![]() That no macros should do that anymore and hence it's safe to assume This is bad practice and error prones so let's assume %service_* rpm macros were playing tricks with the shell positional The use of $FIRST_ARG was probably required because of the Years ago (in 4.36), we don't need it anymore Its original purpose (from bsc#674554) was to allow setting a higherīacklog value for listen(). FIPS will still be available with custom builds. We removed FIPS support from our standard builds. Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes. Service threads are terminated before OpenSSL cleanup to prevent occasional stunnel crashes at shutdown.įixed data transfer stalls introduced in stunnel 5.51.įixed a transfer() loop bug introduced in stunnel 5.51.įixed PSKsecrets as a global option (thx to Teodor Robas).įixed a memory allocation bug (thx to matanfih).įixed PSK session resumption with TLS 1.3.įixed a memory leak in the WIN32 logging subsystem.Īllow for zero value (ignored) TLS options. Include file name and line number in OpenSSL errors.Ĭompatibility with the current OpenSSL 3.0.0-dev branch.īetter performance with SSL_set_read_ahead()/SSL_pending().Ī number of testing framework fixes and improvements. New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites. New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later. SMTP HELO before authentication (thx to Jacopo Giudici). Persistence is currently unsupported with session tickets. Session ticket support (requires OpenSSL 1.1.1 or later). Hexadecimal PSK keys are automatically converted to binary. Logging of the assigned bind address instead of the requested bind address.Ĭheck whether "output" is not a relative file name.Īdded sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later. Session resumption on other nodes in a cluster. New "ticketKeySecret" and "ticketMacSecret" options to control confidentialityĪnd integrity protection of the issued session tickets. * stunnel.keyring was accidentally installed instead Install the correct file as README.openSUSE (bsc#1150730) BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to * Don't show README.openSUSE when installing. * Use upstream nf and tailor it for openSUSE using sed. * Remove old static openSUSE provided nf. Terminate clients on exit in the FORK threading model. Thread safety fixes in SSL_SESSION object handling. Retry unsuccessful port binding on configuration ![]() Support for engines without PRNG seeding methods (thx to With POSIX.1-2008, such as 4.4BSD or Solaris. Support for realpath(3) implementations incompatible Various text files converted to Markdown format. ![]() ![]() A number of testing framework fixes and improvements. Delay startup with systemd until network is online. DH/ECDH initialization restored for client sections. Fixed memory leaks on configuration reloading errors. TLS 1.3 configuration updated for better compatibility. New securityLevel configuration file option. The "redirect" option was fixed to properly Remove pidfile from service file fixes start bug: boo#1178533 Scalability (including load-balancing), making it suitable for large deployments. Its architecture is optimized for security, portability, and Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers withoutĪny changes in the programs' code.
0 Comments
Leave a Reply. |