[stunnel-users] public domain [PATCH] to stunnel 4.34 for Windows CE / Windows Mobile, "no service" CRITICAL bug and unicode bugs fixed
Pierre DELAAGE
delaage.pierre at free.fr
Wed Nov 17 21:31:24 CET 2010
Dear Michal, Dear all,
I have continued to work on my WCE version of stunnel 4.34, after having
received some request for help to compile for other TARGET CPU than ARM,
typically WCE/X86.
That led me to a few more compilation bug fixes and some improvments in
makefiles, proper usage of winsock2 library, automatisation and
management of "make/build" process
for multiple targets WCE (ARM|X86...) and Win32 (with MS VC and
Gnu-mingw32 !).
I added also, as a practical feature, the inclusion of
"version/copyright" properties in the exe files, properties that are
displayable in the Windows Explorer or by right-clicking on the exefile.
This is not only a "beautifying" feature: this allows automatic version
checking by external tools without having to run the stunnel program,
particularly useful when the targetcpu does not match the host cpu...
I also worked to have "as close as possible" evc.mak, vc.mak, and
mingw.mak files.
A lot of work and test-fail-adapt cycles have been performed to have a
common code working with the various flavors of C-PREPROCESSORS !
because there are subtle differences between MS EVC, MS VC, Borland BCC
and GNU-GCC preprocessors.
THE ATTACHMENT has been sent in zip format, because it contains a few
scripts and other files that exceed the 100KB limit of the mailing list.
it contains the files :
version.h : contains the #define version numbers, major and minor
version.rc : version displayable by Windows Explorer property sheet
makew32.bat : an helper for build wih MS VC
Michal:
patched2X86.txt : a FULL diff -cr between your last 4.34 official
version and my last patched
patched2X86_incr.txt : an INCREMENTAL diff -cr between my previous
patched version sent on 27/09/2010 and the present one.
For the impatient, my patched version of stunnel 4.34 is available here :
http://delaage.pierre.free.fr/contrib/stunnel/wce/stunnel434_WCEpatched2X86.zip
IT COVERS both WCE and Win32 versions of stunnel.
NEW FILES have been added to the sources: see attachments:
- version.h is NOW the CENTRAL point to define major and minor versions
of stunnel (NO MORE definition is makefile, which is logical : you
modify the version of the product, without necessarily modifying the
production process).
- version.rc is the resource file required by windows as the repository
of the stunnel.exe properties displayed in Windows Explorer.
Compiled with evc for wce or with VC for win32, this works perfectly.
But compiled and linked with gcc, those properties are unfortunately not
displayed by Windows Explorer, although embedded in the exe file. I have
established that it is a bug in "gnu-link" stage.
- makew32 : the equivalent of makece for Win32, which avoid repetitive
and error prone pollution of env vars when repetitively compiling for
w32. It is very useful in frequent recompilation at dev/test time.
*** SOME PRACTICAL INFO :
- now to compile, or clean up things, for a particular WCE TARGET CPU :
just type things like :
makece ARMV4, eg for ARMV4 CPU
makece ARMV4 clean
makece X86, eg for ARMV4 CPU
makece X86clean
===> this create ../bin/ARMV4/stunnel.exe and ../obj/ARMV4/all objs
files, or the like with X86 cpu and so on.
See list of all supported target cpu in evc.mak. ARMV4 and X86 go well;
more cpu may be checked by experts vs compilation flags...
This is very practical to compile for various targets without modifying,
deleting, renaming, anything and with no side effects between targets.
- For Win32, yes for Windows PC, just type :
makew32
makew32 clean
===> this create ../bin/W32/stunnel.exe and ../obj/W32/all objs files.
This tool uses MS-VC 2008 express as compiler/linker.
- For Win32, but with MINGW32 tools (and GNU-WIN32 coreutils !!!), just
type :
mingw32-make -f mingw.mak
mingw32-make -f mingw.mak clean
===> this create ../bin/MGW32/stunnel.exe and ../obj/MGW32/objs files.
GOODIE: I have tricked the mingw.mak to work EITHER on a Windows
compilation HOST MACHINE, OR a LINUX/UN*X compilation HOST.
On windows mingw.mak properly checks and warns about potential missing
of gnu-win32 tools.
Note: the make.bat file is just a shortcut for mingw32-make -f mingw.mak.
*** MODIFICATIONS of FILES :
So, since my previous version of the patch, here are my adds :
1/ evc.mak :
1.1/linking with a recompiled version of Essemer/wcecompat:
this library has been customized to compile in SEPARATE folders for
MULTIPLE targets.
So path to proper libs have been changed.
My customized version of wcecompat is available here :
http://delaage.pierre.free.fr/contrib/wcecompat/wcecompat12_patched2X86.zip
IT HAS ALSO been adapted to have separate folders for distinct targets
pre-compiled versions.
Please note that this philosophy is shared with openssl.
1.2/ linking with winsock2 library instead of winsock1: at first to be
consistent with the C code, and second because winsock2 is more close to
socket standard than ws1.
1.3/ linking with COREDLL.lib and CORELIBC.lib ONLY: whatever /MC or /MT
or other flag you put for CLxxx command, the set of default libs
expected to be linked is WRONG.
This is a bug of CLxxx tools, inconsitent with MS doc.
SO we have to overwrite the default lib list by always the same ones.
You can verify that this is the right way to do it by searching for a
libc.lib in various evc/libs : you will NOT find any although clxxx /?
talks about it.
1.3/ change in VERSION management : now there is a version.h and
version.rc souce file for this.
One that wants to change version has just to edit version.h and then
version info will be propagated as usual in resource.h, AND also
in the exe itself to be displayable in Windows Explorer.
Now people will have a simple mean to check the version of stunnel.
Michal: have you noticed that there was a vestige "version.h" file
mentioned in vc.mak !
now it makes sense in evc.mak, vc.mak and mingw.mak, for wce or win32
targets.
1.4/ link /machine : IX86 is improper with WCE, it is X86.
1.5/ Multiple WCE CPU targets supported by giving targetcpu on the make
command line like this :
makece ARMV4 all
targetcpu is now mandatory.
makece without options, as usual, will show the new syntax (very simple).
1.6/ improved clean target with some rmdirs and proper redirection of
error messages.
proper use of make flags - at .
1.7/ added explicit "inference rules" that are compatible MS nmake/
Borland make,
to be sure of the proper options, and to manage multiple subdirs
management matching TARGETCPU.
Now stunnel.exe is build in stunnel/bin/TARGETCPU subdir
objs are build in stunnel/obj/TARGETCPU
I really think it is practical and good policy : on my host machine I
have been able to test efficiently at the same time
three flavors of stunnel : win32, wce/arm, wce/x86 without
erasing/renaming/recompiling each time and wondering for what platform
was my stunnel.Exe built for.
1.8/ HOST flag put in $(DEFINES) for CC and RC to add more info to exe
info property shhet in Windows Explorer "this stunnel is for THIS type
of target"
2/ makece.bat:
protection against pollution of environment when makece is repeatedly
run with the same targetcpu.
+ Env is updated only when one is switching targetcpu.
This is not perfect, but a step in the good direction.
To understand what I mean, perform "set" to see all the env vars after
each makece call...
PRACTICALLY : you can type makece ARMV4 and then makece X86 in the same
command line window, without polluting "too much" the environment,
only when changing target. No need, reasonably, to have multiple command
line windows opened.
3/ vc.mak: for win32
"multiple target" support by putting w32 obj and exe files in obj/w32
and bin/w32 subdirs, version.rc support, winsock2 lib integration.
crypt32 was missing .lib SUFFIX !
improper use of winsock1 : it is better to take winsock2 lib, and it is
what the code requires (#includes...) !
version management through version.h /.rc instead of /DVERSION
general logic now close to that of WCE evc.mak, as can be (evc and vc
are very close in their syntax, flags...).
HOST flag to add more info to exe info property sheet in Windows
Explorer "this stunnel is for THIS type of target"
4/ created a makew32.bat script
as a wrapper to setenv vars for MSVC 2008 Express, and nmake call.
This has to be improved in the future: presently it cannot be called
after a previous compilation for WCE :
pollution of PATH and INCLUDE env vars requires to reopen a shell via
cmd.exe.
One day I will check if there a simple way to clean env vars from some
path (not so simple).
5/ adapted mingw.mak to link with WINSOCK 2 (!!) and use of
version.rc/.h + general processing made similar to that of vc.mak.
I tested with mingw for windows and it works. Someone should test with
gcc under linux, this should work...
HOST flag to add more info to exe info property sheet in Windows
Explorer "this stunnel is for THIS type of target"
Some rewriting to have a mingw.mak close to vc.mak, to ease maintenance...
I checked gnu make syntax, and it is close to ms nmake and borland make,
except for ifdef directives and inference rules syntax, unfortunately.
I am somehow skilled in this boring exercise of comparing various make
tools and syntax.
MINGW.MAK bugs: incorrect reference to "Makefile.w32", incorrect INC
path for openssl/win32 (this is NOT "outinc" but "inc32"! since a long
time).
NOTE : to compile on windows I commented "-l zdll" lib in the mingw.mak.
Michal, may you restore it if it is useful (I do not see why anyway).
Added a testenv pseudo-target to check for gnu-win32 proper installation.
Added some tricks to enable proper execution with the same makefile
either on a Windows HOST or a Linux HOST.
When I say host, I mean "production machine" , and NOT TARGET machine
which is always win32 with mingw.mak.
6/ make.bat: this script is ONLY meaningful with mingw.mak and MINGW32
gnu environment.
Due to various improvments I MADE in mingw.mak, mingw.mak is now only
compatible with mingw32-make,
and not just "make.exe", which is Borland make on Windows...
TODO : I did not deal with stunnel making for linux, and/or rpm packaging.
But I guess that makefile.in etc...should be updated...
Anyway, on linux, NOT including version.rc is not a problem, as this
file is useless in that target environment.
But I think that having ../obj/UNX and ../bin/UNX folders should be a
good practice...
7/ common.h :
Eureka ! I finally understood and cleaned up the mess around the
redefinition of various Socket Error codes.
This comes from the fact that, previously, those codes were defined in
MS winsock1 header files, but disappeared in winsock2 header files (they
are commented)
Apparently, stunnel code was including winsock1 for w32 but winsock2 for
WCE, although winsock2 is in fact available on both platforms.
So I decided to move to winsock2 for WCE, and re-declaring (again) SOME
of those constants.
Some clean up of the makefile has been done also to REALLY link to ws2
lib instead of ws1 (because there was also a confusion there!).
8/ ctx.c : htons is requesting "short". so a cast was required to avoid
warnings from the compiler.
9/ resolver.c : here we are:
many routines have been reimplemented when they are in fact available in
winsock2 both for w32 AND WCE.
Michal: I expect that you review this with particular attention.
In fact I have modified the logic of "masking" local_routines when
already defined in winsock2.
the previous code was HIDING winsock2 instead of the local_routines.
It seemed not logical.
It is important to note that the three routines "getaddrinfo,
freeaddrinfo, getnameinfo" are FOR INSTANT used only in resolver.c,
BUT the previous code was preventing them from being used by other modules.
Now, with my code, it is possible.
My code also avoid compilation warnings (because, as getaddrinfo REALLY
exist in win32, such a "#define getaddrinfo localgetaddrinfo"
inevitably raises a warning of the compiler for redef of an existing
symbol; and hence it reveals a problem of conflict..., while my solution
avoids all this pitfalls).
Removed also the restriction "AND IPV6" on win32 conditional #IF:
winsock2 supports ipv6.
Michal: a review on these conditional #IF should be useful...
I wanted to add that those routines are also parts of the POSIX standard
API, so they are available almost everywhere...
so I hardly understand their purpose today.
10/ version.h :
I have used some preprocessor tricks to have a VERSION string correctly
defined BOTH with MS evc preprocessor, MS vc preprocessor:
AND GNU preprocessor.
those preprocessors have some differences...particularly when called
from a rc compiler through a "pipe" like gnu windres.
In ms VC and EVC the rc preprocessing is NOT the same as that of the
compiler...
Now it works with every build system, and either in .c compilation or
.rc compilation.
USEFUL : openssl team is desperately ignoring any WCE patch, so if you
want an openssl 100a source tree compatible with WCE,
just download mine there :
http://delaage.pierre.free.fr/contrib/openssl/wce/openssl100a_WCEpatched3.zip
FYI, my patch to openssl is registered here :
http://rt.openssl.org/index.html?q=2350 (login guest/password guest).
TODO : gui.c contains code to dynamically load ws2 getaddrinfo
why not rely only on static linking for that, as ws2 is available
everywhere since w95 and wce4.1 ?
we have to harmonize the code there with resolver.c and various makefiles
In resolver.c: code remains to load dynamically ws2 getaddrinfo etc..at
run-time only on win32, and not in CE while it is ALSO available!
I suggest to have "static" linking to ws2.lib both in w32 and wce . but
more code has to be modified to be definitely clean and clear.
When I say "static linking" I mean "Load-Time Dynamic Linking", ie link
with ws2.lib stub at build time, not "link with static lib"...
I thank you for your good work and attention,
Yours sincerely,
Pierre Delaage
Le 27/09/2010 00:40, Pierre DELAAGE a écrit :
> Dear All,
> Please find enclosed a patch in "diff -cr orig patched" format,
> applying to stunnel4.34 as found here ftp://stunnel.mirt.net/stunnel/.
> This patch mainly addresses compilation and unicode issues for Windows
> CE targets + ONE critical issue preventing stunnel to service anything
> (!).
>
> I use MS EVC 4sp2 compiler with WCE 420 SDK, on a vista host platform.
> Once debugged the code works fine on WM6 HTC smartphones.
> Should work on WM5.
> It needs a windows CE openssl lib (I recompiled MY patched version of
> openssl 1.0.0a successfully: I will have to log a patch to those
> gentlemen, hoping that they are open to integrate it, something not so
> obvious in the past).
>
> I will later post here a link to my patch for openssl 100a pointing to
> the openssl mailing list. THIS OPENSSL PATCH IS ESSENTIAL : with my
> older version of openssl 098pre_j for wce, stunnel does not work
> anymore (it crashes after first cnx).
>
>
> The present stunnel patch addresses the following issues :
>
> *************
> I] COMPILATION FAILURES
>
> 1/ on common.h "EINVAL redefinition" :
> in fact the compile options WX (see evc.mak) does not tolerate any
> warning :
> The MS evc420 compiler ALWAYS issues a warning on this symbol
> redefinition.
> Michal and I are dealing with it since month...
> But, considering that NEITHER Exxx error codes are used in stunnel,
> I suggest that in fact ALL these redef should be suppressed.
>
> TODO: In the future a proper rewrite of code in log.c, where hardcoded
> values of WSA error codes are used instead of symbolic constant, will
> have to be done.
>
>
> 2/ client.c
> CreateProcess is a UNICODE function: code was ascii only.
> Code has been adapted to work in unicode.
>
> 3/ evc.mak
> path to new openssl lib has been redefined.
> proper location for the libs in openssl tree has been set in the
> make-install block (although this block is presently USELESS and needs
> a complete rewrite).
>
> 4/ gui.c
> All code using hmainmenu is OFF under winCE.
> So some new lines involving it were not compiling.
>
> 5/ options.c
>
> linger_val.l_linger and linger_val.l_onoff require ushort values.
> Strict type checking of the compiler required a proper cast to ushort
> of the r-values.
>
>
> stralloc uses "strdup":
> on Win32 and winCE strdup is _strdup (!).
>
> 6/ prototypes.h :
> _beginthread was defined as returning an int, an a long in sthread.c.
> After some checking in various documentations, long is the correct type,
> in particular because _beginthread can return the special error value
> "-1L". So that unsigned types are illogical.
> This simplifies the code in some locations, by saving some -now
> useless- casts.
>
> 7/ sthread.c
>
> create_client: suppressed some useless cast to (long) for beginthread.
>
> *************
> II] OPERATIONAL ERRORS (at run-time)
> This is a reminder of previous notification to the mailing list :
> due to beginthread improper code and/or use,
> It is presently IMPOSSIBLE for stunnel 434 to be used in production on
> WCE:
> it is just unable to service any...service.
> Nothing happens if, for example, you use it to connect to an https
> server. No log either !
>
> I corrected the code with both Michal patch to gui.c and mine to
> sthread.c:
>
> gui.c (Michal patch) :
> _beginthread was called with 0 as stacksize which, cumulated to an
> improper coding of sthread/beginthread, led to FAILURE of service
> thread creation.
>
> sthread.c:
> _beginthread : now supports "0" stacksize value, leading to default
> linker stack size (1MB by default unless specified differently on the
> linker command line, something we do not yet perform but could).
>
> *************
> III] MINOR IMPROVMENT
> _beginthread: added a log on critical event of "failure" to create a
> service thread. because I think it is a critical event, isn't it?
>
>
> I hope you will find this patch useful.
> Thank you for your excellent work,
> Yours sincerely,
>
> Pierre Delaage
>
> Note : I use stunnel to establish a simple "vpn" between smartphones and
> a corporate linux server mainly for HTTPS/POPS/SMTPS support.
> Stunnel is very relevant in that matter, over solutions based on SSH
> (although we use also ssh), from a communication cost point of view :
> ssh establishes permanent socket between client and server, so that the
> communication is charged by the mobile network provider : and these
> charges are very expensive.
> On the contrary stunnel only establishes ssl sockets on demand so that
> financial charges are limited to strict necessary.
> Please note that stunnel brings "client based certificate
> authentication" to POP/SMTP mobile mail user agents which only
> BASICALLY supports SSL with server authentication, but NO client
> authentication, such as M$ Outlook for Mobile (unless you pay for an
> exchange server and exchange client licence).
> Here again stunnel is very relevant.
>
> Note 2 : the strdup and unicode bug fixes should benefit also to the
> win32 (for PC) stunnel version for PC.
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stunnel434patch20101117.zip
Type: application/x-zip-compressed
Size: 28251 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20101117/06e2384a/attachment.bin>
More information about the stunnel-users
mailing list