Re: [fetchmail-devel] fetchmail 6.3.20-pre1 release candidate should fix STARTTLS hangs

[Thomas J. <tho...@in...>]

Hello Matthias,

On Monday, 23. May 2011 21:00:27 Matthias Andree wrote:
> DOWNLOAD this beta software from:
> <http://home.pages.de/~mandree/fetchmail/>

Small side note: I had trouble downloading the .tar.bz2 version,
the tar.xz version downloaded just fine.

> # SECURITY FIXES
> * Fetchmail's socket timeout handling was incomplete.  Network outages in
> the wrong phase of a communication, combined with unlucky operating
> systems and their defaults, could cause fetchmail to hang for extended
> amounts of time. Freezes for beyond a week were reported by Thomas
> Jarosch. Fetchmail sets UNIX- and Internet-domain socket send and
> receive timeouts now. This fixes a hang during STARTTLS negotiation
> reported by Thomas Jarosch.

The timeout works fine, I've tested every step of the POP3 protocol 
communication until we triggered the bug the last time.

I think I've seen a kind of unrelated bug: If you let the TLS negotation 
time out on the "server side", fetchmail will proceed to send the user name 
before shutting down: "USER xyz". Bug in the state machine?

> # CHANGES
> * fetchmail now supports an environment variable to suppress marking

Out of curiosity, why is this an environment variable
instead of a configuration option?

Cheers,
Thomas