[stunnel-users] since version 5.22 stunnel doesn't compile when OpenSSL version < 1.0.0 is used

Eugene Rudoy gene.devel at gmail.com
Wed Aug 5 23:14:05 CEST 2015

Hi all,

on the one hand the "welcome to the stunnel-users mailing list"-mail
explicitly states "Never report problems with an old version of
stunnel and OpenSSL. Upgrade to the latest versions first". On the
other hand common.h contains

#error OpenSSL 0.9.7 or later is required
#endif /* OpenSSL older than 0.9.7 */

So it looks like OpenSSL versions >= 0.9.7 are still supported, that's
the reason I'm reporting the following bug and ignoring the

Since version 5.22 stunnel doesn't compile when OpenSSL 0.9.8 is used
(the only OpenSSL version < 1.0.0 I've tested with, 0.9.7 is probably
also affected):

-DLIBDIR='"/usr/lib/stunnel"' -DCONFDIR='"/etc/stunnel"'   -march=24kc
-mtune=24kc -msoft-float -Os -pipe -Wa,--trap -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pthread -Wall -Wextra
-Wpedantic -Wformat=2 -Wconversion -Wno-long-long
-Wno-deprecated-declarations -D_FORTIFY_SOURCE=2 -ffunction-sections
-fdata-sections -MT stunnel-verify.o -MD -MP -MF
.deps/stunnel-verify.Tpo -c -o stunnel-verify.o `test -f 'verify.c' ||
echo './'`verify.c
verify.c: In function 'ocsp_get_response':
verify.c:725:5: warning: implicit declaration of function
'OCSP_REQ_CTX_add1_header' [-Wimplicit-function-declaration]
     if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) {
verify.c:729:5: warning: implicit declaration of function
'OCSP_REQ_CTX_set1_req' [-Wimplicit-function-declaration]
     if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
libtool: link: /home/freetz/freetz-trunk-dev/toolchain/build/mips_gcc-4.8.5_uClibc-
-march=24kc -mtune=24kc -msoft-float -Os -pipe -Wa,--trap
-pthread -Wall -Wextra -Wpedantic -Wformat=2 -Wconversion
-Wno-long-long -Wno-deprecated-declarations -D_FORTIFY_SOURCE=2
-ffunction-sections -fdata-sections -Wl,-z -Wl,relro -Wl,-z -Wl,now
-Wl,-z -Wl,noexecstack -Wl,--gc-sections -o stunnel stunnel-tls.o
stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o
stunnel-options.o stunnel-protocol.o stunnel-network.o
stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o
stunnel-sthreads.o stunnel-fd.o stunnel-dhparam.o stunnel-cron.o
stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o
-lssl -lcrypto -lz -ldl -lutil -pthread
libtool: link: ( cd ".libs" && rm -f "libstunnel.la" && ln -s
"../libstunnel.la" "libstunnel.la" )
stunnel-verify.o: In function `ocsp_request':
verify.c:(.text.ocsp_request+0x200): undefined reference to
verify.c:(.text.ocsp_request+0x21c): undefined reference to
collect2: error: ld returned 1 exit status

Both OCSP_REQ_CTX_add1_header and OCSP_REQ_CTX_set1_req are available
since OpenSSL 1.0.0. I've fixed the _compile_ issue for me by
partially reverting the changes from 5.22 (s. attached patch). I'm
however not sure if by doing so I'm introducing anew one of the bugs
mentioned in the 5.22-changelog as "Fixed a number of OCSP bugs".

@MichaƂ: could you please take a look into the issue and fix it in a
proper way in case my fix is wrong? Thanks a lot!

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: verify.c-openssl-less-1.0.x-compat.patch
Type: application/octet-stream
Size: 841 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150805/025246fa/attachment.obj>

More information about the stunnel-users mailing list