Hello,
Recently I started using stunnel in an embedded Linux product and I had need to add several features that I think other users would benefit from. I have attached them as separate patches against 4.33. I hereby release them into the public domain.
Here is a description of each:
stunnel-4.33-handle-minimal-ssl-libs.patch:
Add support for building against a libssl/libcrypo that has had various non-essential features removed via the "no-<feature>" Configure options for openssl. This requires disabling non-essential Stunnel features at compile-time if they have dependencies on disabled libssl/libcrypto features.
For memory-constrained embedded systems, this is a big win. With this patch I was able to cut the memory footprint of stunnel+openssl by about a third simply by disabling openssl features that I didn't need.
stunnel-4.33-separate-stderr-option.patch
This splits the stderr logging effect of the "foreground" option into a separate option named "stderr", so that users have the freedom to enable foreground without stderr logging, or vice versa. For backwards compatibility though, specifying foreground = yes implies stderr = yes unless followed in the config by stderr = no.
This is useful on embedded Linux systems that lack an implementation of fork() (due to the processor not having an MMU), because on such systems every daemon has to be launched in a foreground mode and pre-daemonized with the simpler vfork() function, e.g. using "&" from a shell. In this mode, logging to stderr does not make sense, because in reality the process is still a daemon so the logging clutters the terminal.
stunnel-4.33-dns-commonname-verify-support.patch:
I saved the best for last. ;) This adds a "verify_dns" option to check the CommonName in peer certificates against their DNS name when verifying, much as web browsers do.
I have seen posts from users asking for this feature in the past, so I think it's value is self-evident.
I'd also like to take this opportunity to say that I'm a long-time user of Stunnel on my personal Linux desktop machine and it is a really excellent piece of software. Thank you for making it free and open source.