A new version of stunnel has been released.
Version 4.16, 2006.08.31, urgency: MEDIUM:
* New features sponsored by Hewlett-Packard
- A new global option to control engine:
engineCtrl = <command>[:<parameter>]
- A new service-level option to select engine to read private key:
engineNum = <engine number>
- OCSP support:
ocsp = <URL>
* New features
- A new option to select version of SSL protocol:
sslVersion = all|SSLv2|SSLv3|TLSv1
- Visual Studio vc.mak by David Gillingham <dgillingham(a)gmail.com>.
- OS2 support by Paul Smedley (http://smedley.info)
* Bugfixes
- An ordinary user can install stunnel again.
- Compilation problem with --enable-dh fixed.
- Some minor compilation warnings fixed.
- Service-level CRL cert store implemented.
- GPF on protocol negotiations fixed.
- Problem detecting addrinfo() on Tru64 fixed.
- Default group is now detected by configure script.
- Check for maximum number of defined services added.
- OpenSSL_add_all_algorithms() added to SSL initialization.
- configure script sections reordered to detect pthread library funcions.
- RFC 2487 autodetection improved (thx to Hans Werner Strube). High
resolution s_poll_wait() not currently supported by UCONTEXT threading.
- More precise description of cert directory file names (thx to Muhammad
Muquit).
* Other changes
- Maximum number of services increased from 64 to 256 when poll() is used.
Homepage: http://stunnel.mirt.net/
Download: ftp://stunnel.mirt.net/stunnel/
sha1 hash for stunnel-4.16.tar.gz file:
6772e0c7f26c2596564ba66978597db8cd229a72
Best regards,
Mike
Version 4.15, 2006.03.11, urgency: LOW:
* Release notes
- There are a lot of new features in this version. I recommend
to test it well before upgrading your mission-critical systems.
* Bugfixes
- Fix for pthreads on Solaris 10 (thx to Hans Werner Strube
<strube(a)physik3.gwdg.de>).
- Attempt to autodetect socklen_t type in configure script.
- Default threading model changed to pthread for better portability.
- DH parameters are not included in the certificate by default.
* New features sponsored by Software House http://www.swhouse.com/
- Most SSL-related options (including client, cert, key) are now
available on service level, so it is possible to have an SSL
client and an SSL server in a single stunnel process.
- Windows CE (version 3.0 and higher) support.
* New features
- Client mode CONNECT protocol support (RFC 2817 section 5.2).
http://www.ietf.org/rfc/rfc2817.txt
- Retrying exec+connect services added.
* File locations are more compliant to Filesystem Hierarchy Standard 2.3
- configuration and certificates are in $prefix/etc/stunnel/
- binaries are in $prefix/sbin/
- default pid file is $prefix/var/run/stunnel.pid
- manual is $prefix/man/man8/stunnel.8
- other docs are in $prefix/share/doc/stunnel/
- libstunnel is in $prefix/lib
- chroot directory is setup in $prefix/var/lib/stunnel/
this directory is chmoded 1770 and group nogroup
sha1sum for stunnel-4.15.tar.gz:
735406c1ca94904581158a434214e1f6568539d0
Home page: http://stunnel.mirt.net/
Download: ftp://stunnel.mirt.net/stunnel/
Best regards,
Mike
Dear Users,
The stable version of my VPN for stunnel/Linux
is ready for download here:
ftp://ftp.mirt.net/tappipe/
AFAIK it's the shortest (only 356 lines in C language)
and probably one of the easiest to setup VPNs ever.
Here is the ChangeLog entry:
* version 1.02 2006.03.03, status: functional, stable
- retransmission rate limiting algoritm improved
- some minor bugfixes
Could someone contribute a manual page? 8-)
Best regards,
Mike
Here is the ChangeLog entry:
* version 1.01 2006.02.04, status: functional, not proven to be stable
- TUN changed to TAP (project renamed from tunpipe to tappipe)
- TCP-over-TCP meltdown problem fixed
http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
- important bugfixes
Download site:
ftp://stunnel.mirt.net/tappipe/
Best regards,
Mike
Dear Users,
For the last two days I was working on a VPN solution for stunnel.
The early alpha version is ready for download here:
ftp://stunnel.mirt.net/tunpipe/
Advantages:
- based on proven strength of SSL encryption (much better than IPSec or any proprietary encryption protocol),
- very clean and lightweight design,
- very easy to configure.
Disadvantages:
- only works on GNU/Linux (can be ported to some other Unixes),
- use of TCP is the main performance limitation.
Aternative solutions:
http://www.math.ucla.edu/~jimc/documents/vpn.html
Suggestions and comments are welcome.
Best regards,
Mike
Hi,
I hope you don't mind this time I'll use stunnel mailing lists for
something personal.
I've just updated my Resume:
http://mike.mirt.net/cv-en.pdf
Do you know of interesting job openings?
Possibly as an architect or in a similar position.
Best regards,
Mike
The ChangeLog entry for stunnel 4.14:
Version 4.14, 2005.11.02, urgency: HIGH:
* Bugfixes
- transfer() fixed to avoid random stalls introduced in version 4.12.
- poll() error handing bug fixed.
- Checking for dynamic loader libraries added again.
- Default pidfile changed from $localstatedir/run/stunnel.pid
to $localstatedir/stunnel/stunnel.pid.
- Basic SSL library initalization moved to the beginning of execution.
* Release notes
- This is an important bugfix release. Upgrade is recommended.
sha1sum for stunnel-4.14.tar.gz:
b2edb3a2473367f2a9f04a877adcb332483a5267
Home page and download: http://stunnel.mirt.net/
Best regards,
Mike
Version 4.13, 2005.10.21, urgency: MEDIUM:
* DLLs for OpenSSL 0.9.7i included because protection faults were
reported
in 0.9.8 and 0.9.8a.
* New features
- Libwrap code is executed as a separate process (no more delays due
to a global and potentially long critical section).
* Bugfixes
- Problem with zombies in UCONTEXT threading fixed.
- Workaround for non-standard makecontext() uc_stack.ss_sp parameter
semantics on SGI IRIX.
- Protection fault in signals handling on IRIX fixed.
- Problem finding pthread library on AIX fixed.
- size_t printf() fixed in stack_info() (the previous fix didn't
work).
- socklen_t is used instead of int where required.
Homepage: http://stunnel.mirt.net/
sha1sum for stunnel-4.13.tar.gz:
4cb8e162e6cd4b4a966d601d1c890df2c2ee198f
Best regards,
Mike
Dear Users,
Some people were asking me for a standalone stunnel.exe file.
It's located in stunnel-4.12/src directory of stunnel-4.12.tar.gz archive.
Winzip can handle .tar.gz format, so you'll be able to unpack it.
http://www.winzip.com/wzdifs.htm
BTW: I recommend to try the installer, anyway. It's designed to make the
upgrade much easier. You can simply enter the path where your current
stunnel.exe and stunnel.conf are located during the install.
stunnel.conf and stunnel.pem files won't be replaced and your Windows will
remember the path so you won't have to enter it on next upgrade.
Also the latest OpenSSL DLLs are installed in stunnel directory each time.
Notes:
1. Uninstall removes stunnel.conf, so don't uninstall if you're only going to
upgrade stunnel.
2. Remember to stop stunnel before you uninstall/upgrade it.
Best regards,
Mike
