[stunnel-users] Stunnel - supports static OpenSSL engines?

pepak at seznam.cz pepak at seznam.cz
Tue Dec 10 20:07:44 CET 2019


Does Stunnel support static-linked engines for OpenSSL? From my
experiments, my guess would be that it doesn't, but I may be
overlooking something and would welcome a confirmation.

Why I need it: During development of an urelated app, after many many
failed attempts, I finally managed to get OpenSSL 1.1.x working with a
CAPI engine - but the only functional setup involved CAPI built
directly into libcrypto. Every other setup, in both Visual Studio and
MinGW, led to some problem or another. I would love to extend this
success to my Stunnel setup, where I am now forced to stick with
version 5.49 because the newer versions use OpenSSL 1.1.x which simply
doesn't seem to be able to function correctly with the dynamic CAPI

What I need from Stunnel, basically, is for it to try to use
ENGINE_by_id('capi') first and only when that fails, attempt to load a
dynamic engine using ENGINE_by_id('dynamic') and the necessary
ENGINE_ctrl_cmd_string commands. I can build a functional static-built
OpenSSL libraries myself.

If Stunnel wanted to incorporate that, I am all for it, provided that
there is some way of specifying whether a static engine or a dynamic
engine is preferred. My Configure command is:

perl Configure shared enable-static-engine enable-zlib
--with-zlib-include=C:\Zlib --with-zlib-lib=C:\Zlib\zlib.lib VC-WIN64A


More information about the stunnel-users mailing list