--- a/configure.ac 2013-04-23 16:51:10.000000000 -0400 +++ b/configure.ac 2016-01-30 00:14:01.114090572 -0500 @@ -803,6 +803,7 @@ case "$LIBS" in *-lssl*) AC_CHECK_DECLS([SSLv2_client_method],,,[#include ]) + AC_CHECK_DECLS([SSLv3_client_method],,,[#include ]) ;; esac --- a/po/de.po 2013-04-23 17:33:52.000000000 -0400 +++ b/po/de.po 2016-01-30 00:25:00.255287974 -0500 @@ -8,8 +8,8 @@ msgstr "" "Project-Id-Version: fetchmail 6.3.26\n" "Report-Msgid-Bugs-To: fetchmail-devel@lists.berlios.de\n" -"POT-Creation-Date: 2013-04-23 23:24+0200\n" -"PO-Revision-Date: 2013-04-23 23:33+0200\n" +"POT-Creation-Date: 2015-01-16 20:42+0100\n" +"PO-Revision-Date: 2016-01-30 00:23-0500\n" "Last-Translator: Matthias Andree \n" "Language-Team: Deutsch \n" "Language: \n" @@ -3198,20 +3198,24 @@ msgstr "Datei-Deskriptor außerhalb des Bereichs für SSL" #: socket.c:913 -msgid "Your operating system does not support SSLv2.\n" -msgstr "Ihr Betriebssystem unterstützt SSLv2 nicht.\n" +msgid "Your OpenSSL version does not support SSLv2.\n" +msgstr "Ihre OpenSSL-Version unterstützt SSLv2 nicht.\n" -#: socket.c:923 +#: socket.c:920 +msgid "Your OpenSSL version does not support SSLv3.\n" +msgstr "Ihre OpenSSL-Version unterstützt SSLv3 nicht.\n" + +#: socket.c:928 #, c-format msgid "Invalid SSL protocol '%s' specified, using default (SSLv23).\n" msgstr "" "Ungültiges SSL-Protokoll „%s“ angegeben, benutze Voreinstellung (SSLv23).\n" -#: socket.c:1022 +#: socket.c:1027 msgid "Certificate/fingerprint verification was somehow skipped!\n" msgstr "Zertifikat-/Fingerabdruck-Überprüfung wurde irgendwie übersprungen!\n" -#: socket.c:1039 +#: socket.c:1044 msgid "" "Warning: the connection is insecure, continuing anyways. (Better use --" "sslcertck!)\n" @@ -3219,11 +3223,11 @@ "Warnung: Die Verbindung ist unsicher, mache trotzdem weiter. (Nehmen Sie " "lieber --sslcertck!)\n" -#: socket.c:1081 +#: socket.c:1086 msgid "Cygwin socket read retry\n" msgstr "Cygwin-Socket-Lese-Wiederholung\n" -#: socket.c:1084 +#: socket.c:1089 msgid "Cygwin socket read retry failed!\n" msgstr "Cygwin-Socket-Lese-Wiederholung fehlgeschlagen!\n" --- a/fetchmail.c 2013-04-23 16:00:45.000000000 -0400 +++ b/fetchmail.c 2016-01-30 00:16:26.104294447 -0500 @@ -54,6 +54,10 @@ #define ENETUNREACH 128 /* Interactive doesn't know this */ #endif /* ENETUNREACH */ +#ifdef SSL_ENABLE +#include /* for OPENSSL_NO_SSL2 and ..._SSL3 checks */ +#endif + /* prototypes for internal functions */ static int load_params(int, char **, int); static void dump_params (struct runctl *runp, struct query *, flag implicit); @@ -263,6 +267,12 @@ #ifdef SSL_ENABLE "+SSL" #endif +#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 + "-SSLv2" +#endif +#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 + "-SSLv3" +#endif #ifdef OPIE_ENABLE "+OPIE" #endif /* OPIE_ENABLE */ --- a/socket.c 2013-04-23 16:00:45.000000000 -0400 +++ b/socket.c 2016-01-30 00:28:26.718678785 -0500 @@ -907,14 +907,19 @@ _ssl_context[sock] = NULL; if(myproto) { if(!strcasecmp("ssl2",myproto)) { -#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 +#if (HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0) && (0 == OPENSSL_NO_SSL2 + 0) _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); #else - report(stderr, GT_("Your operating system does not support SSLv2.\n")); + report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); return -1; #endif } else if(!strcasecmp("ssl3",myproto)) { +#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0) && (0 == OPENSSL_NO_SSL3 + 0) _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); +#else + report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); + return -1; +#endif } else if(!strcasecmp("tls1",myproto)) { _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); } else if (!strcasecmp("ssl23",myproto)) {