[stunnel-users] public domain [PATCH] to stunnel 4.27b1 for Windows CE / Windows Mobile compilation and unicode bug fixes

Pierre DELAAGE delaage.pierre at free.fr
Sat Jan 10 20:36:40 CET 2009


Dear Sir,
Please find enclosed a patch in "diff -cr orig work" format, applying to
stunnel4.27b1 as found here ftp://stunnel.mirt.net/stunnel/.
This patch maily addresses compilation and unicode issues for Windows CE
targets.
I use MS EVC 4sp2 compiler with WCE 420 SDK, on a vista host platform.
Once debugged the code works fine on WM5 and WM6 HTC smartphones.
It needs a windows CE openssl lib (I logged a patch to openssl snap
20090102 because it has some compilation issues on windows CE platform).

* For the sake of completeness openssl 098i and 098j (latest) must be 
ALSO patched to compile for wince, with this patch I submitted to 
openssl team :
http://marc.info/?l=openssl-dev&m=123099015013538&w=2

The present stunnel patch addresses the following issues :

1/ COMPILATION FAILURE : on common.h "EINVAL redefinition" :
in fact the compile options WX (see evc.mak) does not tolerate any
warning :
to avoid a warning on EINVAL redef, we must protect this undef by ifdef.
Note that there is still a problem : if the symbol is NOT defined at
all, it will NEVER be defined by that revised code : this is because the
compiler always generate an error if it sees something like :
#ifdef EINVAL
#undef EINVAL
#define EINVAL WSAEINVAL
#else
#define EINVAL WSAEINVAL
#endif
because it seems to not like two defines even separated by a else.
Just putting the #define outside of a block dealing with undef, does not
solve the compilation issue.


2/ COMPILATION FAILURE : related to wcecompat/setjmp.h
SOLUTION : in evc.mak, needed /D ARM to compile with wcecompat/setjmp.h.
This symbol is not documented in MSDN but clearly present is header files.
Moreover It is consistent with other processor symbols described in the sdk.

3/ COMPILATION FAILURE : related to gui.c
pb with undeclared hmainmenu identifier, because "endif use_win32"
misplaced.


3/ RC COMPILATION FAILURE : related to resources.rc
CAUSE : "VERSION" unknown
SOLUTION : /dversion in rflags in evc.mak

4/ LINK ERROR  : fatal error LNK1181: cannot open input file 'libeay32.lib'
cause : bad path name in evc.mak for openssl lib.
since openssl >> 098a  (eg 098h) "out32dll" folder is named
"out32dll_targetCPU".


5/ LINK ERROR on gui.obj : error LNK2001: unresolved external symbol
_beginthread
_$(TARGETCPU)
Cause : in sthreads.c, misplaced "#endif os2"
Note : corrected various erroneous comments on #if endif in sthreads.c

************* OPERATIONAL ERRORS (at run-time)

using stunnel to enable certificate based authentication for POPS/SMPTPS
between a smartphone and a linux server,
I faced this problems :

When first trying to authenticate a dlgbox is displayed on the
smartphone to input the password of the private key protecting the
client certificate:

6/ RUN-TIME ERROR : "squares" displayed instead of chars in "password
input dialog box" titlebar
Well, this is only a cosmetic issue, but this is still an issue.

Cause : this is a typical unicode issue in gui.c pass_proc/wm_initdialog :
the sendmessage to display the title uses a concatenation of two strings :
a constant extracted from the resource file, and converted to wchar by
TEXT macro in unicode context,
and a key file name given by ui_data->section->key.
The problem is that the file name is always of type 8bit char,
leading to concatenation "scrambling" when concatenated with a unicode
string.
SOLUTION : it seems not possible to change the type of
ui_data->section->key to tchar/wchar because it is used
in various ansi code. So the simplest way to correct this pb is just to
make a local conversion from ansi to tchar in gui.c/pass_proc/initdialog

7/ RUN-TIME ERROR : It is impossible to validate a password on a private
key protecting a certificate:
The password is ALWAYS rejected (after many tests with 3 retries).
Cause : the password is input as unicode (because the message EM_GETLINE
on the control IDE_PASSEDIT is unicode ready) but stored and managed as
an ansi string
so the password can never be validated.
NOTE : contrary to the documentation of windows CE sdk, the EM_GETLINE
msg IS REALLY unicode ready. Indeed this is also the case in classic
win32 sdk for PC platform (described in the msdn library).
SOLUTION : the input password must be converted to ansi before being
validated vs openssl

2009.01.05 13:00:01 LOG3[4849170:5712826]: Wrong pass phrase: retrying
2009.01.05 13:00:05 LOG3[4849170:5712826]: error stack: 140B3009 :
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
2009.01.05 13:00:05 LOG3[4849170:5712826]: error stack: 906A065 :
error:0906A065:PEM routines:PEM_do_header:bad decrypt
2009.01.05 13:00:05 LOG3[4849170:5712826]:
SSL_CTX_use_RSAPrivateKey_file: 6065064: error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt

2009.01.05 13:00:05 LOG3[4849170:5712826]: Server is down



I hope you will find this patch useful.
Thank you for your excellent work,
Yours sincerely and happy new year,

Pierre Delaage

Note : I use stunnel to establish a simple "vpn" between smartphones and
a corporate linux server mainly for HTTPS/POPS/SMTPS support.
Stunnel is very relevant in that matter, over solutions based on SSH
(although we use also ssh), from a communication cost point of view :
ssh establishes permanent socket between client and server, so that the
communication is charged by the mobile network provider : and these
charges are very expensive.
On the contrary stunnel only establishes ssl sockets on demand so that
financial charges are limited to strict necessary.
Please note that stunnel brings "client based certificate
authentication" to POP/SMTP mobile mail user agents which only supports
SSL with server authentication, but NO client authentication, such as
mobile outlook.Here again stunnel is very relevant.

Note 2 : the unicode bug fixes should benefit also to the win32 stunnel
version for PC.

Note 3 : this mail has also been sent to webmaster at stunnel.org, but with
no response at all.



-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: stunnel427b1_patch_wce_unicode.txt
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090110/ccf7ad04/attachment.txt>


More information about the stunnel-users mailing list