3d.r155 (diff) | |
mail/fetchmail depends overhaul, new fetchmailconf port
* Bring back SNI (server name indication) support for TLS connections,
lost in 6.3.26_10 (PORTREVISION=10) as a regression over _9.
Pointy hat: mandree@
* Drop the X11 option, remove the Python dependency, and create a new
mail/fetchmailconf slave port/package that installs the fetchmailconf
configurator. Note that the _DEPENDS of the ports reflects a technical
dependence (fetchmailconf needs fetchmail), and we cannot keep an
X11 option that depends on fetchmailconf, since that would create
a circular dependency, which we must avoid.
* Patch configure instead of configure.ac with Cy's Kerberos fix, drop
autoreconf from USES, and add a new configure check directly to set
HAVE_DECL_SSLV3_CLIENT_METHOD to cover the various TLS providers
(currently five, base, openssl, openssl111, libressl, libressl-devel)
* Add -Wl,--as-needed to LDFLAGS so as not to pull in unneeded .so
libraries, for instance, libcom_err when compiling under GSSAPI_NONE.
* Bump PORTREVISION.
Very fruitful and nice collaboration with and
Approved by: chalpin@cs.wisc.edu (maintainer)
Diffstat (limited to 'mail/fetchmail/files/patch-SNI-Gitlab-9b8b634')
| -rw-r--r-- | mail/fetchmail/files/patch-SNI-Gitlab-9b8b634 | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/mail/fetchmail/files/patch-SNI-Gitlab-9b8b634 b/mail/fetchmail/files/patch-SNI-Gitlab-9b8b634 new file mode 100644 index 000000000000..db96b4208bf8 --- /dev/null +++ b/mail/fetchmail/files/patch-SNI-Gitlab-9b8b634 @@ -0,0 +1,39 @@ +Line numbers and --- line adapted. + +From 9b8b634312f169fab872f3580c2febe5af031615 Mon Sep 17 00:00:00 2001 +From: Matthias Andree <matthias.andree@gmx.de> +Date: Sat, 11 Feb 2017 19:39:56 +0100 +Subject: [PATCH] TLS: set hostname for SNI. + +--- + socket.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/socket.c b/socket.c +index aec319e3..17d60cbd 100644 +--- ./socket.c ++++ b/socket.c +@@ -1029,6 +1029,20 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck + _verify_ok = 1; + _prev_err = -1; + ++ /* ++ * Support SNI, some servers (googlemail) appear to require it. ++ */ ++ { ++ long r; ++ r = SSL_set_tlsext_host_name(_ssl_context[sock], servercname); ++ ++ if (0 == r) { ++ /* handle error */ ++ report(stderr, GT_("Warning: SSL_set_tlsext_host_name(%p, \"%s\") failed (code %#lx), trying to continue.\n"), _ssl_context[sock], servercname, r); ++ ERR_print_errors_fp(stderr); ++ } ++ } ++ + if( mycert || mykey ) { + + /* Ok... He has a certificate file defined, so lets declare it. If +-- +2.18.1 + |