[evolution-patches] bug 345135 proposed patch

From: Niels Vorgaard Christensen <vorgaard c math ku dk>
To: evolution-patches gnome org
Subject: [evolution-patches] bug 345135 proposed patch
Date: Fri, 28 Sep 2007 16:22:53 +0200

Some IMAP servers disconnect Evolution during the handshake following
the STARTTLS command. This happens because Evolution uses a SSL version
2 compatible HELLO, while the server expects a TLS HELLO. The attached
patch corrects this behavior by disabling the SSL_V2_COMPATIBLE_HELLO
option on the ssl fd when the CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 flag is
disabled for the stream.

This will of cause break on servers which expects a SSLv2 HELLO on
STARTTLS if such exists.

I have attached a similar patch to the bug, but I think the one attached
to this mail is slightly more consistent.


Regards,

Index: camel/camel-tcp-stream-ssl.c
===================================================================
--- camel/camel-tcp-stream-ssl.c	(revision 8090)
+++ camel/camel-tcp-stream-ssl.c	(working copy)
@@ -1041,10 +1041,13 @@
 		return NULL;
 	
 	SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
-	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2)
+	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2) {
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
-	else
+		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
+	} else {
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
+		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
+	}
 	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
 	else

Follow-Ups:
- Re: [evolution-patches] bug 345135 proposed patch
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]