stunnel 5.01, latest version for OpenWRT
As of April 16 2014, the latest upstream version of stunnel is 5.01. The version in OpenWRT's package repository is 4.33. (Here's a handy website to track upstream vs. OpenWRT versions of packages.)
Running software with known vulnerabilities is a bad idea (citation needed). Therefore I compiled the latest version of stunnel for my router.
Download and Compile
You can grab the Makefile and other package definition files here.
stunnel directory somewhere under the
packages/ directory under your openwrt buildroot and execute
If all goes well, you should see the compiled package under
I compiled this successfully against the latest trunk buildroot; here's the binary package for target ar71xx, and it seems to run fine on my Netgear WNDRMACv2.
Compared to version 4.33 in OpenWRT feeds, the following are changed for 5.01:
- Source code of version 5.01 is downloaded and compiled instead of 4.33. Obviously.
- A dependence on
libpthreadis added. The compiled binary somehow depends on
libpthread, even though during
--with-threads=forkis specified. I'm not sure whether this is proper behavior, but haven't investigated further.
- Most patches removed since the code snippets they act on aren't around anymore.
- Changed the patches that act on the default
stunnel.confto match that in the new version.
stunnel.initto remove checking for
stunnel.pemon start and generating certificate and keys if that file doesn't exist. I like putting my certificates elsewhere, and the key generator didn't even work anyways.
In the compiled binary package, the default
stunnel.conf file has a line
setgid = nobody. This group does not exist on my OpenWRT installation; the proper group should be
nogroup. IIRC the same applies to the official 4.33 binary package.
The files linked in the Download and Compile section are released under GPLv2.
I am not responsible for any possible loss/consequences of using these instructions and files. Use at your own risk.