Upcoming stunnel 5.29 release

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Guys, This Friday I intend to release stunnel 5.29. The planned list of changes: * New features - New WIN32 icons. - Performance improvement: rwlocks used for locking with pthreads. * Bugfixes - Compilation fix for *BSD. - Fixed configuration file reload for relative stunnel.conf path on Unix. - Fixed ignoring CRLfile unless CAfile was also specified (thx to Strukov Petr). Feel free to try stunnel 5.29b3, so I can fix any discovered issues before the final release: https://www.stunnel.org/downloads.html Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJWit/iAAoJEC78f/DUFuAUtv8P/izyH0DIhUsDCWbYlyWRJDjr 2lwE1sYwmmMqtArM31N25QtRidEbZgTbuWQXaXY7/HALTnnI1VbDrbtAntVkovQr FDXGlVvkife2IuSDS92b8ezEuq5swCQoT6KoHJDj9yLBSTQdZNxGHv9GfbS90mmv fX3zcWmh+SklYnVgGrnc3GfgecaUS261KArdW1BTfA5ucydzse9z9X+2/iA7zl7i wwvSHkfH3+Q3VsmJaSmoHTiMqzRzvH0NpKnbm0J5OfOql/fT9Mfn57U5ZGnC5iWP bLlPmmP+fC7WLX8Cwl2DWESJ8kxPn2xEJbDGeCn9uzI0feKXMLwF/yrJopYVetIx fJDgts4iR8eFRcFcSIpBrnWxNoTi4RhCzuIj8U/zYOBsHJPs6gPcuDG9fYtPXhF8 D93e8HeOW7naNyi+mTDjBo8qdiGGh+/ITp1PkNonVgFCWkxLIpfS2k6iQ/DqNTXd szMU+uLeub5vt3ifRnSieTpIDTAsSbp0jarlXFRQNrUB0Cl8sgv/Ssl+ZYnDRyIa 2aTrK00eSc1nk+kZGJg5kTJM/t6PzfxtDUhVo5Pr6u9gwa94c34AHQ04W5dA7rTV 4pD4DxpFEk+2Syndjt6lncT/O2at3aYUkhyTZ/tN8/P22v1OWp+ci1WIpNXp/zVX z12IUAFfyQPIuvdwLzZr =CEXd -----END PGP SIGNATURE-----

Mich, I found a regression in 5.29.If I run stunnel.exe or tstunnel.exe with no arguments, having a configuration file stunnel.conf in the current directory, the program segfaults. This works fine on 5.28 or previous versions. I uploaded a dump file to http://www.osronline.com/page.cfm?name=Analyze and the report pointed to a call to strncpy. Then, I ran a diff between 5.28 and 5.29 sources and this sent me to file options.c, function options_cmdline. I found that in the call strncpy(configuration_file, name, PATH_MAX-1), name was null. The problem is that variable name initialized at the begining of the function is garbled at the end. The following patch fixed the issue for me: --- options.c.old Tue Dec 22 18:09:39 2015 +++ options.c Mon Jan 04 23:14:29 2016 @@ -272,8 +272,11 @@ } else #endif { - name=arg1; - type=CONF_FILE; + if (arg1) + { + name=arg1; + type=CONF_FILE; + } } #ifdef HAVE_REALPATH Regards, Jose A. Diaz On Monday, January 4, 2016 4:11 PM, Michal Trojnara <Michal.Trojnara@mirt.net> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Guys, This Friday I intend to release stunnel 5.29. The planned list of changes: * New features - New WIN32 icons. - Performance improvement: rwlocks used for locking with pthreads. * Bugfixes - Compilation fix for *BSD. - Fixed configuration file reload for relative stunnel.conf path on Unix. - Fixed ignoring CRLfile unless CAfile was also specified (thx to Strukov Petr). Feel free to try stunnel 5.29b3, so I can fix any discovered issues before the final release: https://www.stunnel.org/downloads.html Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJWit/iAAoJEC78f/DUFuAUtv8P/izyH0DIhUsDCWbYlyWRJDjr 2lwE1sYwmmMqtArM31N25QtRidEbZgTbuWQXaXY7/HALTnnI1VbDrbtAntVkovQr FDXGlVvkife2IuSDS92b8ezEuq5swCQoT6KoHJDj9yLBSTQdZNxGHv9GfbS90mmv fX3zcWmh+SklYnVgGrnc3GfgecaUS261KArdW1BTfA5ucydzse9z9X+2/iA7zl7i wwvSHkfH3+Q3VsmJaSmoHTiMqzRzvH0NpKnbm0J5OfOql/fT9Mfn57U5ZGnC5iWP bLlPmmP+fC7WLX8Cwl2DWESJ8kxPn2xEJbDGeCn9uzI0feKXMLwF/yrJopYVetIx fJDgts4iR8eFRcFcSIpBrnWxNoTi4RhCzuIj8U/zYOBsHJPs6gPcuDG9fYtPXhF8 D93e8HeOW7naNyi+mTDjBo8qdiGGh+/ITp1PkNonVgFCWkxLIpfS2k6iQ/DqNTXd szMU+uLeub5vt3ifRnSieTpIDTAsSbp0jarlXFRQNrUB0Cl8sgv/Ssl+ZYnDRyIa 2aTrK00eSc1nk+kZGJg5kTJM/t6PzfxtDUhVo5Pr6u9gwa94c34AHQ04W5dA7rTV 4pD4DxpFEk+2Syndjt6lncT/O2at3aYUkhyTZ/tN8/P22v1OWp+ci1WIpNXp/zVX z12IUAFfyQPIuvdwLzZr =CEXd -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05.01.2016 05:46, Jose Alf. wrote:
The following patch fixed the issue for me:
--- options.c.old Tue Dec 22 18:09:39 2015 +++ options.c Mon Jan 04 23:14:29 2016 @@ -272,8 +272,11 @@ } else #endif { - name=arg1; - type=CONF_FILE; + if (arg1) + { + name=arg1; + type=CONF_FILE; + } }
#ifdef HAVE_REALPATH
Thank you for reporting this issue. I made a really dumb mistake. My patch (restoring the intended control flow) is: - --- a/src/options.c +++ b/src/options.c @@ -227,6 +227,9 @@ int options_cmdline(char *arg1, char *arg2) { char *name; CONF_TYPE type; +#ifdef USE_WIN32 + (void)arg2; /* squash the unused parameter warning */ +#endif if(!arg1) { name= #ifdef CONFDIR @@ -258,9 +261,7 @@ int options_cmdline(char *arg1, char *arg2) { log_flush(LOG_MODE_INFO); return 2; } else - -#ifdef USE_WIN32 - - (void)arg2; /* squash the unused parameter warning */ - -#else +#ifndef USE_WIN32 if(!strcasecmp(arg1, "-fd")) { if(!arg2) { s_log(LOG_ERR, "No file descriptor specified"); I have uploaded stunnel-5.29b4 to https://www.stunnel.org/downloads.html Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWi5FeAAoJEC78f/DUFuAUz+0QALconnbPd1NM0gihc2Jv8vUN 2EjpUJtb+TsqwiSMDx1/5dPflKr6iE8XbdGvgBKDuW3+4yGd5zKflIITe3ZfrbUa qniSCOFgbAHONPwyUbFgcOaXuUzYsfNIg72I10+Jlk5F6QS9wLa0I1w4tgTOab6F HH0MXMmxprEQQ2Bn01Hd5nkGEECDWtTrkO3PuuoQ4AQ7u82BtRBcW5hdChx9UEao Gsg88Rj6wf4LYpibWj1cZTuEvC/QVuwLIi1ah0nipxTW6/dgklITvR7naw/styDn VAbAtVfvI/Kegx6zFTwnMGp+7BpANpLQsWgfDJCz9snbqSGj0N8UPwKWzudJtoCH WMBQTvhqKjAJLib936ddpCKIyuf4lWlC84R5qwnJE569PAWXkZzuhThQ3O3Z1Low UhtKT3bKwLvLkxCPOwyxY6WUuU9ULssjEar9vfo77JKUeqa7WDgWM2UBf32YVSji myFQQtHMJjPCinXrVuxstqec4BFCQRQ7qtNYNrLE71fWX+E/aKwTNDf1otYXtPhc /Dvh66BpuBwWK9+DuCpKnkuiLuekz1oHOTneEgcy0iLfQ7Jq81ERO0pyLWJTYGC4 rpWlzVffvPmMcKxg8rUe4Juthj6QjE49Rm42sQHAgTCjeZazn+9zyxtmUrTm00Ri QrIKYx4BsLYvMdQM40Ts =itMk -----END PGP SIGNATURE-----

Mich, Yes. My quick tests show that beta 4 works as intended. Any suggestions to measure performance improvements against 5.28? Regards,Jose On Tuesday, January 5, 2016 4:48 AM, Michal Trojnara <Michal.Trojnara@mirt.net> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05.01.2016 05:46, Jose Alf. wrote:
The following patch fixed the issue for me:
--- options.c.old Tue Dec 22 18:09:39 2015 +++ options.c Mon Jan 04 23:14:29 2016 @@ -272,8 +272,11 @@ } else #endif { - name=arg1; - type=CONF_FILE; + if (arg1) + { + name=arg1; + type=CONF_FILE; + } }
#ifdef HAVE_REALPATH
Thank you for reporting this issue. I made a really dumb mistake. My patch (restoring the intended control flow) is: - --- a/src/options.c +++ b/src/options.c @@ -227,6 +227,9 @@ int options_cmdline(char *arg1, char *arg2) { char *name; CONF_TYPE type; +#ifdef USE_WIN32 + (void)arg2; /* squash the unused parameter warning */ +#endif if(!arg1) { name= #ifdef CONFDIR @@ -258,9 +261,7 @@ int options_cmdline(char *arg1, char *arg2) { log_flush(LOG_MODE_INFO); return 2; } else - -#ifdef USE_WIN32 - - (void)arg2; /* squash the unused parameter warning */ - -#else +#ifndef USE_WIN32 if(!strcasecmp(arg1, "-fd")) { if(!arg2) { s_log(LOG_ERR, "No file descriptor specified"); I have uploaded stunnel-5.29b4 to https://www.stunnel.org/downloads.html Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWi5FeAAoJEC78f/DUFuAUz+0QALconnbPd1NM0gihc2Jv8vUN 2EjpUJtb+TsqwiSMDx1/5dPflKr6iE8XbdGvgBKDuW3+4yGd5zKflIITe3ZfrbUa qniSCOFgbAHONPwyUbFgcOaXuUzYsfNIg72I10+Jlk5F6QS9wLa0I1w4tgTOab6F HH0MXMmxprEQQ2Bn01Hd5nkGEECDWtTrkO3PuuoQ4AQ7u82BtRBcW5hdChx9UEao Gsg88Rj6wf4LYpibWj1cZTuEvC/QVuwLIi1ah0nipxTW6/dgklITvR7naw/styDn VAbAtVfvI/Kegx6zFTwnMGp+7BpANpLQsWgfDJCz9snbqSGj0N8UPwKWzudJtoCH WMBQTvhqKjAJLib936ddpCKIyuf4lWlC84R5qwnJE569PAWXkZzuhThQ3O3Z1Low UhtKT3bKwLvLkxCPOwyxY6WUuU9ULssjEar9vfo77JKUeqa7WDgWM2UBf32YVSji myFQQtHMJjPCinXrVuxstqec4BFCQRQ7qtNYNrLE71fWX+E/aKwTNDf1otYXtPhc /Dvh66BpuBwWK9+DuCpKnkuiLuekz1oHOTneEgcy0iLfQ7Jq81ERO0pyLWJTYGC4 rpWlzVffvPmMcKxg8rUe4Juthj6QjE49Rm42sQHAgTCjeZazn+9zyxtmUrTm00Ri QrIKYx4BsLYvMdQM40Ts =itMk -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05.01.2016 12:40, Jose Alf. wrote:
Yes. My quick tests show that beta 4 works as intended.
Thank you.
Any suggestions to measure performance improvements against 5.28?
The change allows for multiple readers to simultaneously enter some areas of code (in both OpenSSL and stunnel itself) that previously were protected with simple critical sections. The change is supposed to reduce latency when concurrent connections are used. Measuring the actual improvement may be tricky. The change was only implemented for pthreads. On Windows, rwlocks are only available on Vista and higher. I'd need a better reason for breaking compatibility with Windows 2000/XP. 8-) Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWi7RHAAoJEC78f/DUFuAUbiQP+waIarGCpW1MlC3gLVl49LMa 9H1bGEpzLwtHEWk1NIU/aCpVeYjUnefzHDVlvoXlxkgfJarwNC2NNoM+ymI955WX N1mee2lzgLkwkVq23QJiStQsREwuEzXtVUdw34U2f/UYp/3GDNU2vZJp/4lv4hcY MfWrJZWYQAoV3LYs1urx/+EjJjSpq+Ijy1N3yUEBTXsL9hacDptuaiGEtAB0XDJH iP+XDw9X0A3grkjMz9CyJSY/m8Rd2Fxy+frcRgRS+pCZ9BrdWhwzkRCueaYmGMle f8J+5znidh/3n41sfWi5LwaFxNDKj8iuMDAOhMcsEu4j8DPG6IcOK8EDaBY/te1D kNiJsnMB2IwUlOYg46mYzODN8yv4kAx+StPpapoKdihX28G0NiVhnO4yt2aJZpGw eAxQ7G7KNYgdJtX7DE+USvKMpw4HiiozU9qvdo1sRwtHVSxY8gD+ZUYwzh21Zn+S KLeVnnG0rjeJtYA1MWte1GHhKerOFy27h4MfcZ2ZprNk3gQZPXgzwgBRUF8+N41x pnqoiw3x3HBCbyN6G/lZDBWEc5bri4r5oCRWZswMfrGKnDYLGg7Rq49v46Is+490 0wHo0TinHC96lMmYqNa4yPZhD2zgn0ork0OSc9UvSx8lIgUY3c7Y1GmjhyLTv/XF xnxM2Yj+rqHighsCkaqU =Y+IJ -----END PGP SIGNATURE-----
participants (2)
-
Jose Alf.
-
Michal Trojnara