[stunnel-users] Stunnel 5.17 on AIX

Eckert, Doug doug.eckert at dowjones.com
Wed May 13 17:04:38 CEST 2015


Thanks!

I applied the patch to tls.c and I'm able to create sessions with no
problem.

The version of OpenSSL provided by IBM is built off the 1.0.1e codebase,
with backported security fixes via "iFixes" for announced CVEs. They
apparently don't backport new functionality or maybe even non-CVE bugfixes.
I'm guessing an un-patched stunnel 5.17 would work once/if they release
OpenSSL built off 1.0.1j or later.



> On Tue, May 12, 2015 at 3:40 PM, Michal Trojnara <Michal.Trojnara at mirt.net
> > wrote:
>
>> On 12.05.2015 18:29, Eckert, Doug wrote:
>> > With that in mind, I compiled stunnel v5.03 with same OpenSSL 1.0.1.513
>> > and iFix IV71446m9a applied as with the v5.17 attempt. I'm able to
>> > create sessions with no problem. The internal error/bad magic does not
>> > occur.
>>
>> Additional security checks to the OpenSSL memory management functions
>> were introduced in stunnel 5.09.  The enclosed patch disables them in
>> the latest stunnel 5.17.
>>
>> Mike
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>
>
> --
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150513/33a3e312/attachment.html>


More information about the stunnel-users mailing list