Make openssl and stunnel static. That is what I do and I consider it MUCH smarter than dynamic. I got tired of getting support calls because stunnel stopped working because the user installed a new openssl. Static will always work.
Another piece of advice – do NOT put it on /usr/local/opensl or /usr/local/stunnel (or whatever the defaults are). Before building make your OWN directories. Our short name for our product is “met” so we use /usr/local/met/obj and /usr/local/met/bin for the object and binary files, respectively. This ensures nobody will install over you.
This is also a real security issue mostly ignored. Most people have heard of SQL injection (where SQL is modified to do what the developer never intended). However, DLL injection (e.g. dynamic library injection) is a real problem. I could easily install an openssl DLL that does exactly what it should do … and sends the same data in clear text (or with my own encryption) to my machine. A thief could simply install one dynamic library and then OWN your data.
E
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of White Little
Sent: Sunday, September 30, 2018 11:33 PM
To: stunnel-users@stunnel.org
Subject: [stunnel-users] build static stunnel with openssl
Hi All
I try to build a static (portable) stunnel that contain opensll.
I know there are some similar questions long ago, but I still fail on how to build it.
I try to link the stunnel to latest openssl, so I download the openssl-1.0.2p and make it.
And then I type ./configure --enable-static --with-ssl= openssl-1.0.2p_dir
And typing make, I found there is a stunnel binary under /src folder, but it still not include the openssl.
Do I miss something that I did not notice?
Thanks