On 2010/06/08 00:54, Stefan Sperling wrote:
> After upgrading to 6.3.17 fetchmail I'm seeing a spurious warning when
> the sslfingerprint option is used:
>
> fetchmail: starting fetchmail 6.3.17 daemon
> fetchmail: Warning: the connection is insecure, continuing anyways. (Better
> use --sslcertck!)
>
> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580796 for details.
>
> A patch has been committed upstream:
> http://gitorious.org/fetchmail/fetchmail/commit/8476bffcb54f81d028bcd86e2a9090161738a980
>
> Patch below fixes our port. OK to commit?
>
> Thanks,
> Stefan
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/fetchmail/Makefile,v
> retrieving revision 1.121
> diff -u -p -r1.121 Makefile
> --- Makefile 19 May 2010 15:27:18 -0000 1.121
> +++ Makefile 7 Jun 2010 22:44:50 -0000
> @@ -2,7 +2,9 @@
>
> COMMENT= mail retrieval utility for POP2, POP3, KPOP, IMAP and more
>
> -DISTNAME= fetchmail-6.3.17
> +VERSION= 6.3.17
> +DISTNAME= fetchmail-${VERSION}
> +PKGNAME= fetchmail-${VERSION}p0
the usual idiom is PKGNAME=${DISTNAME}p0; since people have to sometimes
bump a bunch of ports in a big sweep, making it uniform makes things a
little easier for people who do that work.
> +See Debian bug #580796
my personal preference would be to refer to the upstream commit, but
I think either way is ok.
> +
> +--- socket.c.orig Fri Apr 30 01:29:05 2010
> ++++ socket.c Tue Jun 8 00:45:09 2010
> +@@ -1009,8 +1009,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
> + }
> + }
> +
> +- if (!certck && (SSL_get_verify_result(_ssl_context[sock]) != X509_V_OK
> +-|| !_verify_ok)) {
> ++ if (!certck && !fingerprint &&
> ++ (SSL_get_verify_result(_ssl_context[sock]) != X509_V_OK ||
> !_verify_ok)) {
> + report(stderr, GT_("Warning: the connection is insecure,
> continuing anyways. (Better use --sslcertck!)\n"));
> + }
> +
>
