stunnel 5.56 released
Dear Users, I have released version 5.56 of stunnel. ### Version 5.56, 2019.11.22, urgency: HIGH * New features - Various text files converted to Markdown format. * Bugfixes - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22 stunnel-5.56.tar.gz e9d7dea3976219f0fc89cfb4f645f47b1291ebec8ce55cff46dbbfbb2e9b4084 stunnel-5.56-win64-installer.exe d8a5e359c7102b3c9619fca6b4ffbb39c16a9779dcecb426f204a7857cb33f67 stunnel-5.56-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature
1.1.1d build failure with no-shared
Just FYI: trying to build openssl 1.1.1d with no-shared fails (on OpenBSD 6.5) see below. I'm not sure why test/cipher_overhead_test is needed for the build. rm -f test/cipher_overhead_test ${LDCMD:-cc} -Wa,--noexecstack -Qunused-arguments -Wall -O3 -L.-o test/cipher_overhead_test test/cipher_overhead_test.o -lssl test/libtestutil.a -lcrypto ld: error: undefined symbol: ssl3_num_ciphers >>> referenced by cipher_overhead_test.c >>> test/cipher_overhead_test.o:(cipher_overhead) ld: error: undefined symbol: ssl3_get_cipher >>> referenced by cipher_overhead_test.c >>> test/cipher_overhead_test.o:(cipher_overhead) ld: error: undefined symbol: ssl_cipher_get_overhead >>> referenced by cipher_overhead_test.c >>> test/cipher_overhead_test.o:(cipher_overhead) cc: error: linker command failed with exit code 1 (use -v to see invocation) *** Error 1 in . (Makefile:8181 'test/cipher_overhead_test') *** Error 1 in [[path removed]]/openssl-1.1.1d (Makefile:174 'all')
Engine with custom evp method callbacks
Hi everbody, I`m looking for a working example on how to implements a custom engine based on EVP methods callbacks. First I was implementing my custom engine based on RSA callbacks, but we found out that we cannot use this mechanism, therefore I need to change to EVP, details are written here https://github.com/openssl/openssl/issues/7968. RSA_METHOD* rsa_method = RSA_meth_new("OpenSSL Custom RSA method", 0); const RSA_METHOD* ossl_rsa_meth = RSA_PKCS1_OpenSSL(); rc = RSA_meth_set_priv_enc(rsa_method, gk_openssl_rsa_priv_enc); rc = ENGINE_set_RSA(e, rsa_method); if (rc != TRUE) { return 0; } if (flags & ENGINE_METHOD_RSA) { rc = ENGINE_register_RSA(e); if (rc != TRUE) { return 0; } } Now I try with EVP the following source code but it's not working: EVP_PKEY_METHOD* engine_pkey_methods = EVP_PKEY_meth_new(EVP_PKEY_RSA_PSS, 0); const EVP_PKEY_METHOD* ossl_pkey_methods = EVP_PKEY_meth_find(EVP_PKEY_RSA_PSS); EVP_PKEY_meth_copy(engine_pkey_methods, ossl_pkey_methods); // This shall be an equivalent to = RSA_PKCS1_OpenSSL(); const EVP_PKEY_METHOD* ossl_pkey_methods = EVP_PKEY_meth_find(EVP_PKEY_RSA_PSS); But how to set the evp method the engine like RSA(e, rsa_method);? This expects another callback, but I just want to set the method?! int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); regards Tobi