Thanks!

I applied the patch to tls.c and I'm able to create sessions with no problem. 

The version of OpenSSL provided by IBM is built off the 1.0.1e codebase, with backported security fixes via "iFixes" for announced CVEs. They apparently don't backport new functionality or maybe even non-CVE bugfixes. I'm guessing an un-patched stunnel 5.17 would work once/if they release OpenSSL built off 1.0.1j or later.



On Tue, May 12, 2015 at 3:40 PM, Michal Trojnara <Michal.Trojnara@mirt.net> wrote:
On 12.05.2015 18:29, Eckert, Doug wrote:
> With that in mind, I compiled stunnel v5.03 with same OpenSSL 1.0.1.513
> and iFix IV71446m9a applied as with the v5.17 attempt. I'm able to
> create sessions with no problem. The internal error/bad magic does not
> occur.

Additional security checks to the OpenSSL memory management functions
were introduced in stunnel 5.09.  The enclosed patch disables them in
the latest stunnel 5.17.

Mike

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users




--