After upgrading to 6.3.17 fetchmail I'm seeing a spurious warning when the sslfingerprint option is used:
fetchmail: starting fetchmail 6.3.17 daemon fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580796 for details. A patch has been committed upstream: http://gitorious.org/fetchmail/fetchmail/commit/8476bffcb54f81d028bcd86e2a9090161738a980 Patch below fixes our port. OK to commit? Thanks, Stefan Index: Makefile =================================================================== RCS file: /cvs/ports/mail/fetchmail/Makefile,v retrieving revision 1.121 diff -u -p -r1.121 Makefile --- Makefile 19 May 2010 15:27:18 -0000 1.121 +++ Makefile 7 Jun 2010 22:44:50 -0000 @@ -2,7 +2,9 @@ COMMENT= mail retrieval utility for POP2, POP3, KPOP, IMAP and more -DISTNAME= fetchmail-6.3.17 +VERSION= 6.3.17 +DISTNAME= fetchmail-${VERSION} +PKGNAME= fetchmail-${VERSION}p0 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_BERLIOS:=fetchmail/} Index: patches/patch-socket_c =================================================================== RCS file: patches/patch-socket_c diff -N patches/patch-socket_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-socket_c 7 Jun 2010 22:46:43 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ + +See Debian bug #580796 + +--- socket.c.orig Fri Apr 30 01:29:05 2010 ++++ socket.c Tue Jun 8 00:45:09 2010 +@@ -1009,8 +1009,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, const + } + } + +- if (!certck && (SSL_get_verify_result(_ssl_context[sock]) != X509_V_OK +-|| !_verify_ok)) { ++ if (!certck && !fingerprint && ++ (SSL_get_verify_result(_ssl_context[sock]) != X509_V_OK || !_verify_ok)) { + report(stderr, GT_("Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)\n")); + } +
