Hi all, on the one hand the "welcome to the stunnel-users mailing list"-mail explicitly states "Never report problems with an old version of stunnel and OpenSSL. Upgrade to the latest versions first". On the other hand common.h contains
#if OPENSSL_VERSION_NUMBER<0x0090700fL
#error OpenSSL 0.9.7 or later is required
#endif /* OpenSSL older than 0.9.7 */
So it looks like OpenSSL versions >= 0.9.7 are still supported, that's
the reason I'm reporting the following bug and ignoring the
welcome-mail.
Since version 5.22 stunnel doesn't compile when OpenSSL 0.9.8 is used
(the only OpenSSL version < 1.0.0 I've tested with, 0.9.7 is probably
also affected):
/home/freetz/freetz-trunk-dev/toolchain/build/mips_gcc-4.8.5_uClibc-0.9.33.2-nptl_kernel-3.10/mips-linux-uclibc/bin/mips-linux-uclibc-gcc
-DHAVE_CONFIG_H -I.
-I/home/freetz/freetz-trunk-dev/toolchain/build/mips_gcc-4.8.5_uClibc-0.9.33.2-nptl_kernel-3.10/mips-linux-uclibc/usr/include
-DLIBDIR='"/usr/lib/stunnel"' -DCONFDIR='"/etc/stunnel"' -march=24kc
-mtune=24kc -msoft-float -Os -pipe -Wa,--trap -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pthread -Wall -Wextra
-Wpedantic -Wformat=2 -Wconversion -Wno-long-long
-Wno-deprecated-declarations -D_FORTIFY_SOURCE=2 -ffunction-sections
-fdata-sections -MT stunnel-verify.o -MD -MP -MF
.deps/stunnel-verify.Tpo -c -o stunnel-verify.o `test -f 'verify.c' ||
echo './'`verify.c
verify.c: In function 'ocsp_get_response':
verify.c:725:5: warning: implicit declaration of function
'OCSP_REQ_CTX_add1_header' [-Wimplicit-function-declaration]
if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) {
^
verify.c:729:5: warning: implicit declaration of function
'OCSP_REQ_CTX_set1_req' [-Wimplicit-function-declaration]
if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
^
...
libtool: link:
/home/freetz/freetz-trunk-dev/toolchain/build/mips_gcc-4.8.5_uClibc-0.9.33.2-nptl_kernel-3.10/mips-linux-uclibc/bin/mips-linux-uclibc-gcc
-march=24kc -mtune=24kc -msoft-float -Os -pipe -Wa,--trap
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-pthread -Wall -Wextra -Wpedantic -Wformat=2 -Wconversion
-Wno-long-long -Wno-deprecated-declarations -D_FORTIFY_SOURCE=2
-ffunction-sections -fdata-sections -Wl,-z -Wl,relro -Wl,-z -Wl,now
-Wl,-z -Wl,noexecstack -Wl,--gc-sections -o stunnel stunnel-tls.o
stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o
stunnel-options.o stunnel-protocol.o stunnel-network.o
stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o
stunnel-sthreads.o stunnel-fd.o stunnel-dhparam.o stunnel-cron.o
stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o
-L/home/freetz/freetz-trunk-dev/toolchain/build/mips_gcc-4.8.5_uClibc-0.9.33.2-nptl_kernel-3.10/mips-linux-uclibc/usr/lib
-lssl -lcrypto -lz -ldl -lutil -pthread
libtool: link: ( cd ".libs" && rm -f "libstunnel.la" && ln -s
"../libstunnel.la" "libstunnel.la" )
stunnel-verify.o: In function `ocsp_request':
verify.c:(.text.ocsp_request+0x200): undefined reference to
`OCSP_REQ_CTX_add1_header'
verify.c:(.text.ocsp_request+0x21c): undefined reference to
`OCSP_REQ_CTX_set1_req'
collect2: error: ld returned 1 exit status
Both OCSP_REQ_CTX_add1_header and OCSP_REQ_CTX_set1_req are available
since OpenSSL 1.0.0. I've fixed the _compile_ issue for me by
partially reverting the changes from 5.22 (s. attached patch). I'm
however not sure if by doing so I'm introducing anew one of the bugs
mentioned in the 5.22-changelog as "Fixed a number of OCSP bugs".
@MichaĆ: could you please take a look into the issue and fix it in a
proper way in case my fix is wrong? Thanks a lot!
Best regards,
Gene
verify.c-openssl-less-1.0.x-compat.patch
Description: Binary data
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
