Re: [stunnel-users] stunnel 5.38 released

Sat, 26 Nov 2016 17:30:08 -0800 

On Sat, Nov 26, 2016 at 11:26:04PM +0100, Michał Trojnara wrote:
> Dear Users,
> 
> I have released version 5.38 of stunnel.

Hi,

Thanks for your continuing work on stunnel!

Unfortunately, 5.38 doesn't compile with OpenSSL 1.1, at least with
the 1.1.0c version in Debian unstable.  It seems that the DH_set0_pqg()
workaround was added with good reason - OpenSSL 1.1 wants us to treat
a DH pointer as a pointer to an opaque structure, it hides the members.

I'll apply the attached patch to the Debian package so that it'll
build - it basically restores get_dh2048() to its 5.37 version.
BTW, if you really want to remove the use of DH_set0_pqg(), it'd
be a bit better to also remove the pre-1.1 implementation from
src/ssl.c and the prototype in common.h.

Thanks again for your time and work!

G'luck,
Peter

-- 
Peter Pentchev  [email protected] [email protected] [email protected]
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

Description: Restore the invocation of DH_set0_pqg().
 It is needed for OpenSSL 1.1.
 .
 This patch actually restores the upstream code introduced in
 stunnel-5.32 and removed in stunnel-5.39.
Forwarded: not-yet
Author: Michal Trojnara <[email protected]>
Last-Update: 2016-11-27

--- a/src/dhparam.c
+++ b/src/dhparam.c
@@ -34,12 +34,18 @@
                0x02,
                };
        DH *dh;
+       BIGNUM *dhp_bn, *dhg_bn;
 
        if ((dh=DH_new()) == NULL) return(NULL);
-       dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-       dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-       if ((dh->p == NULL) || (dh->g == NULL))
-               { DH_free(dh); return(NULL); }
+       dhp_bn=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+       dhg_bn=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+       if ((dhp_bn == NULL) || (dhg_bn == NULL)
+           || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+               DH_free(dh);
+               BN_free(dhp_bn);
+               BN_free(dhg_bn);
+               return(NULL);
+       }
        return(dh);
        }
 #endif /* OPENSSL_NO_DH */

Attachment: signature.asc
Description: PGP signature

_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Reply via email to