stunnel Universal SSL tunnel Version 4.08, 2005.02.27, urgency: LOW: * New features - New -quiet option was added to install NT service without a message box. * Bugfixes - Using $(DESTDIR) in tools/Makefile.am. - Define NI_NUMERICHOST and NI_NUMERICSERV when needed. - Length of configuration file line increased from 256B to 16KB. - Stunnel sends close_notify when a close_notify is received from SSL peer and all remaining data is sent to SSL peer. - Some fixes for bugs detected by the watchdog. * Release notes - There were many changes in the transfer() function (the main loop). This version should be thoroughly tested before using it in the mission-critical environment. Version 4.07, 2005.01.03, urgency: MEDIUM: * Bugfixes - Problem with infinite poll() timeout negative, but not equal to -1 fixed. - Problem with a file descriptor ready to be read just after a non-blocking connect call fixed. - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed. - IP address and TCP port textual representation length (IPLEN) increased to 128 bytes. - OpenSSL engine support is only used if engine.h header file exists. - Broken NT Service mode on Win32 platform fixed. - Support for IPv4-only Win32 machines restored. Version 4.06, 2004.12.26, urgency: LOW: * New feature sponsored by SURFnet http://www.surfnet.nl/ - IPv6 support (to be enabled with ./configure --enable-ipv6). * New features - poll() support - no more FD_SETSIZE limit! - Multiple connect=host:port options are allowed in a single service section. Remote hosts are connected using round-robin algorithm. This feature is not compatible with delayed resolver. - New 'compression' option to enable compression. To use zlib algorithm you have to enable it when building OpenSSL library. - New 'engine' option to select a hardware engine. - New 'TIMEOUTconnect' option with 10 seconds default added. - stunnel3 perl script to emulate version 3.x command line options. - French manual updated by Bernard Choppy . - A watchdog to detect transfer() infinite loops added. - Configuration file comment character changed from '#' to ';'. '#' will still be recognized to keep compatibility. - MT-safe getaddrinfo() and getnameinfo() are used where available to get better performance on resolver calls. - Automake upgraded from 1.4-p4 to 1.7.9. * Bugfixes - log() changed to s_log() to avoid conflicts on some systems. - Common CRIT_INET critical section introduced instead of separate CRIT_NTOA and CRIT_RESOLVER to avoid potential problems with libwrap (TCP Wrappers) library. - CreateThread() finally replaced with _beginthread() on Win32. - make install creates $(localstatedir)/stunnel. $(localstatedir)/stunnel/dev/zero is also created on Solaris. - Race condition with client session cache fixed. - Other minor bugfixes. * Release notes - Win32 port requires Winsock2 to work. Some Win95 systems may need a free update from Microsoft. http://www.microsoft.com/windows95/downloads/ - Default is *not* to use IPv6 '::' for accept and '::1' for connect. For example to accept pop3s on IPv6 you could use: 'accept = :::995'. I hope the new syntax is clear enough. Version 4.05, 2004.02.14, urgency: MEDIUM: * New feature sponsored by SURFnet http://www.surfnet.nl/ - Support for CIFS aka SMB protocol SSL negotiation. * New features - CRL support with new CRLpath and CRLfile global options. - New 'taskbar' option on Win32 (thx to Ken Mattsen ). - New -fd command line parameter to read configuration from a specified file descriptor instead of a file. - accept is reported as error when no '[section]' is defined (in stunnel 4.04 it was silently ignored causing problems for lusers that did not read the fine manual). - Use fcntl() instead of ioctlsocket() to set socket nonblocking where it is supported. - Basic support for hardware engines with OpenSSL >= 0.9.7. - French manual by Bernard Choppy . - Thread stack size reduced to 64KB for maximum scalability. - Added optional code to debug thread stack usage. - Support for nsr-tandem-nsk (thx to Tom Bates ). * Bugfixes - TCP wrappers code moved to CRIT_NTOA critical section since it uses static inet_ntoa() result buffer. - SSL_ERROR_SYSCALL handling problems fixed. - added code to retry nonblocking SSL_shutdown() calls. - Use FD_SETSIZE instead of 16 file descriptors in inetd mode. - fdscanf groks lowercase protocol negotiation commands. - Win32 taskbar GDI objects leak fixed. - Libwrap detection bug in ./configure script fixed. - grp.h header detection fixed for NetBSD and possibly other systems. - Some other minor updates. Version 4.04, 2003.01.12, urgency: MEDIUM: * New feature sponsored by SURFnet http://www.surfnet.nl/ - Encrypted private key can be used with Win32 GUI. * New features - New 'options' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). - 'service' option also changes the name for TCP Wrappers access control in inetd mode. - Support for BeOS (thx to Mike I. Kozin ) - SSL is negotiated before connecting remote host or spawning local process whenever possible. - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with 'exec'. - Whole SSL error stack is dumped on errors. - 'make cert' rule is back (was missing since 4.00). - Manual page updated (special thanks to Brian Hatch). - TODO updated. * Bugfixes - Major code cleanup (thx to Steve Grubb ). - Unsafe functions are removed from SIGCHLD handler. - Several bugs in auth_user() fixed. - Incorrect port when using 'local' option fixed. - OpenSSL tools '-rand' option is no longer directly used with a device (like '/dev/urandom'). Temporary random file is created with 'dd' instead. * DLLs for OpenSSL 0.9.7. Version 4.03, 2002.10.27, urgency: HIGH: * NT Service (broken since 4.01) is operational again. * Memory leak in FORK environments fixed. * sigprocmask() mistake corrected. * struct timeval is reinitialized before select(). * EAGAIN handled in client.c for AIX. * Manual page updated. Version 4.02, 2002.10.21, urgency: HIGH: * Serious bug in ECONNRESET handling fixed. Version 4.01, 2002.10.20, urgency: MEDIUM: * New features - OpenVMS support. - Polish manual and some manual updates. - 'service' option added on Win32 platform. - Obsolete FAQ has been removed. - Log file is created with 0640 mode. - exec->connect service sections (need more testing). * Bugfixes - EINTR ingored in main select() loop. - Fixed problem with stunnel closing connections on TIMEOUTclose before all the data is sent. - Fixed EWOULDBLOCK on writesocket problem. - Potential DOS in Win32 GUI fixed. - Solaris compilation problem fixed. - Libtool configuration problems fixed. - Signal mask is cleared just before exec in local mode. - Accepting sockets and log file descriptors are no longer leaked to the child processes. Special thanks to Hans Werner Strube for his testing effort. Special thanks to Steve Grubb for the source code audit. Version 4.00, 2002.08.30, urgency: LOW: * New features sponsored by MAXIMUS http://www.maximus.com/ - New user interface (config file). - Single daemon can listen on multiple ports, now. - Native Win32 GUI added. - Native NT/2000/XP service added. - Delayed DNS lookup added. * Other new features - All the timeouts are now configurable including TIMEOUTclose that can be set to 0 for MSIE and other buggy clients that do not send close_notify. - Stunnel process can be chrooted in a specified directory. - Numerical values for setuid() and setgid() are allowed, now. - Confusing code for setting certificate defaults introduced in version 3.8p3 was removed to simplify stunnel setup. There are no built-in defaults for CApath and CAfile options. - Private key file for a certificate can be kept in a separate file. Default remains to keep it in the cert file. - Manual page updated. - New FHS-compatible build system based on automake and libtool. * Bugfixes - `SSL socket closed on SSL_write' problem fixed. - Problem with localtime() crashing Solaris 8 fixed. - Problem with tcp wrappers library detection fixed. - Cygwin (http://www.cygwin.com/) support added. - __svr4__ macro defined for Sun C/C++ compiler. * DLLs for OpenSSL 0.9.6g. Version 3.22, 2001.12.20, urgency: HIGH: * Format string bug fixed in protocol.c smtp, pop3 and nntp in client mode were affected. (stunnel clients could be attacked by malicious servers) * Certificate chain can be supplied with -p option or in stunnel.pem. * Problem with -r and -l options used together fixed. * memmove() instead of memcpy() is used to move data in buffers. * More detailed information about negotiated ciphers is printed. * New ./configure options: '--enable-no-rsa' and '--enable-dh'. Version 3.21c, 2001.11.11, urgency: LOW: * autoconf scripts upgraded to version 2.52. * Problem with pthread_sigmask on Darwin fixed (I hope). * Some documentation typos corrected. * Attempt to ignore EINTR in transfer(). * Shared library version reported on startup. * DLLs for OpenSSL 0.9.6b. Version 3.21b, 2001.11.03, urgency: MEDIUM: * File descriptor leak on failed connect() fixed. Version 3.21a, 2001.10.31, urgency: MEDIUM: * Small bug in Makefile fixed. Version 3.21, 2001.10.31, urgency: MEDIUM: * Problem with errno and posix threads fixed. * It is assumed that system has getopt() if it has getopt.h header file. * SSL_CLIENT_DN and SSL_CLIENT_I_DN environment variables set in local mode (-l) process. This feature doesn't work if client mode (-c) or protocol negotiation (-n) is used. * Winsock error descriptions hardcoded (English version only). * SetConsoleCtrlHandler() used to handle CTRL+C, logoff and shutdown on Win32. * Stunnel always requests peer certificate with -v 0. * sysconf()/getrlimit() used to calculate number of clients allowed. * SSL mode changed for OpenSSL >= 0.9.6. * close-on-exec option used to avoid socket inheriting. * Buffer size increased from 8KB to 16KB. * fdscanf()/fdprintf() changes: - non-blocking socket support, - timeout after 1 minute of inactivity. * auth_user() redesigned to force 1 minute timeout. * Some source arrangement towards 4.x architecture. * No need for 'goto' any more. * New Makefile 'test' rule. It performs basic test of standalone/inetd, remote/local and server/client mode. * pop3 server mode support added. Version 3.20, 2001.08.15, urgency: LOW: * setsockopt() optlen set according to the optval for Solaris. * Minor NetBSD compatibility fixes by Martti Kuparinen. * Minor MSVC6 compatibility fixes by Patrick Mayweg. * SSL close_notify timeout reduced to 10 seconds of inactivity. * Socket close instead of reset on close_notify timeout. * Some source arrangement and minor bugfixes. Version 3.19, 2001.08.10, urgency: MEDIUM: * Critical section added around non MT-safe TCP Wrappers code. * Problem with 'select: Interrupted system call' error fixed. * errno replaced with get_last_socket_error() for Win32. * Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen. * Local mode process pid logged. * Default FQDN (localhost) removed from stunnel.cnf * ./configure changed to recognize POSIX threads library on OSF. * New -O option to set socket options. Version 3.18, 2001.07.31, urgency: MEDIUM: * MAX_CLIENTS is calculated based on FD_SETSIZE, now. * Problems with closing SSL in transfer() fixed. * -I option to bind a static local IP address added. * Debug output of info_callback redesigned. Version 3.17, 2001.07.29, urgency: MEDIUM: * Problem with coredump on exit with active threads fixed. * Timeout for transfer() function added: - 1 hour if socket is open for read - 1 minute if socket is closed for read Version 3.16, 2001.07.22, urgency: MEDIUM: * Some transfer() bugfixes/improvements. * STDIN/STDOUT are no logner assumed to be non-socket decriptors. * Problem with --with-tcp-wrappers patch fixed. * pop3 and nntp support bug fixed by Martin Germann. * -o option to append log messages to a file added. * Changed error message for SSL error 0. Version 3.15, 2001.07.15, urgency: MEDIUM: * Serious bug resulting in random transfer() hangs fixed. * Separate file descriptors are used for inetd mode. * -f (foreground) logs are now stamped with time. * New ./configure option: --with-tcp-wrappers by Brian Hatch. * pop3 protocol client support (-n pop3) by Martin Germann. * nntp protocol client support (-n nntp) by Martin Germann. * RFC 2487 (smtp STARTTLS) client mode support. * Transparency support for Tru64 added. * Some #includes for AIX added. Version 3.14, 2001.02.21, urgency: LOW: * Pidfile creation algorithm has been changed. Version 3.13, 2001.01.25, urgency: MEDIUM: * pthread_sigmask() argument in sthreads.c corrected. * OOB data is now handled correctly. Version 3.12, 2001.01.24, urgency: LOW: * Attempted to fix problem with zombies in local mode. * Patch for 64-bit machines by Nalin Dahyabhai applied. * Tiny bugfix for OSF cc by Dobrica Pavlinusic added. * PORTS file updated. Version 3.11, 2000.12.21, urgency: MEDIUM: * New problem with zombies fixed. * Attempt to be integer-size independed. * SIGHUP handler added. Version 3.10, 2000.12.19, urgency: MEDIUM: * Internal thread synchronization code added. * libdl added to stunnel dependencies if it exists. * Manpage converted to sdf format. * stunnel deletes pid file before attempting to create it. * Documentation updates. * -D option now takes [facility].level as argument. 0-7 still supported. * Problems with occasional zombies in FORK mode fixed. * 'stunnel.exe' rule added to Makefile. You can cross-compile stunnel.exe on Unix, now. I'd like to be able to compile OpenSSL this way, too... Version 3.9, 2000.12.13, urgency: HIGH: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. Version 3.8p4, 2000.06.25 bri@stunnel.org: * fixes for Windows platform Version 3.8p3, 2000.06.24 bri@stunnel.org: * Compile time definitions for the following: --with-cert-dir --with-cert-file --with-pem-dir --enable-ssllib-cs * use daemon() function instead of daemonize, if available * fixed FreeBSD threads checking (patch from robertw@wojo.com) * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Removed DH param generation in Makefile.in * Moved stunnel.pem to sample.pem to keep people from blindly using it * Removed confusing stunnel.pem check from Makefile. * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory. Version 3.8p2, 2000.06.13 bri@stunnel.org: * Fixes for Win32 platform * Minor output formatting changes * Fixed version number in files Version 3.8p1, 2000.06.11 bri@stunnel.org: * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name Version 3.8, 2000.02.24: * Checking for threads in c_r library for FreeBSD. * Some compatibility fixes for Ultrix. * configure.in has been cleaned up. Separate directories for SSL certs and SSL libraries/headers are no longer supported. SSL ports maintainers should create softlinks in the main openssl directory if necessary. * Added --with-ssl option to specify SSL directory. * Added setgid (-g) option. (Special thanks to Brian Hatch for his feedback and support) * Added pty.c based on a Public Domain code by Tatu Ylonen * Distribution files are now signed with GnuPG Version 3.7, 2000.02.10: * /usr/pkg added to list of possible SSL directories for pkgsrc installs of OpenSSL under NetBSD. * Added the -s option, which setuid()s to the specified user when running in daemon mode. Useful for cyrus imapd. (both based on patch by George Coulouris) * PTY code ported to Solaris. The port needs some more testing. * Added handler for SIGINT. * Added --with-random option to ./configure script. * Fixed some problems with autoconfiguration on Solaris and others. It doesn't use config.h any more. * /var/run changed to @localstatedir@/stunnel for better portability. The directory is chmoded a=rwx,+t. * FAQ has been updated. 3.6 2000.02.03 Automatic RFC 2487 detection based on patch by Pascual Perez and Borja Perez. Non-blocking sockets not used by default. DH support is disabled by default. (both can be enabled in ssl.c) 3.5 2000.02.02 Support for openssl 0.9.4 added. /usr/ssl added to configure by Christian Zuckschwerdt. Added tunneling for PPP through the addition of PTY handling, and some documentation. 3.4a 1999.07.13 (bugfix release) Problem with cipher negotiation fixed. setenv changed to putenv. 3.4 1999.07.12 Local transparent proxy added with LD_PRELOADed shared library. DH code rewritten. Added -C option to set cipher list. stderr fflushed after fprintf(). Minor portability bugfixes. Manual updated (but still not perfect). 3.3 1999.06.18 Support for openssl 0.9.3 added. Generic support for protocol negotiation added (protocol.c). SMTP protocol negotiation support for Netscape client added. Transparent proxy mode (currently works on Linux only). SO_REUSEADDR enabled on listening socket in daemon mode. ./configure now accepts --prefix parameter. -Wall is only used with gcc compiler. Makefile.in and configure.in updated. SSL-related functions moved to a separate file. vsprintf changed to vsnprintf in log.c on systems have it. Pidfile in /var/run added for daemon mode. RSAref support fix (not tested). Some compatibility fixes for Solaris and NetBSD added. 3.2 1999.04.28 RSAref support (not tested). Added full duplex with non-blocking sockets. RST sent instead of FIN on peer error (on error peer socket is reset - not just closed). RSA temporary key length changed back to 512 bits to fix problem with Netscape. Added NO_RSA for US citizens having problems with patents. 3.1 1999.04.22 Changed -l syntax (first argument specified is now argv[0]). Fixed problem with options passed to locally executed daemon. Fixed problem with ':' passed to libwrap in a service name: - ':' has been changed to '.'; - user can specify his own service name as an argument. RSA temporary key length changed from 512 to 1024 bits. Added safecopy to avoid buffer overflows in stunnel.c. Fixed problems with GPF after unsuccessful resolver call and incorrect parameters passed to getopt() in Win32. FAQ updated. 3.0 1999.04.19 Some bugfixes. FAQ added. 3.0b7 1999.04.14 Win32 native port fixed (looks quite stable). New transfer() function algorithm. New 'make cert' to be compatible with openssl-0.9.2b. Removed support for memory leaks debugging. 3.0b6 1999.04.01 Fixed problems with session cache (by Adam). Added client mode session cache. Source structure, autoconf script and Makefile changed. Added -D option to set debug level. Added support for memory leaks debugging (SSL library needs to be compiled with -DMFUNC). 3.0b5 1999.03.25 Lots of changes to make threads work. Peer (client and server) authentication works! Added -V option to display version. 3.0b4 1999.03.22 Early POSIX threads implementation. Work on porting to native Win32 application started. 3.0b3 1999.03.05 Improved behavior on heavy load. 3.0b2 1999.03.04 Fixed -v parsing bug. 3.0b1 1999.01.18 New user interface. Client mode added. Peer certificate verification added (=strong authentication). Win32 port added. Other minor problems fixed. 2.1 1998.06.01 Few bugs fixed. 2.0 1998.05.25 Remote mode added! Standalone mode added! tcpd functionality added by libwrap utilization. DH callbacks removed by kravietZ. bind loopback on Intel and other bugs fixed by kravietZ. New manual page by kravietZ & myself. 1.6 1998.02.24 Linux bind fix. New TODO ideas! 1.5 1998.02.24 make_sockets() implemented with Internet sockets instead of Unix sockets for better compatibility. (i.e. to avoid random data returned by getpeername(2)) This feature can be disabled in stunnel.c. 1.4 1998.02.16 Ported to HP-UX, Solaris and probably other UNIXes. Autoconfiguration added. 1.3 1998.02.14 Man page by Pawel Krawczyk added! Copyrights added. Minor errors corrected. 1.2 1998.02.14 Separate certificate for each service added. Connection logging support. 1.1 1998.02.14 Callback functions added by Pawel Krawczyk . 1.0 1998.02.11 First version with SSL support - special thx to Adam Hernik . 0.1 1998.02.10 Testing skeleton.