On Wed, 27 Oct 2010, Jon Daley wrote:
On Wed, 27 Oct 2010, Michal Trojnara wrote:
Jon Daley wrote:
- Cross-compile OpenSSL:
./Configure --cross-compile-prefix=i586-mingw32msvc- mingw shared zlib-dynamic make
And you end up with 3 dlls in the openssl directory?
Not really. Just 2 of them. Zlib is produced in step 2.
Hrm. I wasn't talking about the zlib1.dll. I meant: ssleay32.dll, libssl32.dll and libeay32.dll. Maybe I got mixed up the names, and am using one that I don't need. I thought I put them in one at a time, and waited for Windows to ask me for them, but I'll check again.
Ah, yes. I am dumb. I can compile and run it without problems with just the two *eay32 dlls.
And we've finally figured out the other bug, where it works on my computer, and not on someone else's. It has to do with ipv6 support, and it didn't go away even after I ./config --disable-ipv6, which that flag is (mostly?) ignored in the windows builds, due to the dynamic LoadLibrary calls. On one computer, stunnel connects on the ipv6 port, but then when running "telnet localhost 7000", it connects via the ipv4 port, and so fails. If we force stunnel to use ipv4 by using 127.0.0.1 instead of localhost, everything works fine. My guess is that his computer is partially/incorrectly configured for ipv6, and so that is the reason for the failure. I'm planning on removing the LoadLibrary calls to force ipv6 to be off, though it'd be nice to not do that, since someday, there will be an ipv6-only network that we'll have to deal with presumably.
Jon Daley wrote:
I'm planning on removing the LoadLibrary calls to force ipv6 to be off, though it'd be nice to not do that, since someday, there will
be an ipv6-only network that we'll have to deal with presumably.
Wouldn't it be better to fix your IPv6 configuration or localhost entry in your system32\drivers\etc\hosts?
Mike
On Thu, 28 Oct 2010, Michal Trojnara wrote:
I'm planning on removing the LoadLibrary calls to force ipv6 to be off, though it'd be nice to not do that, since someday, there will be an ipv6-only network that we'll have to deal with presumably.
Wouldn't it be better to fix your IPv6 configuration or localhost entry in your system32\drivers\etc\hosts?
In Windows 7, Microsoft has commented out the localhost entries in the hosts file for "security" reasons due to hackers editing the hosts file and wrecking stuff. They rely on an internal dns mechanism to provide the proper ip address for localhost. However, today, we uncommented the entries and you can still redirect localhost to any ip you want, so I fail to see how commenting them provided any security.
I was in front of the computer that wasn't working, and it turns out he was using the cygwin telnet, which (at least the version he installed) doesn't support ipv6, and so that explains the problem (windows programs use ipv6 by default, his cygwin telnet was using ipv4).
It turns out that our 3rd party smtp/pop3 library that we are using doesn't support ipv6 anyway, and so me disabling stunnel's ipv6 support isn't limiting anything.
Thanks for your help.
-
Jon Daley -
Michal Trojnara