There is a new stunnel version out, fixing some bugs and adding some features: Version 4.34, 2010.09.19, urgency: LOW: * New features - Updated automake to version 1.11.1 - Updated libtool to version 2.2.6b - Added ECC support with a new service-level "curve" option. - DH support is now enabled by default. - Added support for OpenSSL builds with some algorithms disabled. * Bugfixes - Implemented fixes in user interface to enter engine PIN. - Fixed a transfer() loop issue on socket errors.
FYI: The xforward patch does not apply cleanly.
(In reply to comment #1) > FYI: The xforward patch does not apply cleanly. rediffing the patch is a bit beyond my capability and the upstream patch maintainer hasn't released an updated version of it yet [1]. I may remove the useflag/patch if nothing is released soon. I'll give it a few days. [1] http://haproxy.1wt.eu/
Created attachment 255815 [details] sendproxy patch
Created attachment 255817 [details] stunnel-4.34.ebuild with sendproxy added, xforward removed
haproxy will move away from suggesting the xforward patch, (see news on http://haproxy.1wt.eu/) so I am not sure if there will be future patches/rediffs. The new method is called "sendproxy" and also requires patching stunnel, but only with a 139-line patch which will, as far as I see it, be easier to maintain as it is less intrusive. I've attached a new ebuild, the changes were just minor ones. I haven't tested the functionality of "sendproxy" yet.
Created attachment 256607 [details] stunnel-4.34.ebuild with xforward and listenqueue patch
Created attachment 256608 [details] stunnel-4.34-listen-queue.diff This patch increases stunnels listen queue to SOMAXCONN
Created attachment 256609 [details] stunnel-4.34-xforwarded-for.diff xforwarded-for patch for stunnel
As "sendproxy" does not work with <haproxy-1.5-dev3 which we do not have in portage anyways, I think the best course of action is to keep the existing x-forwarded-for patch. I've also added the listenqueue patch, which allows you to increase the listen queue (see SOMAXCONN). Sorry for the confusion and delay.
Adding dependency for #353955, I've added stunnel-4.35-xforwarded-for.diff in that bug, as it's needed for the security bump. We need to see if listen-queue gets added there, too.
xforwarded-for und listen-queue are in 4.35, thanks! :)