Thanks!
I applied the patch to tls.c and I'm able to create sessions with no problem.
The version of OpenSSL provided by IBM is built off the 1.0.1e codebase, with backported security fixes via "iFixes" for announced CVEs. They apparently don't backport new functionality or maybe even non-CVE bugfixes. I'm guessing an un-patched stunnel 5.17 would work once/if they release OpenSSL built off 1.0.1j or later.
On Tue, May 12, 2015 at 3:40 PM, Michal Trojnara <Michal.Trojnara@mirt.net
wrote:
On 12.05.2015 18:29, Eckert, Doug wrote:
With that in mind, I compiled stunnel v5.03 with same OpenSSL 1.0.1.513 and iFix IV71446m9a applied as with the v5.17 attempt. I'm able to create sessions with no problem. The internal error/bad magic does not occur.
Additional security checks to the OpenSSL memory management functions were introduced in stunnel 5.09. The enclosed patch disables them in the latest stunnel 5.17.
Mike
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
--
-
Eckert, Doug