stunnel-4.35

AUTHORS

@@ -1,4 +1,4 @@
-stunnel         Universal SSL tunnel
+stunnel authors
 
-Author          Michal Trojnara  <Michal.Trojnara@mirt.net>
+Michal Trojnara  <Michal.Trojnara@mirt.net>
 

BUGS

@@ -1,6 +1,5 @@
-stunnel         Universal SSL tunnel
+stunnel known bugs
 
-KNOWN BUGS
 
-- Shared library to be LD_PRELOADed does not support IPv6.
+- Shared library for transparent proxy does not support IPv6.
 

COPYING

@@ -1,6 +1,6 @@
-stunnel Universal SSL tunnel
+stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
 
-Copyright (C) 1998-2008 Michal Trojnara
+Copyright (C) 1998-2011 Michal Trojnara
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software

ChangeLog

@@ -1,4 +1,27 @@
-stunnel         Universal SSL tunnel
+stunnel change log
+
+Version 4.35, 2011.02.05, urgency: LOW:
+* New features
+  - Updated Win32 DLLs for OpenSSL 1.0.0c.
+  - Transparent source (non-local bind) added for FreeBSD 8.x.
+  - Transparent destination ("transparent = destination") added for Linux.
+* Bugfixes
+  - Fixed reload of FIPS-enabled stunnel.
+  - Compiler options are now auto-detected by ./configure script
+    in order to support obsolete versions of gcc.
+  - Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler.
+  - CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10.
+    Irreparable race condition leaks remain on other Unix platforms.
+    This issue may have security implications on some deployments.
+  - Directory lib64 included in the OpenSSL library search path.
+  - Windows CE compilation fixes (thx to Pierre Delaage).
+  - Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().
+* Domain name changes (courtesy of Bri Hatch)
+  - http://stunnel.mirt.net/ --> http://www.stunnel.org/
+  - ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
+  - stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
+  - stunnel-users@mirt.net --> stunnel-users@stunnel.org
+  - stunnel-announce@mirt.net --> stunnel-announce@stunnel.org
 
 Version 4.34, 2010.09.19, urgency: LOW:
 * New features
@@ -54,7 +77,7 @@ Version 4.29, 2009.12.02, urgency: MEDIUM:
 * New feature sponsored by Searchtech Limited http://www.astraweb.com/
   - sessiond, a high performance SSL session cache was built for stunnel.
     A new service-level "sessiond" option was added.  sessiond is
-    available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
+    available for download on ftp://ftp.stunnel.org/stunnel/sessiond/ .
     stunnel clusters will be a lot faster, now!
 * Bugfixes
   - "execargs" defaults to the "exec" parameter (thx to Peter Pentchev).

INSTALL

@@ -1,4 +1,5 @@
-stunnel         Universal SSL tunnel
+stunnel Unix install notes
+
 
 1. If your machine supports POSIX threads make sure your SSL
    library is compiled with -DTHREADS.

INSTALL.FIPS

@@ -1,4 +1,4 @@
-stunnel         Universal SSL tunnel
+stunnel FIPS install notes
 
 
 FIPS support status:

INSTALL.W32

@@ -1,4 +1,4 @@
-stunnel         Universal SSL tunnel
+stunnel Windows install notes
 
 
 Building stunnel from source (optional):
@@ -24,7 +24,7 @@ Building stunnel from source (optional):
       cd /usr/src && tar zvxf ~/openssl-(version).tar.gz
 
  4) Build OpenSSL with cross_mingw32.sh script.
-      ftp://stunnel.mirt.net/stunnel/openssl/cross_mingw32.sh
+      ftp://ftp.stunnel.org/stunnel/openssl/cross_mingw32.sh
 
  5) Download and unpack stunnel-(version).tar.gz.
 

INSTALL.WCE

@@ -1,4 +1,4 @@
-stunnel         Universal SSL tunnel
+stunnel Windows CE install notes
 
 
 Two stunnel executables are available for Windows CE platform:
@@ -17,7 +17,7 @@ Building stunnel from source (optional):
        http://www.mirrorservice.org/sites/ftp.info-zip.org/pub/infozip/WIN32/
 
   2) download the OpenSSL source files (the whole directory):
-     ftp://stunnel.mirt.net/stunnel/openssl/ce/
+     ftp://ftp.stunnel.org/stunnel/openssl/ce/
 
   3) your directory should look like this:
      build.bat

Makefile.am

@@ -35,5 +35,5 @@ sign: dist
 		../dist/$(distdir).tar.gz
 	gpg --yes --armor --detach-sign --force-v3-sigs \
 		../dist/$(distdir)-installer.exe
-	sha1sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha1
+	sha256sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha256
 

Makefile.in

@@ -774,7 +774,7 @@ sign: dist
 		../dist/$(distdir).tar.gz
 	gpg --yes --armor --detach-sign --force-v3-sigs \
 		../dist/$(distdir)-installer.exe
-	sha1sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha1
+	sha256sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha256
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.

PORTS

@@ -1,12 +1,22 @@
-stunnel         Universal SSL tunnel
+stunnel known port maintainers
 
-Stunnel ports maintainers:
 
-AmigaOS      Diego Casorran              <dcr8520@amiga.org>
-Cygwin       Andrew Schulman             <andrex@alumni.utexas.net>
-Debian       Luis Rodrigo Gallardo Cruz  <rodrigo@debian.org>
-FreeBSD      Peter Pentchev              <roam@FreeBSD.org>
-NetBSD       Martti Kuparinen            <martti.kuparinen@iki.fi>
-OpenBSD      Jakob Schlyter              <jakob@openbsd.org>
-OpenSolaris  Mark Fenwick                <Mark.Fenwick@sun.com>
-RedHat       Damien Miller               <dmiller@ilogic.com.au>
+* AmigaOS
+  - Diego Casorran <dcr8520@amiga.org>
+* Cygwin
+  - Andrew Schulman <andrex@alumni.utexas.net>
+* Debian GNU/Linux
+  - Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com>
+* FreeBSD
+  - Peter Pentchev <roam@FreeBSD.org>
+* NetBSD
+  - Martti Kuparinen <martti.kuparinen@iki.fi>
+* OpenBSD
+  - Jakob Schlyter <jakob@openbsd.org>
+* OpenSolaris
+  - Mark Fenwick <Mark.Fenwick@sun.com>
+* OS/2
+  - Paul Smedley <paul@smedley.info>
+* RedHat Linux
+  - Damien Miller <dmiller@ilogic.com.au>
+

README

@@ -1,4 +1,4 @@
-stunnel         Universal SSL tunnel
+stunnel overview
 
 Short description
 

TODO

@@ -1,25 +1,25 @@
-stunnel         Universal SSL tunnel
+stunnel TODO
+
 
 * High priority features I'm going to support (sponsorship welcomed):
-  - Add service-level logging.
-  - Log file rotation with with GUI on Windows.
-  - In transparent proxy mode add an option to connect destination address
-    of the the original connection instead of a fixed IP list.
-  - Support SSL_CTX_set_tlsext_servername_callback.
+  - Support for CryptoAPI certificates and private keys with CAPI engine.
+  - Support for Server Name Indication SSL extension
+    with SSL_CTX_set_tlsext_servername_callback.
+  - Service-level logging configuration (separate verbosity and destination).
 
 * Low priority features I'm going to support (sponsorship welcomed):
-  - Replace protocol.c with a scripting engine.
-  - Add some scripting capabilities *after* SSL negotiations.
-  - Key renegotiation (re-handshake) for long connections.
-  - Internationalization of logged messages (i18n).
-  - Logging to NT eventlog.
   - SOCKS 4 protocol support.
     http://archive.socks.permeo.com/protocol/socks4.protocol
-  - Add support for Server Name Indication SSL extension.
+  - Key renegotiation (re-handshake) for long connections.
+  - Logging to NT EventLog on Windows.
+  - Log file rotation with with GUI on Windows.
+  - Internationalization of logged messages (i18n).
+  - Generic scripting engine instead or static protocol.c.
 
-* Features I'd prefer NOT to support (waiting for a wealthy sponsor):
-  - Authentication based on reverse DNS lookup matching CN of X.509.
-  - HTTP protocol support (adding X-Forwarded-For header to each request,
-    URL rewriting).
-  - SMTP protocol support (adding X-Forwarded-For header to each email).
+* Features I prefer *not* to support (waiting for a wealthy sponsor):
+  - Additional certificate checks (including wildcard comparison) based on
+    CN and X509v3 Subject Alternative Name.
+  - Protocol support *after* SSL is negotiated.
+  - Support for adding X-Forwarded-For to HTTP request headers.
+  - Support for adding X-Forwarded-For to SMTP email headers.