Hi Peter, Yes, the src/dhparam.c file generated with OpenSSL older than 1.1.0 is incompatible with OpenSSL 1.1.0. I forgot to use OpenSSL 1.1.0 to create the file with the new release. Please just delete the file and let OpenSSL 1.1.0 create a new one for you.
Best regards,
Mike
On 27.11.2016 02:29, Peter Pentchev wrote:
> On Sat, Nov 26, 2016 at 11:26:04PM +0100, Michał Trojnara wrote:
>> Dear Users,
>>
>> I have released version 5.38 of stunnel.
>
> Hi,
>
> Thanks for your continuing work on stunnel!
>
> Unfortunately, 5.38 doesn't compile with OpenSSL 1.1, at least with
> the 1.1.0c version in Debian unstable. It seems that the DH_set0_pqg()
> workaround was added with good reason - OpenSSL 1.1 wants us to treat
> a DH pointer as a pointer to an opaque structure, it hides the members.
>
> I'll apply the attached patch to the Debian package so that it'll
> build - it basically restores get_dh2048() to its 5.37 version.
> BTW, if you really want to remove the use of DH_set0_pqg(), it'd
> be a bit better to also remove the pre-1.1 implementation from
> src/ssl.c and the prototype in common.h.
>
> Thanks again for your time and work!
>
> G'luck,
> Peter
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
