I just had an upgrade issue going from stunnel 4.32 (using the openssl 0.9.8x libraries) and stunnel 4.34 (using the openssl 1.0.0x libraries). I'm using the CAPATH option and verify = 2 to verify connections. The openssl group changed the hash algorithm between 0.9.8 and 1.0.0 so that the certificates have to have a different name (this is a Windows installation, so no linked names). When I initially converted I has two copies of the names, one using the old hash and one using the new hash and everything worked perfectly. However, after cleaned up the directories and removed the old hash names, things began to fail. Eventually I could not make any connections to the system running stunnel 4.34. Eventually, it occurred to me to check for multiple versions of the SSLEAY32.DLL and the system and there were a number of copies. For whatever reason, the 0.9.8x version got loaded first and so the 1.0.0x hash names were not recognized.
This explanation is a long winded request for having the option of having a statically linked version of stunnel for Windows. I have about 10 systems running stunnel 4.34 and all but this one worked properly. However, having the vagaries of which version of SSLEAY32 gets loaded by Windows first determining the correct operation of the system is an uncertainty that it would be very good to live without.
Thanks for the consideration.
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890