fetchmail: 6.4.20 querying pop.gmx.de (protocol POP3) at Thu Jul 29 09:02:15 2021: poll started Trying to connect to 212.227.17.185/110...connected. fetchmail: POP3< +OK POP server ready H migmx020 0MVSXe-1mgVaz2peI-00YxO4 fetchmail: POP3> CAPA fetchmail: POP3< +OK Capability list follows fetchmail: POP3< TOP fetchmail: POP3< UIDL fetchmail: POP3< STLS fetchmail: POP3< SASL fetchmail: POP3< IMPLEMENTATION trinity fetchmail: POP3< . fetchmail: POP3> STLS fetchmail: POP3< +OK Begin TLS negotiation fetchmail: SSL verify callback depth 2: preverify_ok == 1, err = 0, ok fetchmail: Certificate chain, from root to peer, starting at depth 2: fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 3 fetchmail: Subject CommonName: T-TeleSec GlobalRoot Class 3 fetchmail: SSL verify callback depth 1: preverify_ok == 1, err = 0, ok fetchmail: Certificate at depth 1: fetchmail: Issuer Organization: T-Systems Enterprise Services GmbH fetchmail: Issuer CommonName: T-TeleSec GlobalRoot Class 3 fetchmail: Subject CommonName: TeleSec ServerPass Extended Validation Class 3 CA fetchmail: SSL verify callback depth 0: preverify_ok == 1, err = 0, ok fetchmail: Server certificate: fetchmail: Issuer Organization: T-Systems International GmbH fetchmail: Issuer CommonName: TeleSec ServerPass Extended Validation Class 3 CA fetchmail: Subject CommonName: mail.gmx.net fetchmail: Subject Alternative Name: mail.gmx.net fetchmail: Subject Alternative Name: mail.gmx.de fetchmail: Subject Alternative Name: smtp.gmx.net fetchmail: Subject Alternative Name: smtp.gmx.de fetchmail: Subject Alternative Name: imap.gmx.net fetchmail: Subject Alternative Name: imap.gmx.de fetchmail: Subject Alternative Name: pop.gmx.net fetchmail: Subject Alternative Name: pop.gmx.de fetchmail: pop.gmx.de key fingerprint: B1:70:9C:4D:EC:80:2F:9B:81:CB:AE:C1:99:BF:58:E5 fetchmail: SSL/TLS: using protocol TLSv1.3, cipher AEAD-AES256-GCM-SHA384, 256/256 secret/processed bits fetchmail: POP3> CAPA fetchmail: POP3< +OK Capability list follows fetchmail: POP3< TOP fetchmail: POP3< UIDL fetchmail: POP3< USER fetchmail: POP3< SASL PLAIN fetchmail: POP3< IMPLEMENTATION trinity fetchmail: POP3< . fetchmail: pop.gmx.de: upgrade to TLS succeeded. fetchmail: POP3> USER [...]
I think this still works... On 2021-07-28 22:46 +01, Stuart Henderson <s...@spacehopper.org> wrote: > includes a security fix for long log messages, and various others. > some SSL code was reorganised, does anyone have a working config > they could test with to make sure the adaptation for that still > works ok? > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/mail/fetchmail/Makefile,v > retrieving revision 1.161 > diff -u -p -r1.161 Makefile > --- Makefile 28 Mar 2021 13:32:50 -0000 1.161 > +++ Makefile 28 Jul 2021 21:44:41 -0000 > @@ -2,7 +2,7 @@ > > COMMENT= mail retrieval utility for POP2, POP3, KPOP, IMAP and more > > -DISTNAME= fetchmail-6.4.13 > +DISTNAME= fetchmail-6.4.20 > EXTRACT_SUFX= .tar.xz > > CATEGORIES= mail > Index: distinfo > =================================================================== > RCS file: /cvs/ports/mail/fetchmail/distinfo,v > retrieving revision 1.39 > diff -u -p -r1.39 distinfo > --- distinfo 28 Mar 2021 13:32:50 -0000 1.39 > +++ distinfo 28 Jul 2021 21:44:41 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (fetchmail-6.4.13.tar.xz) = > fSjPBgsGucjsciZ75+3JqZtw9h19Mti2CUWNzt+nS+E= > -SIZE (fetchmail-6.4.13.tar.xz) = 1308248 > +SHA256 (fetchmail-6.4.20.tar.xz) = > yCFBri6PADnOsMXC7aQ8XpOtC/f5xrtigJKzvnQ4YXY= > +SIZE (fetchmail-6.4.20.tar.xz) = 1317204 > Index: patches/patch-Makefile_in > =================================================================== > RCS file: /cvs/ports/mail/fetchmail/patches/patch-Makefile_in,v > retrieving revision 1.23 > diff -u -p -r1.23 patch-Makefile_in > --- patches/patch-Makefile_in 13 Sep 2020 19:01:23 -0000 1.23 > +++ patches/patch-Makefile_in 28 Jul 2021 21:44:41 -0000 > @@ -3,7 +3,7 @@ $OpenBSD: patch-Makefile_in,v 1.23 2020/ > Index: Makefile.in > --- Makefile.in.orig > +++ Makefile.in > -@@ -2154,7 +2154,7 @@ info: info-recursive > +@@ -2197,7 +2197,7 @@ info: info-recursive > > info-am: > > Index: patches/patch-socket_c > =================================================================== > RCS file: /cvs/ports/mail/fetchmail/patches/patch-socket_c,v > retrieving revision 1.13 > diff -u -p -r1.13 patch-socket_c > --- patches/patch-socket_c 14 Sep 2020 15:14:55 -0000 1.13 > +++ patches/patch-socket_c 28 Jul 2021 21:44:41 -0000 > @@ -3,16 +3,7 @@ $OpenBSD: patch-socket_c,v 1.13 2020/09/ > Index: socket.c > --- socket.c.orig > +++ socket.c > -@@ -902,7 +902,7 @@ static const char *SSLCertGetCN(const char *mycert, > - return ret; > - } > - > --#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1010000fL > -+#if OPENSSL_VERSION_NUMBER < 0x1010000fL > - /* OSSL_proto_version_logic for OpenSSL 1.0.x and LibreSSL */ > - static int OSSL10X_proto_version_logic(int sock, const char **myproto, int > *avoid_ssl_versions) > - { > -@@ -1149,6 +1149,10 @@ int SSLOpen(int sock, char *mycert, char *mykey, const > +@@ -1150,6 +1150,10 @@ int SSLOpen(int sock, char *mycert, char *mykey, const > /* Check which trusted X.509 CA certificate store(s) to load */ > { > char *tmp; > @@ -23,7 +14,7 @@ Index: socket.c > int want_default_cacerts = 0; > > /* Load user locations if any is given */ > -@@ -1162,6 +1166,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const > +@@ -1163,6 +1167,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, const > if (want_default_cacerts || (tmp && tmp[0])) { > SSL_CTX_set_default_verify_paths(_ctx[sock]); > } > Index: patches/patch-tls-aux_h > =================================================================== > RCS file: patches/patch-tls-aux_h > diff -N patches/patch-tls-aux_h > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-tls-aux_h 28 Jul 2021 21:44:41 -0000 > @@ -0,0 +1,14 @@ > +$OpenBSD$ > + > +Index: tls-aux.h > +--- tls-aux.h.orig > ++++ tls-aux.h > +@@ -8,7 +8,7 @@ > + #ifdef SSL_ENABLE > + #include <openssl/opensslv.h> > + > +-# if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < > 0x1010000fL > ++# if OPENSSL_VERSION_NUMBER < 0x1010000fL > + # undef OSSL110_API > + # else > + # define OSSL110_API 1 > -- I'm not entirely sure you are real.