SciFi wrote:
2012.01.11 20:48:52 LOG5[25326:2697274688]: stunnel 4.52 on x86_64-apple-darwin10.8.0 platform
2012.01.11 20:48:52 LOG5[25326:2697274688]: Compiled with OpenSSL 1.1.0-dev xx XXX xxxx
2012.01.11 20:48:52 LOG5[25326:2697274688]: Running with OpenSSL 0.9.8r 8 Feb 2011
2012.01.11 20:48:52 LOG5[25326:2697274688]: Update OpenSSL shared libraries or rebuild stunnel
[cut]
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000020
[Switching to process 25326 thread 0x1403]
0x94b0b2d6 in X509_get_subject_name ()
(gdb) bt
#0 0x94b0b2d6 in X509_get_subject_name ()
#1 0x0000f213 in verify_callback ()
[cut]
I'm sorry, that's about as deep as I know to go. ;)
The level of details is perfectly fine. Different numeric part of the OpenSSL version number indicates major changes in code *and* data structures. This is very likely to cause crashes. The architecture details of 0.9.8 and 1.1.0 are very different.
I modified stunnel to make it independent from the layout of X509_STORE_CTX data structure:
It's still better to run stunnel with the version of OpenSSL it was compiled with.
But I should be able to do more tests with detailed instructions if needed.
For now, I will comment-out the "verify" line, and use this build with your basic .conf file even tho it makes me remain highly paranoid. ;(
That's good. Without certificate-based authentication, SSL is vulnerable to man-in-the-middle attacks.