Re: 288-1: openssl and stunnel
On Thu, 17 Apr 2003, Arthur van Dorp wrote:
> Todays security advisory about openssl speaks about possibly breaking
> existing applications:
>
> > Unfortunately, RSA blinding is not thread-safe and will cause failures
> > for programs that use threads and OpenSSL such as stunnel. However,
> > since the proposed fix would change the binary interface (ABI),
> > programs that are dynamically linked against OpenSSL won't run
> > anymore. This is a dilemma we can't solve.
>
> As I use stunnel I wonder what these problems might be. I've updated my
> testing machine which is set up similar to my production server and
> didn't find a problem yet. But my testing possibilities are limited on
> this machine.
I guess you won't get these problems when you are running stunnel in
pipe or pipe-client mode. It is supposed to run in multi-threaded mode
only when it is listening on a port.
Just my guess.
Regards,
Robert Varga
Reply to: