From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
	autolearn=ham autolearn_force=no version=3.4.6
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id 3757A1F565
	for <meta@public-inbox.org>; Tue,  3 Oct 2023 06:43:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org;
	s=selector1; t=1696315433;
	bh=9m+hNLVdb/tNPYOkAizRLdOSjEIioZXw0q0u51CRMZQ=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=eoOymoP7ysO81zOUsI1t8ZyfArQg/KhzBD80qnNdOzHmeTIKegZMTE2lcV3yrViKK
	 JajAx68PZKSwuQVaqiSfv2lRZ/SpNTZEN9tdtdiU7Rfz86DlgsXPeVccubnmXFOjva
	 qsG7wmJzlbq87VRMsxMZibdob5yfIMQlGwXdjoxw=
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 2/8] net_reader: avoid IO::Socket::SSL 2.079..2.081 warning
Date: Tue,  3 Oct 2023 06:43:46 +0000
Message-ID: <20231003064352.2902298-3-e@80x24.org>
In-Reply-To: <20231003064352.2902298-1-e@80x24.org>
References: <20231003064352.2902298-1-e@80x24.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <meta.public-inbox.org>

IO::Socket::SSL had an unitialized variable warning from a bad
regexp for a few releases.  This will also prepare us to support
imap.sslverify as git does and possibly other TLS-related
options.
---
 lib/PublicInbox/NetReader.pm | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/lib/PublicInbox/NetReader.pm b/lib/PublicInbox/NetReader.pm
index 32e4c20f..e14b5805 100644
--- a/lib/PublicInbox/NetReader.pm
+++ b/lib/PublicInbox/NetReader.pm
@@ -40,6 +40,15 @@ EOM
 	die "$val not understood (only socks5h:// is supported)\n";
 }
 
+# gives an arrayref suitable for the Mail::IMAPClient Ssl or Starttls arg
+sub mic_tls_opt ($$) {
+	my ($o, $hostname) = @_;
+	require IO::Socket::SSL;
+	$o = {} if !ref($o);
+	$o->{SSL_hostname} //= $hostname;
+	[ map { ($_, $o->{$_}) } keys %$o ];
+}
+
 sub mic_new ($$$$) {
 	my ($self, $mic_arg, $sec, $uri) = @_;
 	my %mic_arg = (%$mic_arg, Keepalive => 1);
@@ -54,12 +63,20 @@ sub mic_new ($$$$) {
 		$opt{ConnectPort} = delete $mic_arg{Port};
 		my $s = IO::Socket::Socks->new(%opt) or die
 			"E: <$uri> ".eval('$IO::Socket::Socks::SOCKS_ERROR');
-		if ($mic_arg->{Ssl}) { # for imaps://
-			require IO::Socket::SSL;
-			$s = IO::Socket::SSL->start_SSL($s) or die
+		if (my $o = delete $mic_arg{Ssl}) { # for imaps://
+			$o = mic_tls_opt($o, $opt{ConnectAddr});
+			$s = IO::Socket::SSL->start_SSL($s, @$o) or die
 				"E: <$uri> ".(IO::Socket::SSL->errstr // '');
+		} elsif ($o = $mic_arg{Starttls}) {
+			# Mail::IMAPClient will use this:
+			$mic_arg{Starttls} = mic_tls_opt($o, $opt{ConnectAddr});
 		}
 		$mic_arg{Socket} = $s;
+	} elsif ($mic_arg{Ssl} || $mic_arg{Starttls}) {
+		for my $f (qw(Ssl Starttls)) {
+			my $o = $mic_arg{$f} or next;
+			$mic_arg{$f} = mic_tls_opt($o, $mic_arg{Server});
+		}
 	}
 	PublicInbox::IMAPClient->new(%mic_arg);
 }