On Wed, 2002-09-11 at 14:11, Gary Schrock wrote:
> Ok, after some searching on usenet, it appears that the problem is in
> eudora, where it has problems with the recent openssl stuff. It appears
> that it can be worked around with the patch in this message:
>
>http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3D51198D.6050802%40gnarst.net
>
> Seems to work to me, not sure what side effects that patch might have, so
> use at your own risk.
Thanks for the sleuthing!
I'm pasting the patch inline. The patch was posted to the Eudora
newsgroup by Brendan Bank ([EMAIL PROTECTED]).
I looked at the man page for SSL_CTX_set_options and it looks like
SSL_OP_ALL turns on all client bug workarounds. That suggests that
Eudora has one or more of the mentioned bugs. The fact that the new
OpenSSL breaks qpopper/Eudora suggests that the old OpenSSL had at least
the relevant workaround on by default and the new one defaults to
workarounds off.
Maybe Randall can work with the Eudora folk to narrow down which client
bug is the issue, so we don't have to enable all the workarounds.
-- Patch starts here -- Cut here -- Cut here-- Cut here-- Cut here
*** pop_tls_openssl.c 2002/08/07 12:06:31
--- pop_tls_openssl.c 2002/08/07 12:43:29
***************
*** 339,346 ****
--- 339,359 ----
log_openssl_err ( pPOP, HERE, "Unable to allocate SSL_CTX" );
goto Done;
}
+ /*
+ * This set's the option SSL_OP_ALL to the ssl conection to allow "broken" cliets
+ * to connect to the sserver.
+ */
+
+ DEBUG_LOG0 (pPOP, "...set SSL_CTX_set_options to SSL_OP_ALL to allow broken ssl
+implementations.");
+
+ SSL_CTX_set_options(pTLS->m_OpenSSLctx, SSL_OP_ALL);
+ if(!(SSL_CTX_get_options(pTLS->m_OpenSSLctx) & SSL_OP_ALL))
+ {
+ log_openssl_err ( pPOP, HERE, "Unable to set SSL_OP_ALL option. Some clients
+may not be able to connect." );
+ }
+
/*
* Establish the certificate for our server cert.
*/
DEBUG_LOG1 ( pPOP, "...setting certificate file %s",
