stunnel-4.56_OCSPaia_checkHost.patch backports OCSPaia and checkHost options to stunnel 4.56.
This patch also backports the fix for a severe vulnerability fixed in stunnel 5.34:
verify = 4 was erroneously accepting untrusted certificates.

0002-When-executing-a-program-with-exec-properly-redirect.patch enables us to use really complex programs in the "exec=" option, and capture their standard output in the log

0003-Add-subjectdn-option-support-match-subject-DN-agains.patch enables us to filter peer based on a regexp of the subject DN of the X.509 certificate