[stunnel-users] stunnel 5.38 released

• Previous message (by thread): [stunnel-users] stunnel 5.38 released
• Next message (by thread): [stunnel-users] stunnel 5.38 released
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Nov 26, 2016 at 11:26:04PM +0100, Michał Trojnara wrote:
> Dear Users,
> 
> I have released version 5.38 of stunnel.

Hi,

Thanks for your continuing work on stunnel!

Unfortunately, 5.38 doesn't compile with OpenSSL 1.1, at least with
the 1.1.0c version in Debian unstable.  It seems that the DH_set0_pqg()
workaround was added with good reason - OpenSSL 1.1 wants us to treat
a DH pointer as a pointer to an opaque structure, it hides the members.

I'll apply the attached patch to the Debian package so that it'll
build - it basically restores get_dh2048() to its 5.37 version.
BTW, if you really want to remove the use of DH_set0_pqg(), it'd
be a bit better to also remove the pre-1.1 implementation from
src/ssl.c and the prototype in common.h.

Thanks again for your time and work!

G'luck,
Peter

-- 
Peter Pentchev  roam at ringlet.net roam at FreeBSD.org pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
Description: Restore the invocation of DH_set0_pqg().
 It is needed for OpenSSL 1.1.
 .
 This patch actually restores the upstream code introduced in
 stunnel-5.32 and removed in stunnel-5.39.
Forwarded: not-yet
Author: Michal Trojnara <Michal.Trojnara at stunnel.org>
Last-Update: 2016-11-27

--- a/src/dhparam.c
+++ b/src/dhparam.c
@@ -34,12 +34,18 @@
 		0x02,
 		};
 	DH *dh;
+	BIGNUM *dhp_bn, *dhg_bn;
 
 	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		{ DH_free(dh); return(NULL); }
+	dhp_bn=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	dhg_bn=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+	if ((dhp_bn == NULL) || (dhg_bn == NULL)
+	    || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+		DH_free(dh);
+		BN_free(dhp_bn);
+		BN_free(dhg_bn);
+		return(NULL);
+	}
 	return(dh);
 	}
 #endif /* OPENSSL_NO_DH */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20161127/9653ad4b/attachment.sig>

• Previous message (by thread): [stunnel-users] stunnel 5.38 released
• Next message (by thread): [stunnel-users] stunnel 5.38 released
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]