Hint from Martti Kuparinen in PR pkg/12046.
Changes:
* pthread_sigmask() argument in sthreads.c corrected.
* OOB data is now handled correctly.
* Attempted to fix problem with zombies in local mode.
* Patch for 64-bit machines by Nalin Dahyabhai <nalin@redhat.com> applied.
* Tiny bugfix for OSF cc by Dobrica Pavlinusic <dpavlin@rot13.org> added.
* PORTS file updated.
default certificate directory is now /etc/openssl/certs (matches OpenSSL's
default), but if stunnel uses the pkgsrc OpenSSL, then the default is
${PREFIX}/certs.
Changes from version 3.8 include:
* Updated temporary key generation:
- stunnel is now honoring requested key-lengths correctly,
- temporary key is changed every hour.
* transfer() no longer hangs on some platforms.
Special thanks to Peter Wagemans for the patch.
* Potential security problem with syslog() call fixed.
* use daemon() function instead of daemonize, if available
* added -S flag, allowing you to choose which default verify
sources to use
* relocated service name output logging until after log_open.
(no longer outputs log info to inetd socket, causing bad SSL)
* -V flag now outputs the default values used by stunnel
* Added rigerous PRNG seeding
* PID changes (and related security-fix)
* Man page fixes
* Client SSL Session-IDs now used
* -N flag to specify tcpwrapper service name
* UPGRADE NOTE: this version seriously changes several previous stunnel
default behaviours. There are no longer any default cert file/dirs
compilied into stunnel, you must use the --with-cert-dir and
--with-cert-file configure arguments to set these manually, if desired.
Stunnel does not use the underlying ssl library defaults by default
unless configured with --enable-ssllib-cs. Note that these can always
be enabled at run time with the -A,-a, and -S flags.
Additionally, unless --with-pem-dir is specified at compile time,
stunnel will default to looking for stunnel.pem in the current directory.
