--- stunnel-5.16/src/ssl.c.bak 2015-04-02 21:05:33.000000000 +0300 +++ stunnel-5.16/src/ssl.c 2015-06-11 22:35:09.516521985 +0300 @@ -190,6 +190,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g } s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG"); #else +#ifndef OPENSSL_NO_EGD if(global->egd_sock) { if((bytes=RAND_egd(global->egd_sock))==-1) { s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock); @@ -202,6 +203,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g so no need to check if seeded sufficiently */ } } +#endif /* try the good-old default /dev/urandom, if available */ totbytes+=add_rand_file(global, "/dev/urandom"); if(RAND_status()) --- stunnel-5.16/src/verify.c.bak 2015-04-11 23:08:14.000000000 +0300 +++ stunnel-5.16/src/verify.c 2015-06-11 22:36:38.298872626 +0300 @@ -48,7 +48,7 @@ NOEXPORT int add_dir_lookup(X509_STORE * NOEXPORT int verify_callback(int, X509_STORE_CTX *); NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ NOEXPORT int cert_check_local(X509_STORE_CTX *); @@ -258,7 +258,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO } if(depth==0) { /* additional peer certificate checks */ -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) if(!cert_check_subject(c, callback_ctx)) return 0; /* reject */ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ @@ -269,7 +269,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO return 1; /* accept */ } -#if OPENSSL_VERSION_NUMBER>=0x10002000L +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); NAME_LIST *ptr;