Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for engine_doneill

Patch info for engine_doneill

CreatorDiarmuid O'Neill
Patch to Version3.23
TypeNew Feature
Patchengine_doneill.patch
Description

(Full Text)

OpenSSL Engine support

Author Comments


Date: Tue, 22 Apr 2003 17:20:06 +0100
From: "Diarmuid O'Neill" <Diarmuid.ONeill@aepsystems.com>
Subject: Patch to STunnel 3.2* to support OpenSSL engines (usually for crypto
    hardware accelerators).

Hi,

Please find enclosed a patch I've tested on 3.22 and 3.23.  It adds
support for OpenSSL engines.

Files modified...
stunnel.8
configure.ac To add the --enable-ssl-engine rule.
options.c
ssl.c
prototypes.h

Because I've modified the configure.ac script the user must run
autoconf to generate the new configure file.  This adds a new
./configure option --enable-ssl-engine which defines SSL_ENGINE.  This
is required because the non engine version of OpenSSL-0.9.6 does not
include the engine header files .  I was going to include the modified
configure script but it was very different, probably because I used a
newer version of autoconf.  What do you think?

If the user is building with openssl-engine-0.9.6* they will require
the OpenSSL patch I've included to fix a bug in OpenSSL.  I've sent
this patch on the OpenSSL team [RT ticket 588], this is not required
if using OpenSSL 0.9.7.  I've tested this patch with an SSL
accelerator and seen an improvement of 300% in terms of SSL
Transactions per second.


Thanks,
Diarmuid.



Ed note:
OpenSSL versions 0.9.6(something) require an additional patch,
which Diarmuid has made available at

   http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=588

No patch needed if you use the OpenSSL 0.9.7 branch.

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.