[stunnel-users] Stunnel and DLL Hell
Carter Browne
cbrowne at cbcs-usa.com
Thu Sep 30 15:33:18 CEST 2010
I just had an upgrade issue going from stunnel 4.32 (using the openssl 0.9.8x
libraries) and stunnel 4.34 (using the openssl 1.0.0x libraries). I'm using the
CAPATH option and verify = 2 to verify connections. The openssl group changed
the hash algorithm between 0.9.8 and 1.0.0 so that the certificates have to have
a different name (this is a Windows installation, so no linked names). When I
initially converted I has two copies of the names, one using the old hash and
one using the new hash and everything worked perfectly. However, after cleaned
up the directories and removed the old hash names, things began to fail.
Eventually I could not make any connections to the system running stunnel 4.34.
Eventually, it occurred to me to check for multiple versions of the SSLEAY32.DLL
and the system and there were a number of copies. For whatever reason, the
0.9.8x version got loaded first and so the 1.0.0x hash names were not recognized.
This explanation is a long winded request for having the option of having a
statically linked version of stunnel for Windows. I have about 10 systems
running stunnel 4.34 and all but this one worked properly. However, having the
vagaries of which version of SSLEAY32 gets loaded by Windows first determining
the correct operation of the system is an uncertainty that it would be very good
to live without.
Thanks for the consideration.
Carter
Carter Browne
CBCS
cbrowne at cbcs-usa.com
781-721-2890
More information about the stunnel-users
mailing list