Menu
▾
▴
[fetchmail-devel] [PATCH] Don't reuse a single SSL context
|
From: Miloslav T. <mi...@re...> - 2006-09-24 04:47:34
|
Hello, the SSL code currently reuses a single SSL_CTX for all connections, and just modifies its parameters for each connection. It turns out that SSL_CTX_load_verify_locations() and SSL_CTX_set_default_verify_paths() don't override the previously configured paths, but append to them; thus - if two different servers are polled, the certpath configuration of the first one will always be used - if fetchmail is running in daemon mode, the certificate search path will grow without bounds, leading to http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206346 The attached patch modifies fetchmail-6.3.5-beta2 to create and free a SSL context for each connection. Thanks, Mirek |
