Interested in finding out how I created this web page?
Click here.
VPN_Solutions/ChangeLog
1 stunnel Universal SSL tunnel
2
3 Version 4.04, 2003.01.12, urgency: MEDIUM:
4 * New feature sponsored by SURFnet http://www.surfnet.nl/
5 - Encrypted private key can be used with Win32 GUI.
6 * New features
7 - New 'options' configuration option to setup
8 OpenSSL library hacks with SSL_CTX_set_options().
9 - 'service' option also changes the name for
10 TCP Wrappers access control in inetd mode.
11 - Support for BeOS (thx to Mike I. Kozin <mik@sbor.net>)
12 - SSL is negotiated before connecting remote host
13 or spawning local process whenever possible.
14 - REMOTE_HOST variable is always placed in the
15 enrivonment of a process spawned with 'exec'.
16 - Whole SSL error stack is dumped on errors.
17 - 'make cert' rule is back (was missing since 4.00).
18 - Manual page updated (special thanks to Brian Hatch).
19 - TODO updated.
20 * Bugfixes
21 - Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
22 - Unsafe functions are removed from SIGCHLD handler.
23 - Several bugs in auth_user() fixed.
24 - Incorrect port when using 'local' option fixed.
25 - OpenSSL tools '-rand' option is no longer directly
26 used with a device (like '/dev/urandom').
27 Temporary random file is created with 'dd' instead.
28 * DLLs for OpenSSL 0.9.7.
29
30 Version 4.03, 2002.10.27, urgency: HIGH:
31 * NT Service (broken since 4.01) is operational again.
32 * Memory leak in FORK environments fixed.
33 * sigprocmask() mistake corrected.
34 * struct timeval is reinitialized before select().
35 * EAGAIN handled in client.c for AIX.
36 * Manual page updated.
37
38 Version 4.02, 2002.10.21, urgency: HIGH:
39 * Serious bug in ECONNRESET handling fixed.
40
41 Version 4.01, 2002.10.20, urgency: MEDIUM:
42 * New features
43 - OpenVMS support.
44 - Polish manual and some manual updates.
45 - 'service' option added on Win32 platform.
46 - Obsolete FAQ has been removed.
47 - Log file is created with 0640 mode.
48 - exec->connect service sections (need more testing).
49 * Bugfixes
50 - EINTR ingored in main select() loop.
51 - Fixed problem with stunnel closing connections on
52 TIMEOUTclose before all the data is sent.
53 - Fixed EWOULDBLOCK on writesocket problem.
54 - Potential DOS in Win32 GUI fixed.
55 - Solaris compilation problem fixed.
56 - Libtool configuration problems fixed.
57 - Signal mask is cleared just before exec in local mode.
58 - Accepting sockets and log file descriptors are no longer
59 leaked to the child processes.
60 Special thanks to Hans Werner Strube for his testing effort.
61 Special thanks to Steve Grubb for the source code audit.
62
63 Version 4.00, 2002.08.30, urgency: LOW:
64 * New features sponsored by MAXIMUS http://www.maximus.com/
65 - New user interface (config file).
66 - Single daemon can listen on multiple ports, now.
67 - Native Win32 GUI added.
68 - Native NT/2000/XP service added.
69 - Delayed DNS lookup added.
70 * Other new features
71 - All the timeouts are now configurable including
72 TIMEOUTclose that can be set to 0 for MSIE and other
73 buggy clients that do not send close_notify.
74 - Stunnel process can be chrooted in a specified directory.
75 - Numerical values for setuid() and setgid() are allowed, now.
76 - Confusing code for setting certificate defaults introduced in
77 version 3.8p3 was removed to simplify stunnel setup.
78 There are no built-in defaults for CApath and CAfile options.
79 - Private key file for a certificate can be kept in a separate
80 file. Default remains to keep it in the cert file.
81 - Manual page updated.
82 - New FHS-compatible build system based on automake and libtool.
83 * Bugfixes
84 - `SSL socket closed on SSL_write' problem fixed.
85 - Problem with localtime() crashing Solaris 8 fixed.
86 - Problem with tcp wrappers library detection fixed.
87 - Cygwin (http://www.cygwin.com/) support added.
88 - __svr4__ macro defined for Sun C/C++ compiler.
89 * DLLs for OpenSSL 0.9.6g.
90
91 Version 3.22, 2001.12.20, urgency: HIGH:
92 * Format string bug fixed in protocol.c
93 smtp, pop3 and nntp in client mode were affected.
94 (stunnel clients could be attacked by malicious servers)
95 * Certificate chain can be supplied with -p option or in stunnel.pem.
96 * Problem with -r and -l options used together fixed.
97 * memmove() instead of memcpy() is used to move data in buffers.
98 * More detailed information about negotiated ciphers is printed.
99 * New ./configure options: "--enable-no-rsa" and "--enable-dh".
100
101 Version 3.21c, 2001.11.11, urgency: LOW:
102 * autoconf scripts upgraded to version 2.52.
103 * Problem with pthread_sigmask on Darwin fixed (I hope).
104 * Some documentation typos corrected.
105 * Attempt to ignore EINTR in transfer().
106 * Shared library version reported on startup.
107 * DLLs for OpenSSL 0.9.6b.
108
109 Version 3.21b, 2001.11.03, urgency: MEDIUM:
110 * File descriptor leak on failed connect() fixed.
111
112 Version 3.21a, 2001.10.31, urgency: MEDIUM:
113 * Small bug in Makefile fixed.
114
115 Version 3.21, 2001.10.31, urgency: MEDIUM:
116 * Problem with errno and posix threads fixed.
117 * It is assumed that system has getopt() if it has getopt.h header file.
118 * SSL_CLIENT_DN and SSL_CLIENT_I_DN environment variables set in local mode
119 (-l) process. This feature doesn't work if
120 client mode (-c) or protocol negotiation (-n) is used.
121 * Winsock error descriptions hardcoded (English version only).
122 * SetConsoleCtrlHandler() used to handle CTRL+C, logoff and shutdown on Win32.
123 * Stunnel always requests peer certificate with -v 0.
124 * sysconf()/getrlimit() used to calculate number of clients allowed.
125 * SSL mode changed for OpenSSL >= 0.9.6.
126 * close-on-exec option used to avoid socket inheriting.
127 * Buffer size increased from 8KB to 16KB.
128 * fdscanf()/fdprintf() changes:
129 - non-blocking socket support,
130 - timeout after 1 minute of inactivity.
131 * auth_user() redesigned to force 1 minute timeout.
132 * Some source arrangement towards 4.x architecture.
133 * No need for "goto" any more.
134 * New Makefile "test" rule. It performs basic test of
135 standalone/inetd, remote/local and server/client mode.
136 * pop3 server mode support added.
137
138 Version 3.20, 2001.08.15, urgency: LOW:
139 * setsockopt() optlen set according to the optval for Solaris.
140 * Minor NetBSD compatibility fixes by Martti Kuparinen.
141 * Minor MSVC6 compatibility fixes by Patrick Mayweg.
142 * SSL close_notify timeout reduced to 10 seconds of inactivity.
143 * Socket close instead of reset on close_notify timeout.
144 * Some source arrangement and minor bugfixes.
145
146 Version 3.19, 2001.08.10, urgency: MEDIUM:
147 * Critical section added around non MT-safe TCP Wrappers code.
148 * Problem with "select: Interrupted system call" error fixed.
149 * errno replaced with get_last_socket_error() for Win32.
150 * Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
151 * Local mode process pid logged.
152 * Default FQDN (localhost) removed from stunnel.cnf
153 * ./configure changed to recognize POSIX threads library on OSF.
154 * New -O option to set socket options.
155
156 Version 3.18, 2001.07.31, urgency: MEDIUM:
157 * MAX_CLIENTS is calculated based on FD_SETSIZE, now.
158 * Problems with closing SSL in transfer() fixed.
159 * -I option to bind a static local IP address added.
160 * Debug output of info_callback redesigned.
161
162 Version 3.17, 2001.07.29, urgency: MEDIUM:
163 * Problem with coredump on exit with active threads fixed.
164 * Timeout for transfer() function added:
165 - 1 hour if socket is open for read
166 - 1 minute if socket is closed for read
167
168 Version 3.16, 2001.07.22, urgency: MEDIUM:
169 * Some transfer() bugfixes/improvements.
170 * STDIN/STDOUT are no logner assumed to be non-socket decriptors.
171 * Problem with --with-tcp-wrappers patch fixed.
172 * pop3 and nntp support bug fixed by Martin Germann.
173 * -o option to append log messages to a file added.
174 * Changed error message for SSL error 0.
175
176 Version 3.15, 2001.07.15, urgency: MEDIUM:
177 * Serious bug resulting in random transfer() hangs fixed.
178 * Separate file descriptors are used for inetd mode.
179 * -f (foreground) logs are now stamped with time.
180 * New ./configure option: --with-tcp-wrappers by Brian Hatch.
181 * pop3 protocol client support (-n pop3) by Martin Germann.
182 * nntp protocol client support (-n nntp) by Martin Germann.
183 * RFC 2487 (smtp STARTTLS) client mode support.
184 * Transparency support for Tru64 added.
185 * Some #includes for AIX added.
186
187 Version 3.14, 2001.02.21, urgency: LOW:
188 * Pidfile creation algorithm has been changed.
189
190 Version 3.13, 2001.01.25, urgency: MEDIUM:
191 * pthread_sigmask() argument in sthreads.c corrected.
192 * OOB data is now handled correctly.
193
194 Version 3.12, 2001.01.24, urgency: LOW:
195 * Attempted to fix problem with zombies in local mode.
196 * Patch for 64-bit machines by Nalin Dahyabhai <nalin@redhat.com> applied.
197 * Tiny bugfix for OSF cc by Dobrica Pavlinusic <dpavlin@rot13.org> added.
198 * PORTS file updated.
199
200 Version 3.11, 2000.12.21, urgency: MEDIUM:
201 * New problem with zombies fixed.
202 * Attempt to be integer-size independed.
203 * SIGHUP handler added.
204
205 Version 3.10, 2000.12.19, urgency: MEDIUM:
206 * Internal thread synchronization code added.
207 * libdl added to stunnel dependencies if it exists.
208 * Manpage converted to sdf format.
209 * stunnel deletes pid file before attempting to create it.
210 * Documentation updates.
211 * -D option now takes [facility].level as argument. 0-7 still supported.
212 * Problems with occasional zombies in FORK mode fixed.
213 * 'stunnel.exe' rule added to Makefile.
214 You can cross-compile stunnel.exe on Unix, now.
215 I'd like to be able to compile OpenSSL this way, too...
216
217 Version 3.9, 2000.12.13, urgency: HIGH:
218 * Updated temporary key generation:
219 - stunnel is now honoring requested key-lengths correctly,
220 - temporary key is changed every hour.
221 * transfer() no longer hangs on some platforms.
222 Special thanks to Peter Wagemans for the patch.
223 * Potential security problem with syslog() call fixed.
224
225 Version 3.8p4, 2000.06.25 bri@stunnel.org:
226 * fixes for Windows platform
227
228 Version 3.8p3, 2000.06.24 bri@stunnel.org:
229 * Compile time definitions for the following:
230 --with-cert-dir
231 --with-cert-file
232 --with-pem-dir
233 --enable-ssllib-cs
234 * use daemon() function instead of daemonize, if available
235 * fixed FreeBSD threads checking (patch from robertw@wojo.com)
236 * added -S flag, allowing you to choose which default verify
237 sources to use
238 * relocated service name output logging until after log_open.
239 (no longer outputs log info to inetd socket, causing bad SSL)
240 * -V flag now outputs the default values used by stunnel
241 * Removed DH param generation in Makefile.in
242 * Moved stunnel.pem to sample.pem to keep people from blindly using it
243 * Removed confusing stunnel.pem check from Makefile.
244
245 * UPGRADE NOTE: this version seriously changes several previous stunnel
246 default behaviours. There are no longer any default cert file/dirs
247 compilied into stunnel, you must use the --with-cert-dir and
248 --with-cert-file configure arguments to set these manually, if desired.
249 Stunnel does not use the underlying ssl library defaults by default
250 unless configured with --enable-ssllib-cs. Note that these can always
251 be enabled at run time with the -A,-a, and -S flags.
252 Additionally, unless --with-pem-dir is specified at compile time,
253 stunnel will default to looking for stunnel.pem in the current directory.
254
255 Version 3.8p2, 2000.06.13 bri@stunnel.org:
256 * Fixes for Win32 platform
257 * Minor output formatting changes
258 * Fixed version number in files
259
260 Version 3.8p1, 2000.06.11 bri@stunnel.org:
261 * Added rigerous PRNG seeding
262 * PID changes (and related security-fix)
263 * Man page fixes
264 * Client SSL Session-IDs now used
265 * -N flag to specify tcpwrapper service name
266
267 Version 3.8, 2000.02.24:
268 * Checking for threads in c_r library for FreeBSD.
269 * Some compatibility fixes for Ultrix.
270 * configure.in has been cleaned up.
271 Separate directories for SSL certs and SSL libraries/headers
272 are no longer supported. SSL ports maintainers should create
273 softlinks in the main openssl directory if necessary.
274 * Added --with-ssl option to specify SSL directory.
275 * Added setgid (-g) option.
276 (Special thanks to Brian Hatch for his feedback and support)
277 * Added pty.c based on a Public Domain code by Tatu Ylonen
278 * Distribution files are now signed with GnuPG
279
280 Version 3.7, 2000.02.10:
281 * /usr/pkg added to list of possible SSL directories for pkgsrc installs
282 of OpenSSL under NetBSD.
283 * Added the -s option, which setuid()s to the specified user when running
284 in daemon mode. Useful for cyrus imapd.
285 (both based on patch by George Coulouris)
286 * PTY code ported to Solaris. The port needs some more testing.
287 * Added handler for SIGINT.
288 * Added --with-random option to ./configure script.
289 * Fixed some problems with autoconfiguration on Solaris and others.
290 It doesn't use config.h any more.
291 * /var/run changed to @localstatedir@/stunnel for better portability.
292 The directory is chmoded a=rwx,+t.
293 * FAQ has been updated.
294
295 3.6 2000.02.03 Automatic RFC 2487 detection based on patch by
296 Pascual Perez and Borja Perez.
297 Non-blocking sockets not used by default.
298 DH support is disabled by default.
299 (both can be enabled in ssl.c)
300
301 3.5 2000.02.02 Support for openssl 0.9.4 added.
302 /usr/ssl added to configure by Christian Zuckschwerdt.
303 Added tunneling for PPP through the addition of PTY
304 handling, and some documentation.
305
306 3.4a 1999.07.13 (bugfix release)
307 Problem with cipher negotiation fixed.
308 setenv changed to putenv.
309
310 3.4 1999.07.12 Local transparent proxy added with LD_PRELOADed shared library.
311 DH code rewritten.
312 Added -C option to set cipher list.
313 stderr fflushed after fprintf().
314 Minor portability bugfixes.
315 Manual updated (but still not perfect).
316
317 3.3 1999.06.18 Support for openssl 0.9.3 added.
318 Generic support for protocol negotiation added (protocol.c).
319 SMTP protocol negotiation support for Netscape client added.
320 Transparent proxy mode (currently works on Linux only).
321 SO_REUSEADDR enabled on listening socket in daemon mode.
322 ./configure now accepts --prefix parameter.
323 -Wall is only used with gcc compiler.
324 Makefile.in and configure.in updated.
325 SSL-related functions moved to a separate file.
326 vsprintf changed to vsnprintf in log.c on systems have it.
327 Pidfile in /var/run added for daemon mode.
328 RSAref support fix (not tested).
329 Some compatibility fixes for Solaris and NetBSD added.
330
331 3.2 1999.04.28 RSAref support (not tested).
332 Added full duplex with non-blocking sockets.
333 RST sent instead of FIN on peer error (on error peer
334 socket is reset - not just closed).
335 RSA temporary key length changed back to 512 bits to fix
336 problem with Netscape.
337 Added NO_RSA for US citizens having problems with patents.
338
339 3.1 1999.04.22 Changed -l syntax (first argument specified is now argv[0]).
340 Fixed problem with options passed to locally executed daemon.
341 Fixed problem with ':' passed to libwrap in a service name:
342 - ':' has been changed to '.';
343 - user can specify his own service name as an argument.
344 RSA temporary key length changed from 512 to 1024 bits.
345 Added safecopy to avoid buffer overflows in stunnel.c.
346 Fixed problems with GPF after unsuccessful resolver call
347 and incorrect parameters passed to getopt() in Win32.
348 FAQ updated.
349
350 3.0 1999.04.19 Some bugfixes.
351 FAQ added.
352
353 3.0b7 1999.04.14
354 WIN32 native port fixed (looks quite stable).
355 New transfer() function algorithm.
356 New 'make cert' to be compatible with openssl-0.9.2b.
357 Removed support for memory leaks debugging.
358
359 3.0b6 1999.04.01
360 Fixed problems with session cache (by Adam).
361 Added client mode session cache.
362 Source structure, autoconf script and Makefile changed.
363 Added -D option to set debug level.
364 Added support for memory leaks debugging
365 (SSL library needs to be compiled with -DMFUNC).
366
367 3.0b5 1999.03.25
368 Lots of changes to make threads work.
369 Peer (client and server) authentication works!
370 Added -V option to display version.
371
372 3.0b4 1999.03.22
373 Early POSIX threads implementation.
374 Work on porting to native Win32 application started.
375
376 3.0b3 1999.03.05
377 Improved behavior on heavy load.
378
379 3.0b2 1999.03.04
380 Fixed -v parsing bug.
381
382 3.0b1 1999.01.18
383 New user interface.
384 Client mode added.
385 Peer certificate verification added (=strong authentication).
386 WIN32 port added.
387 Other minor problems fixed.
388
389 2.1 1998.06.01 Few bugs fixed.
390
391 2.0 1998.05.25 Remote mode added!
392 Standalone mode added!
393 tcpd functionality added by libwrap utilization.
394 DH callbacks removed by kravietZ.
395 bind loopback on Intel and other bugs fixed by kravietZ.
396 New manual page by kravietZ & myself.
397
398 1.6 1998.02.24 Linux bind fix.
399 New TODO ideas!
400
401 1.5 1998.02.24 make_sockets() implemented with Internet sockets instead
402 of Unix sockets for better compatibility.
403 (i.e. to avoid random data returned by getpeername(2))
404 This feature can be disabled in stunnel.c.
405
406 1.4 1998.02.16 Ported to HP-UX, Solaris and probably other UNIXes.
407 Autoconfiguration added.
408
409 1.3 1998.02.14 Man page by Pawel Krawczyk <kravietz@ceti.com.pl> added!
410 Copyrights added.
411 Minor errors corrected.
412
413 1.2 1998.02.14 Separate certificate for each service added.
414 Connection logging support.
415
416 1.1 1998.02.14 Callback functions added by Pawel Krawczyk
417 <kravietz@ceti.com.pl>.
418
419 1.0 1998.02.11 First version with SSL support
420 - special thx to Adam Hernik <adas@infocentrum.com>.
421
422 0.1 1998.02.10 Testing skeleton.
423
This page was automatically generated by the LXR engine.