Stunnel 5.14 in OpenWRT Chaos Calmer

Stunnel 5.14 Update

Somewhere along the way, I became the new maintainer for the stunnel package in OpenWRT.

I had initially needed stunnel because my auth server for wifidog only speaks TLS. In my testing, I required a more version of stunnel (for some reason I forgot).

At that point, the stunnel package had been abandoned already and was only available in OpenWrt 14.07 as part of the oldpackages repository. I had already built a working packaging script for stunnel 5.10 based on another attempt. So I figured, why not submit it to the OpenWrt repository?

Since then, an automatic email (nice!) reminded me that stunnel 5.14 had been released, including some security fixes. Luckily, the patches required for OpenWrt still applied cleanly.

Some items remain on the TODO list:

  • Make SSP configurable upstream so I don't have to maintain 011_disable_ssp_linking.patch
  • Failing that, make sure SSP works if enabled in OpenWrt buildroot
  • Get rid of 010_fix_getnameinfo.patch

Overall, I'm quite happy with the packaging. Compared to earlier versions, only two trivial patches are required and the dependency on libpthread was dropped.

Wifidog speaks TLS natively these days. I personally don't need stunnel right now, but it's always good to have more cryptography options in a post-snowden world.

Valid CSS! HTML5 Powered

social