Re: [fetchmail-devel] flaw concerning fetchmail 6.3.21 error message

[Matthias A. <mat...@gm...>]

Am 29.09.2011 21:01, schrieb Oskar Schirmer:
> Use Case:
>   fetching mail from a server using pop3s, port 995,
>   with option "ssl" given, but no sslproto explicitely
>   selected.
>   Operating System: Linux, Slackware 12.2.
>   Compiler: gcc 4.2.4
>   Pop3 Server: qmail
>   Fetchmail versions tested: 6.3.8 and 6.3.21
> 
> Problem:
>   on each invocation, fetchmail states the following
>   error message, which is superfluous:
> 
> Invalid SSL protocol '' specified, using default (SSLv23).
> 
>   [note: when giving some "sslproto xy", this message is
>    given twice, with an empty protocol name on the second line]
> 
> Reason for Symptom:
>   socket.c checks given protocol names to be one of "ssl2", "ssl3", etc,
>   but fails to check against empty string "". As it checks against
>   NULL string, though, the reason for the bug may be confusion in
>   "no protocol given" value policy internal to fetchmail sources
>   (i.e. empty string vs. null string). A better solution than the
>   one given here might resolve this policy issue, instead.

Thanks, Oskar.

That warrants investigation, but I don't see this here with recent
fetchmail versions, only with older ones.  That doesn't preclude that
there are buggy code paths triggered by a configuration I haven't yet
tested, or by your network environment (server behaviour - note qmail's
POP3 server has some bugs).

Please help me and show me how to reproduce this, according to
http://www.fetchmail.info/fetchmail-FAQ.html#G3 - note however I'll
probably not be able to look into that before next week.

Thanks again.

Best regards,
Matthias