Hello,
the SSL code currently reuses a single SSL_CTX for all connections, and
just modifies its parameters for each connection.
It turns out that SSL_CTX_load_verify_locations() and
SSL_CTX_set_default_verify_paths() don't override the previously
configured paths, but append to them; thus
- if two different servers are polled, the certpath configuration of the
first one will always be used
- if fetchmail is running in daemon mode, the certificate search path
will grow without bounds, leading to
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206346
The attached patch modifies fetchmail-6.3.5-beta2 to create and free a
SSL context for each connection.
Thanks,
Mirek
|
