Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for stunnel-3.8p1

Patch info for stunnel-3.8p1

CreatorBrian Hatch
Patch to Version3.8
Typesecurity/bugfix/new features
Patchstunnel-3.8p1.patch
Description

(Full Text)

Patch from 3.8 => 3.8p1

Author Comments



This patch is a diff between stunnel version 3.8 and version 3.8p1.
Numerous folks have been asking for a single stunnel tarball with
all the patches I've supplied over the last half year, and this is
it.

Man page fixes:
	The man page and '-h' output is up to date with
	the actual stunnel invocation, with longer descriptions
	of the arguments.


Client session-ID patch:
	Allows stunnel in client mode to use session-ID caching
	to speed up handshake between client and server.


Pid patch:
	Allow users to select a pid file/directory, and remove
	a security hole where malicious users could cause others
	to overwrite files.


PRNG seeding:
	Allow users to seed the PRNG s.t. they are not using
	crypto without entropy.  Specifically, it looks for
	random data from the following sources, in order:

	   The file specified with the new -R flag.
	   The file specified by the RANDFILE environment variable, if set.
	   The file .rnd in your home directory, iff RANDFILE not set.
	   The file specified with '--with-random' at compile time
	   The contents of the screen if running on Windows.
	   The egd socket specified with the -E flag.
	   The egd socket specified with '--with-egd-sock' at compile time.
	   The /dev/urandom device.

	Seeding stops when sufficient entropy is gathered.  'Sufficient'
	is determined differently depending on the version of your SSL
	library.  Read the man page.

	Note that the PRNG seeding patch here is more complete than
	the previous one written, and now includes the ability to
	output new random data to existing seed files, such that
	you do not need to manually update the files yourself.
	This feature can, of course, be turned off.


Tcpwrapper service name flag:
	Add a '-N servicename' flag that will allow you to select
	your own service name, rather than getting the one stunnel
	picks.  Although clear-cut and logical, stunnel's method of
	creating a service name has confused many before.  This also
	outputs a line telling you the service name in use verbosely
	in the debug output to make it clearer.

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.