Re: [fetchmail-devel] PATCH: Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Am 03.09.2012 17:24, schrieb Earl Chew:
> 
> 
> A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently:
> 
>   http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch
> 
> Older implementations of OpenSSL do not support SSL_CTX_clear_options().

Earl,

Thanks a lot for the problem report and the patch.

The question I am asking myself is: What use is there in supporting
"older implementations" (meaning before 0.9.8m)?  How many systems are
affected (and I would tend to ignore enterprise distributions - they
ought to patch OpenSSL instead).  I suppose those older implementations
would likely also be vulnerable to several other attacks, which might
subvert the effort of closing this (minor) hole.

Any insights?

Best regards,
Matthias

Re: [fetchmail-devel] PATCH: Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options

Client daemon to move mail from POP and IMAP to your local computer

Re: [fetchmail-devel] PATCH: Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()