
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.20 of stunnel. The ChangeLog entry: Version 5.20, 2015.07.09, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2d. https://www.openssl.org/news/secadv_20150709.txt * New features - poll(2) re-enabled on MacOS X 10.5 and later. - Xcode SDK is automatically used on MacOS X if no other locally installed OpenSSL directory is found. - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - A warning was added to stunnel.init if no pid file was specified in the configuration file (thx to Peter Pentchev). - Optional debugging symbols are included in the Win32 installer. - Documentation updates (closes Debian bug #781669). * Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Fixed removing the disabled taskbar icon. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - LSB compatibility fixes added to the stunnel.init script (thx to Peter Pentchev). - Fixed the manual page headers (thx to Gleydson Soares). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 4a36a3729a7287d9d82c4b38bf72c4d3496346cb969b86129c5deac22b20292b stunnel-5.20.tar.gz 9d9d38241e972713cd0937e2cf66fdacf3adcb357fbea82d8e46648de4e26fa4 stunnel-5.20-installer.exe cfc1e94cb7c7bf14c832ac8799db4a3438ae7542aa04ec5e9c6695a1a3c3843d stunnel-5.20-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVnoXOAAoJEC78f/DUFuAUGvoP/1WQ2DliVyQQNGDYPkE2Rbqk BJ7lMEseYdPLjZVtkNPQIuH9PCc/qbWMrDFK1sJg+R7d0yyp+Ip+ucH4i5GCfW6o xIZQ00WVa/qV52AcEDGTZ+43EBPBIFNMkSeJlkwyj81ISZ+my0YpqPNSF77fZFdN IqGln9e+1n4gM+8SOgPnJs2XiR2EsbQzmwaZcTCOoKp56j6q2bLXlYC802B9KezJ ex2dmbGV2JEHmNarSUxWO45VnFdqhjhz4qHySm6KnLD2hoyS9Ex2XyynuuyIiIVx yU9M1zliZvgQSQ4RTpO3Ko2b9Qy2cYDECrFwk7i5rlwmiCw1zH5zWGh1rnAsLJHn 7SAxc5BfiB3VQl16CgoLM65no2mJ60f499ab3LA0uTNbt03PrPkc5cK8w+ec3YNU 6E59R4FXC6ae5T4iR7b9mBGifUHWtg53I1H7qbD6Pye/EH5QciSSPizEHeORYlPy fC3jOMEIUDlXjqI7k/XMGVPJ7SSKFkBNiqHKTKoM12QhiZXLLh4Ig3aQJgqX5IBQ VdML1/W9MdBlZNAHYaUBrkSls99aVbIsHJ5yAE0gsF5Lgi6hK6zDkXiKoVEozN5A N6MtfQHs/JS2nvlmCbtGWrK66EXKxW409f0JS3AJG6tjOquuSZYmR944EPzQD+zA WPivIUH2TVk63kULw/ui =Uw+D -----END PGP SIGNATURE-----

Thank you Mike for sharing the update! Actually i was trying to install 5.20 on Mac OS using the executable provided by you on website but i am getting the below error while installing. It is giving me error for missing configuration file and when i investigated at the path(/etc/stunnel/stunnel.conf), there was no stunnel folder only. Also please let me know if i need to install openSSL before installing this executable. Thank you. Installation Logs--> MobileLab:Downloads sahnilsurana$ ./stunnel-5.20b8-osx [ ] Cron started [ ] Clients allowed=500 [.] stunnel 5.20 on x86_64-apple-darwin14.3.0 platform [.] Compiled with OpenSSL 0.9.8zd 8 Jan 2015 [.] Running with OpenSSL 0.9.8za 5 Jun 2014 [.] Update OpenSSL shared libraries or rebuild stunnel [.] Threading:PTHREAD Sockets:SELECT,IPv6 TLS:ENGINE,OCSP [ ] errno: (*__error()) [.] Reading configuration from file /etc/stunnel/stunnel.conf [!] Cannot open configuration file [.] [.] Syntax: [.] stunnel [<filename>] ] -fd <n> | -help | -version | -sockets [.] <filename> - use specified config file [.] -fd <n> - read the config file from a file descriptor [.] -help - get config file help [.] -version - display version and defaults [.] -sockets - display default socket options Regards, Saurabh Beriwal On Thu, Jul 9, 2015 at 7:31 AM, Michal Trojnara <Michal.Trojnara@mirt.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Users,
I have released version 5.20 of stunnel.
The ChangeLog entry:
Version 5.20, 2015.07.09, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2d. https://www.openssl.org/news/secadv_20150709.txt * New features - poll(2) re-enabled on MacOS X 10.5 and later. - Xcode SDK is automatically used on MacOS X if no other locally installed OpenSSL directory is found. - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - A warning was added to stunnel.init if no pid file was specified in the configuration file (thx to Peter Pentchev). - Optional debugging symbols are included in the Win32 installer. - Documentation updates (closes Debian bug #781669). * Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Fixed removing the disabled taskbar icon. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - LSB compatibility fixes added to the stunnel.init script (thx to Peter Pentchev). - Fixed the manual page headers (thx to Gleydson Soares).
Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html
SHA-256 hashes: 4a36a3729a7287d9d82c4b38bf72c4d3496346cb969b86129c5deac22b20292b stunnel-5.20.tar.gz 9d9d38241e972713cd0937e2cf66fdacf3adcb357fbea82d8e46648de4e26fa4 stunnel-5.20-installer.exe cfc1e94cb7c7bf14c832ac8799db4a3438ae7542aa04ec5e9c6695a1a3c3843d stunnel-5.20-android.zip
Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJVnoXOAAoJEC78f/DUFuAUGvoP/1WQ2DliVyQQNGDYPkE2Rbqk BJ7lMEseYdPLjZVtkNPQIuH9PCc/qbWMrDFK1sJg+R7d0yyp+Ip+ucH4i5GCfW6o xIZQ00WVa/qV52AcEDGTZ+43EBPBIFNMkSeJlkwyj81ISZ+my0YpqPNSF77fZFdN IqGln9e+1n4gM+8SOgPnJs2XiR2EsbQzmwaZcTCOoKp56j6q2bLXlYC802B9KezJ ex2dmbGV2JEHmNarSUxWO45VnFdqhjhz4qHySm6KnLD2hoyS9Ex2XyynuuyIiIVx yU9M1zliZvgQSQ4RTpO3Ko2b9Qy2cYDECrFwk7i5rlwmiCw1zH5zWGh1rnAsLJHn 7SAxc5BfiB3VQl16CgoLM65no2mJ60f499ab3LA0uTNbt03PrPkc5cK8w+ec3YNU 6E59R4FXC6ae5T4iR7b9mBGifUHWtg53I1H7qbD6Pye/EH5QciSSPizEHeORYlPy fC3jOMEIUDlXjqI7k/XMGVPJ7SSKFkBNiqHKTKoM12QhiZXLLh4Ig3aQJgqX5IBQ VdML1/W9MdBlZNAHYaUBrkSls99aVbIsHJ5yAE0gsF5Lgi6hK6zDkXiKoVEozN5A N6MtfQHs/JS2nvlmCbtGWrK66EXKxW409f0JS3AJG6tjOquuSZYmR944EPzQD+zA WPivIUH2TVk63kULw/ui =Uw+D -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12.07.2015 07:20, Saurabh Beriwal wrote:
Thank you Mike for sharing the update! Actually i was trying to install 5.20 on Mac OS using the executable provided by you on website but i am getting the below error while installing. It is giving me error for missing configuration file and when i investigated at the path(/etc/stunnel/stunnel.conf), there was no stunnel folder only.
Yes, stunnel needs a configuration file to work. It is probably a good time for you to read the fine manual at https://www.stunnel.org/static/stunnel.html
Also please let me know if i need to install openSSL before installing this executable. Thank you.
No, you don't need to install additional OpenSSL library on your OSX.
[.] Syntax:
[.] stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
[.] <filename> - use specified config file
This is where it tells you how to specify the configuration file name. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVo20PAAoJEC78f/DUFuAU50wP/3zFlTa5Xs7TkEcrGpfdss4M nVj+GrmPKYQc4/+qW87KHNvbNo8nqawVfQO+ziJzVosBNBC0LQcekc3hmoUSKRNS 8sv52uNqljAIrZkFJiWg3ciDotOW+9zGmEbW4RG/C3W/m2eY7oCDpyglq4HVGtHQ 6QeZa+35s7csDY3lnn6zoSYfMTs5iGqUZA00Cfb0+c4osHNIhdRAWne0yGDTdnVt ILm0kXAlu0FuVDamOctgBBuylQjpjCt94b4jLI4NVzUEK//FKo7fkrpzxUIt/Cd1 bmZ+eJdScxM4gTgf05vjCw0jFWabLfBQ9Udsnm736+twDmJxGATADFboSv170Lk2 zIzCBgaoUzcLhvkVxWCr6Q2WgQlJyMWHzE9TE4wefkuJ9l9b2h/+nOZi6uH6sT5d 4TAFhYhbLZjAZhiHgB16ix4S61yUaXykmgwmWl/pPFn9+W2hR4h5pUdpQqMAD8Md 1hC9TRngV3Chcd6t4t3r60IA7jGQ4fQfc9xiSyn2oaU25j8rEAyBLksXuI4Kfm6Y 08DKlooixeczrLuYNmM0sTXwAVL/h9SSrfwH7IxKWDVk9wPYXFg/1frYRov53QjO 5pbyBLifWV2FkM41mDMereFPLb8p3DTomz5r1jEMM+q3F7nLo6VZoBXXVmAoCbS/ GchtkYlpXurltTVw93ec =OEu/ -----END PGP SIGNATURE-----

Thank you Michal for the explanation. Now I am able to load configuration file successfully but I am getting error in creating the connection so I just wanted to know the path where I can see the log file. Also is it possible to change .pem file with this executable? On Jul 13, 2015 1:17 PM, "Michal Trojnara" <Michal.Trojnara@mirt.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12.07.2015 07:20, Saurabh Beriwal wrote:
Thank you Mike for sharing the update! Actually i was trying to install 5.20 on Mac OS using the executable provided by you on website but i am getting the below error while installing. It is giving me error for missing configuration file and when i investigated at the path(/etc/stunnel/stunnel.conf), there was no stunnel folder only.
Yes, stunnel needs a configuration file to work. It is probably a good time for you to read the fine manual at https://www.stunnel.org/static/stunnel.html
Also please let me know if i need to install openSSL before installing this executable. Thank you.
No, you don't need to install additional OpenSSL library on your OSX.
[.] Syntax:
[.] stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
[.] <filename> - use specified config file
This is where it tells you how to specify the configuration file name.
Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJVo20PAAoJEC78f/DUFuAU50wP/3zFlTa5Xs7TkEcrGpfdss4M nVj+GrmPKYQc4/+qW87KHNvbNo8nqawVfQO+ziJzVosBNBC0LQcekc3hmoUSKRNS 8sv52uNqljAIrZkFJiWg3ciDotOW+9zGmEbW4RG/C3W/m2eY7oCDpyglq4HVGtHQ 6QeZa+35s7csDY3lnn6zoSYfMTs5iGqUZA00Cfb0+c4osHNIhdRAWne0yGDTdnVt ILm0kXAlu0FuVDamOctgBBuylQjpjCt94b4jLI4NVzUEK//FKo7fkrpzxUIt/Cd1 bmZ+eJdScxM4gTgf05vjCw0jFWabLfBQ9Udsnm736+twDmJxGATADFboSv170Lk2 zIzCBgaoUzcLhvkVxWCr6Q2WgQlJyMWHzE9TE4wefkuJ9l9b2h/+nOZi6uH6sT5d 4TAFhYhbLZjAZhiHgB16ix4S61yUaXykmgwmWl/pPFn9+W2hR4h5pUdpQqMAD8Md 1hC9TRngV3Chcd6t4t3r60IA7jGQ4fQfc9xiSyn2oaU25j8rEAyBLksXuI4Kfm6Y 08DKlooixeczrLuYNmM0sTXwAVL/h9SSrfwH7IxKWDVk9wPYXFg/1frYRov53QjO 5pbyBLifWV2FkM41mDMereFPLb8p3DTomz5r1jEMM+q3F7nLo6VZoBXXVmAoCbS/ GchtkYlpXurltTVw93ec =OEu/ -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Hi Michal, Thank you for your help! I was able to create connection through stunnel. However i am not sure how to start and stop services using stunnel-5.20b8-osx <https://www.stunnel.org/downloads/stunnel-5.20b8-osx> executable. I am new to mac OS so i am not aware if there is any standard process for files with this extension. Also this executable works fine on my mac machine but still i wanted to know if there is any requirement for this to work. Regards, Saurabh Beriwal On Mon, Jul 13, 2015 at 12:47 AM, Michal Trojnara <Michal.Trojnara@mirt.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12.07.2015 07:20, Saurabh Beriwal wrote:
Thank you Mike for sharing the update! Actually i was trying to install 5.20 on Mac OS using the executable provided by you on website but i am getting the below error while installing. It is giving me error for missing configuration file and when i investigated at the path(/etc/stunnel/stunnel.conf), there was no stunnel folder only.
Yes, stunnel needs a configuration file to work. It is probably a good time for you to read the fine manual at https://www.stunnel.org/static/stunnel.html
Also please let me know if i need to install openSSL before installing this executable. Thank you.
No, you don't need to install additional OpenSSL library on your OSX.
[.] Syntax:
[.] stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
[.] <filename> - use specified config file
This is where it tells you how to specify the configuration file name.
Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJVo20PAAoJEC78f/DUFuAU50wP/3zFlTa5Xs7TkEcrGpfdss4M nVj+GrmPKYQc4/+qW87KHNvbNo8nqawVfQO+ziJzVosBNBC0LQcekc3hmoUSKRNS 8sv52uNqljAIrZkFJiWg3ciDotOW+9zGmEbW4RG/C3W/m2eY7oCDpyglq4HVGtHQ 6QeZa+35s7csDY3lnn6zoSYfMTs5iGqUZA00Cfb0+c4osHNIhdRAWne0yGDTdnVt ILm0kXAlu0FuVDamOctgBBuylQjpjCt94b4jLI4NVzUEK//FKo7fkrpzxUIt/Cd1 bmZ+eJdScxM4gTgf05vjCw0jFWabLfBQ9Udsnm736+twDmJxGATADFboSv170Lk2 zIzCBgaoUzcLhvkVxWCr6Q2WgQlJyMWHzE9TE4wefkuJ9l9b2h/+nOZi6uH6sT5d 4TAFhYhbLZjAZhiHgB16ix4S61yUaXykmgwmWl/pPFn9+W2hR4h5pUdpQqMAD8Md 1hC9TRngV3Chcd6t4t3r60IA7jGQ4fQfc9xiSyn2oaU25j8rEAyBLksXuI4Kfm6Y 08DKlooixeczrLuYNmM0sTXwAVL/h9SSrfwH7IxKWDVk9wPYXFg/1frYRov53QjO 5pbyBLifWV2FkM41mDMereFPLb8p3DTomz5r1jEMM+q3F7nLo6VZoBXXVmAoCbS/ GchtkYlpXurltTVw93ec =OEu/ -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Hi Michal , I know , i am asking too many questions but i am again stuck. Actually now everything is working fine if i provide absolute path for stunnel.pem in configuration file but as per my requirement , i don't want to be dependent on absolute file path and want to generate it dynamically. but i am not able to understand how to do this.Please help. On Mon, Jul 13, 2015 at 12:47 AM, Michal Trojnara <Michal.Trojnara@mirt.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12.07.2015 07:20, Saurabh Beriwal wrote:
Thank you Mike for sharing the update! Actually i was trying to install 5.20 on Mac OS using the executable provided by you on website but i am getting the below error while installing. It is giving me error for missing configuration file and when i investigated at the path(/etc/stunnel/stunnel.conf), there was no stunnel folder only.
Yes, stunnel needs a configuration file to work. It is probably a good time for you to read the fine manual at https://www.stunnel.org/static/stunnel.html
Also please let me know if i need to install openSSL before installing this executable. Thank you.
No, you don't need to install additional OpenSSL library on your OSX.
[.] Syntax:
[.] stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
[.] <filename> - use specified config file
This is where it tells you how to specify the configuration file name.
Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJVo20PAAoJEC78f/DUFuAU50wP/3zFlTa5Xs7TkEcrGpfdss4M nVj+GrmPKYQc4/+qW87KHNvbNo8nqawVfQO+ziJzVosBNBC0LQcekc3hmoUSKRNS 8sv52uNqljAIrZkFJiWg3ciDotOW+9zGmEbW4RG/C3W/m2eY7oCDpyglq4HVGtHQ 6QeZa+35s7csDY3lnn6zoSYfMTs5iGqUZA00Cfb0+c4osHNIhdRAWne0yGDTdnVt ILm0kXAlu0FuVDamOctgBBuylQjpjCt94b4jLI4NVzUEK//FKo7fkrpzxUIt/Cd1 bmZ+eJdScxM4gTgf05vjCw0jFWabLfBQ9Udsnm736+twDmJxGATADFboSv170Lk2 zIzCBgaoUzcLhvkVxWCr6Q2WgQlJyMWHzE9TE4wefkuJ9l9b2h/+nOZi6uH6sT5d 4TAFhYhbLZjAZhiHgB16ix4S61yUaXykmgwmWl/pPFn9+W2hR4h5pUdpQqMAD8Md 1hC9TRngV3Chcd6t4t3r60IA7jGQ4fQfc9xiSyn2oaU25j8rEAyBLksXuI4Kfm6Y 08DKlooixeczrLuYNmM0sTXwAVL/h9SSrfwH7IxKWDVk9wPYXFg/1frYRov53QjO 5pbyBLifWV2FkM41mDMereFPLb8p3DTomz5r1jEMM+q3F7nLo6VZoBXXVmAoCbS/ GchtkYlpXurltTVw93ec =OEu/ -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15.07.2015 19:07, Saurabh Beriwal wrote:
Actually now everything is working fine if i provide absolute path for stunnel.pem in configuration file but as per my requirement , i don't want to be dependent on absolute file path and want to generate it dynamically. but i am not able to understand how to do this.Please help.
The following example illustrates using dynamic configuration files: #!/bin/bash REMOTE_HOST="www.stunnel.org:443" echo "client script connecting $REMOTE_HOST" stunnel -fd 10 11<&0 <<EOT 10<&0 0<&11 11<&- client=yes connect=$REMOTE_HOST EOT echo "client script finished" Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVppS9AAoJEC78f/DUFuAUHy4QAMZ9SzUQf7TrbrWEHpKNSEhM k0IXovZe6CjPebMcKZdmALfUUYCvGuBNsj23kf7HGUQlSx6MMsIKKj3rpQwfm0T0 SiqhVYJV+ErIDFa8tFYbygVK/qeHD/5h1wwahwIEdAc1lCLfwBog3Ad8hOwAXgmE hjkbAhg6rf3rKSbA1IZmomqmY8zBWB5ZWICetX6AQidbXaYdLR+3WSssonTJb4/3 Igiw4KNZo+ldGDmfffJg99qxRfV/MfhcPTz5WpSrt6MyGW/Cf1zeKw++gYVx1hvC dP+ZWOLbO4WGQWO21msUERgTtLgyog1XUr5FZiOH4V0d4tkmkIupZD5UQgZDwgLQ dNwdYmSlLWag1Emwzw6P6yTJcfGT61KgDejvkF+7C3pCZRXLGOGvn0f48k5i3XBx BwSsNWvt1ljq3iWuuOvQHR1lI3fFTkz3/l7pPrccBbUSzW5qf7vf3EsqIbH9gFWA Rjta7cy6XEQ8DZlq+r+OaC/Wk6hlbxetSg4aKW5+51BodNBKDZ8kxDLMP3CgXSQx LtbZe3xL+1S9w/B3ySp0Fid1mEGAWy36pzRF4fpqcYKBmH9+/zXYrFhWSNu/AvfH huKDTc4DEy8RjZYGqnBTMCqZ2B7iWNB11tkwQjpXAKpNtBZt5DfNmT7Q4bitXhf5 yEKb2mHgypmP2LNJa3J9 =p0H6 -----END PGP SIGNATURE-----

Hi, I am unable to compile stunnel 5.20 against openssl 1.0.2d (or even 1.0.2c). There a compilation error at some point. cron.c:151: warning: conflicting types for 'cron_dh_param' cron.c:151: error: static declaration of 'cron_dh_param' follows non-static declaration cron.c:131: error: previous implicit declaration of 'cron_dh_param' was here cron.c: In function 'cron_dh_param': I'm on on RHEL 5.10. No issues with stunnel 5.19 with either openssl versions. Thanks. 2015-07-09 10:31 GMT-04:00 Michal Trojnara <Michal.Trojnara@mirt.net>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Users,
I have released version 5.20 of stunnel.
The ChangeLog entry:
Version 5.20, 2015.07.09, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2d. https://www.openssl.org/news/secadv_20150709.txt * New features - poll(2) re-enabled on MacOS X 10.5 and later. - Xcode SDK is automatically used on MacOS X if no other locally installed OpenSSL directory is found. - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - A warning was added to stunnel.init if no pid file was specified in the configuration file (thx to Peter Pentchev). - Optional debugging symbols are included in the Win32 installer. - Documentation updates (closes Debian bug #781669). * Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Fixed removing the disabled taskbar icon. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - LSB compatibility fixes added to the stunnel.init script (thx to Peter Pentchev). - Fixed the manual page headers (thx to Gleydson Soares).
Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html
SHA-256 hashes: 4a36a3729a7287d9d82c4b38bf72c4d3496346cb969b86129c5deac22b20292b stunnel-5.20.tar.gz 9d9d38241e972713cd0937e2cf66fdacf3adcb357fbea82d8e46648de4e26fa4 stunnel-5.20-installer.exe cfc1e94cb7c7bf14c832ac8799db4a3438ae7542aa04ec5e9c6695a1a3c3843d stunnel-5.20-android.zip
Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJVnoXOAAoJEC78f/DUFuAUGvoP/1WQ2DliVyQQNGDYPkE2Rbqk BJ7lMEseYdPLjZVtkNPQIuH9PCc/qbWMrDFK1sJg+R7d0yyp+Ip+ucH4i5GCfW6o xIZQ00WVa/qV52AcEDGTZ+43EBPBIFNMkSeJlkwyj81ISZ+my0YpqPNSF77fZFdN IqGln9e+1n4gM+8SOgPnJs2XiR2EsbQzmwaZcTCOoKp56j6q2bLXlYC802B9KezJ ex2dmbGV2JEHmNarSUxWO45VnFdqhjhz4qHySm6KnLD2hoyS9Ex2XyynuuyIiIVx yU9M1zliZvgQSQ4RTpO3Ko2b9Qy2cYDECrFwk7i5rlwmiCw1zH5zWGh1rnAsLJHn 7SAxc5BfiB3VQl16CgoLM65no2mJ60f499ab3LA0uTNbt03PrPkc5cK8w+ec3YNU 6E59R4FXC6ae5T4iR7b9mBGifUHWtg53I1H7qbD6Pye/EH5QciSSPizEHeORYlPy fC3jOMEIUDlXjqI7k/XMGVPJ7SSKFkBNiqHKTKoM12QhiZXLLh4Ig3aQJgqX5IBQ VdML1/W9MdBlZNAHYaUBrkSls99aVbIsHJ5yAE0gsF5Lgi6hK6zDkXiKoVEozN5A N6MtfQHs/JS2nvlmCbtGWrK66EXKxW409f0JS3AJG6tjOquuSZYmR944EPzQD+zA WPivIUH2TVk63kULw/ui =Uw+D -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- Philippe Anctil

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14.07.2015 16:24, Philippe Anctil wrote:
I am unable to compile stunnel 5.20 against openssl 1.0.2d (or even 1.0.2c). There a compilation error at some point.
cron.c:151: warning: conflicting types for 'cron_dh_param'
Did you configure stunnel with "--with-threads=fork"? It is broken in stunnel 5.20. It is also a bad idea in general. Otherwise, please send me your config.log. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVpm3YAAoJEC78f/DUFuAUQUAQALbaxWCvvEK8tCygX8YvVudb hNYYcMdpVPdH3sfZWt6+wd/0ylskCUpY4+kfpdvoq5yeZA0xCAF+84nk3zqfbyAO 1lR9/3bppcLdsnEsTqUApHp1lePECdorW94VRIO7XhTAVjn9pbbEgjdqCqEYPwQ/ XshreQpeNs2w5cMHiMQqmuIquZF0K4OR33GK6XwmwBHYuNUJXRmCyXas76xrJyd5 8q2Q+kIv+tO1sf+FcG/YhPKh1Mq13Q5PFO1DEJBraj7GNCgZkXVNGD+FjlzWRW+K rvV1iZLgXV2jcb/2+UsqGx3lN+RYlOvwni6rKjniX8bJalDlD0I3UFotVIqaQsFe /Bq2YyQYZhddadJ1TsOhWzc/MWiuwFR7IVWBC8RFVbuyWbdcFT/eHqijXixLNwjl KvwIaNe9ba4dUKWDuH0TfmeyoJ3aDd3ROzH6sNmwIJR0bFThY/Fvih0i0sv83vX+ D1hmHt/9+4MT59C9xHkC2HJQpPJ9wnwvFIWoDHwC+PzhC7kh5NQ42ZIURrsZjVcF XRiiPVVjHiWUHfPpsgbpF7Ti4KvkGrGzPcmTZDUEonlnbh87WbkXiAGT2wUWM8G9 bgrX2vJI8SBL+UI3KawlgiaDfIl2gv5Lo9kySZe311P3VYoLM2pA9aTSf1RG8ZqU 9CQd5LBA8bqgjyr5Il3L =+hCd -----END PGP SIGNATURE-----

Yes I compile with fork. We have been using that for a very long time. In the 7-8 years range if not a few years more. In the past we decided to use fork to sidestep leaks. We process astronomical numbers of transactions each year on a 24/7 basis and never had any problems. Can you expand a bit on why it is a bad idea? Thanks. 2015-07-15 10:27 GMT-04:00 Michal Trojnara <Michal.Trojnara@mirt.net>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 14.07.2015 16:24, Philippe Anctil wrote:
I am unable to compile stunnel 5.20 against openssl 1.0.2d (or even 1.0.2c). There a compilation error at some point.
cron.c:151: warning: conflicting types for 'cron_dh_param'
Did you configure stunnel with "--with-threads=fork"? It is broken in stunnel 5.20. It is also a bad idea in general.
Otherwise, please send me your config.log.
Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJVpm3YAAoJEC78f/DUFuAUQUAQALbaxWCvvEK8tCygX8YvVudb hNYYcMdpVPdH3sfZWt6+wd/0ylskCUpY4+kfpdvoq5yeZA0xCAF+84nk3zqfbyAO 1lR9/3bppcLdsnEsTqUApHp1lePECdorW94VRIO7XhTAVjn9pbbEgjdqCqEYPwQ/ XshreQpeNs2w5cMHiMQqmuIquZF0K4OR33GK6XwmwBHYuNUJXRmCyXas76xrJyd5 8q2Q+kIv+tO1sf+FcG/YhPKh1Mq13Q5PFO1DEJBraj7GNCgZkXVNGD+FjlzWRW+K rvV1iZLgXV2jcb/2+UsqGx3lN+RYlOvwni6rKjniX8bJalDlD0I3UFotVIqaQsFe /Bq2YyQYZhddadJ1TsOhWzc/MWiuwFR7IVWBC8RFVbuyWbdcFT/eHqijXixLNwjl KvwIaNe9ba4dUKWDuH0TfmeyoJ3aDd3ROzH6sNmwIJR0bFThY/Fvih0i0sv83vX+ D1hmHt/9+4MT59C9xHkC2HJQpPJ9wnwvFIWoDHwC+PzhC7kh5NQ42ZIURrsZjVcF XRiiPVVjHiWUHfPpsgbpF7Ti4KvkGrGzPcmTZDUEonlnbh87WbkXiAGT2wUWM8G9 bgrX2vJI8SBL+UI3KawlgiaDfIl2gv5Lo9kySZe311P3VYoLM2pA9aTSf1RG8ZqU 9CQd5LBA8bqgjyr5Il3L =+hCd -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- Philippe Anctil

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15.07.2015 16:35, Philippe Anctil wrote:
Yes I compile with fork.
We have been using that for a very long time. In the 7-8 years range if not a few years more. In the past we decided to use fork to sidestep leaks. We process astronomical numbers of transactions each year on a 24/7 basis and never had any problems.
Can you expand a bit on why it is a bad idea?
A few reasons out of the top of my head: 1. Posix/windows threads are required for session cache, which is a major performance improvement. With fork, stunnel needs to negotiate a new TLS session on each TCP connection with the same peer. 2. Posix/windows threads are required for DH parameter regenerations. 3. Fork not the default compilation option and it doesn't get nearly as much testing as posix/windows threads. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVpnJuAAoJEC78f/DUFuAUnc8P/jbBGV2NtgnUceKS3MVI7cNM nJA4JsWHD0NczwYtUKnECF5T8eDC8K2V198v5s5NfybJ1Fmk8CTpNSWmPkz0bDKh V1ocJSMrRtbq8a3VyyYUjlX57vq/CvW/lSXH7bcgcdsWRDmgP07YugylKNUmnOga P7rVLuc7Q2TumhuWgjer4GzYJj8Bauj0yy4Ejng+DOShXOmo7d8I/dIYN0iwJhxx ttbHcd2J+Bp4Ngd8Yr7xpvhqwlDEjyV1DXYANdEpLt0cBKAQlGqKbMwFeIBbNcbC LnwnMYwXhxgnSV9MvM+CFK75dNtr+hSizigio1eMSw2MlBg+r/9fjYVevqlTfXgL yJf+FqfjU6ehrf+E+v+8byiESn0OwY2Ji81WG3IeLsxJxHQLXlL+0ycx6kgPkObH vg+5ZaRBAOTMaYMpcWR/UTQEyQOBukTeSTqUAkmWwMmbxfuiTZ7TSEcpnHoDoWlA lod2MLT6ylWAm9ZyUB1JmPIsYzcgWbwgr6OFzFI3+tJ3hOEwIp9sLzwjL2n624W5 2ttFWMFOILEfL1P2RRT+t0w1v33C3uORBdN/6oz8dWW3bGQQf6zZ3f1XQm0Tsmmb rQnlTBHqbVhhc4E9sH3z5NTTrlbyQQN7C8aNRRj79J0N9OkBREPmULfpQ2U7r585 gVJKVve02JW3Bx1pNjte =HK0h -----END PGP SIGNATURE-----
participants (3)
-
Michal Trojnara
-
Philippe Anctil
-
Saurabh Beriwal