stunnel 5.56 released
Dear Users, I have released version 5.56 of stunnel. ### Version 5.56, 2019.11.22, urgency: HIGH * New features - Various text files converted to Markdown format. * Bugfixes - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22 stunnel-5.56.tar.gz e9d7dea3976219f0fc89cfb4f645f47b1291ebec8ce55cff46dbbfbb2e9b4084 stunnel-5.56-win64-installer.exe d8a5e359c7102b3c9619fca6b4ffbb39c16a9779dcecb426f204a7857cb33f67 stunnel-5.56-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature
1.1.1d build failure with no-shared
Just FYI: trying to build openssl 1.1.1d with no-shared fails (on
OpenBSD 6.5) see below. I'm not sure why test/cipher_overhead_test
is needed for the build.
rm -f test/cipher_overhead_test
${LDCMD:-cc} -Wa,--noexecstack -Qunused-arguments -Wall -O3 -L.-o
test/cipher_overhead_test test/cipher_overhead_test.o -lssl test/libtestutil.a
-lcrypto
ld: error: undefined symbol: ssl3_num_ciphers
>>> referenced by cipher_overhead_test.c
>>> test/cipher_overhead_test.o:(cipher_overhead)
ld: error: undefined symbol: ssl3_get_cipher
>>> referenced by cipher_overhead_test.c
>>> test/cipher_overhead_test.o:(cipher_overhead)
ld: error: undefined symbol: ssl_cipher_get_overhead
>>> referenced by cipher_overhead_test.c
>>> test/cipher_overhead_test.o:(cipher_overhead)
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error 1 in . (Makefile:8181 'test/cipher_overhead_test')
*** Error 1 in [[path removed]]/openssl-1.1.1d (Makefile:174 'all')
Engine with custom evp method callbacks
Hi everbody,
I`m looking for a working example on how to implements a custom engine based on
EVP methods callbacks. First I was implementing my custom engine based on RSA
callbacks, but we found out that we cannot use this mechanism,
therefore I need to change to EVP, details are written here
https://github.com/openssl/openssl/issues/7968.
RSA_METHOD* rsa_method = RSA_meth_new("OpenSSL Custom RSA
method", 0);
const RSA_METHOD* ossl_rsa_meth = RSA_PKCS1_OpenSSL();
rc = RSA_meth_set_priv_enc(rsa_method, gk_openssl_rsa_priv_enc);
rc = ENGINE_set_RSA(e, rsa_method);
if (rc != TRUE) {
return 0;
}
if (flags & ENGINE_METHOD_RSA) {
rc = ENGINE_register_RSA(e);
if (rc != TRUE) {
return 0;
}
}
Now I try with EVP the following source code but it's not working:
EVP_PKEY_METHOD* engine_pkey_methods = EVP_PKEY_meth_new(EVP_PKEY_RSA_PSS, 0);
const EVP_PKEY_METHOD* ossl_pkey_methods = EVP_PKEY_meth_find(EVP_PKEY_RSA_PSS);
EVP_PKEY_meth_copy(engine_pkey_methods, ossl_pkey_methods);
// This shall be an equivalent to = RSA_PKCS1_OpenSSL();
const EVP_PKEY_METHOD* ossl_pkey_methods = EVP_PKEY_meth_find(EVP_PKEY_RSA_PSS);
But how to set the evp method the engine like RSA(e, rsa_method);?
This expects another callback, but I just want to set the method?!
int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
regards
Tobi
