# stunnel: no luck with libressl



## olafz (Jul 14, 2015)

Hi all,

I have built a non-OpenSSL 10.1-RELEASE system. My src.conf:


```
WITHOUT_DICT=YES
WITHOUT_GAMES=YES
WITHOUT_GCC=YES
WITHOUT_IPX=YES
WITHOUT_LPR=YES
WITHOUT_NDIS=YES
WITHOUT_NIS=YES
WITHOUT_PPP=YES
WITHOUT_PROFILE=YES
WITHOUT_ROUTED=YES
WITHOUT_MAILWRAPPER=YES
WITHOUT_SENDMAIL=YES
WITHOUT_USB=YES
WITHOUT_BLUETOOTH=YES
WITHOUT_WIRELESS=YES
WITHOUT_ZFS=YES
#
WITHOUT_OPENSSL=YES
WITHOUT_OPENSSH=YES
WITHOUT_LDNS=yes
WITHOUT_LDNS_UTILS=yes
WITHOUT_PKGBOOTSTRAP=yes
WITHOUT_SVNLITE=yes
# -- 10.1-RELEASE needs this, newer builds don't such as r276751
WITHOUT_BSNMP=yes
```
The ports that I use have no problems to use security/libressl. My make.conf:

```
OPTIONS_UNSET=NIS X11
#
# Build ports against security/libressl
WITH_OPENSSL_PORT=yes
OPENSSL_PORT=security/libressl
```
But stunnel fails to build:

```
===>  Building for stunnel-5.20
Making all in src
/usr/bin/make  all-am
/bin/sh ../libtool  --tag=CC    --mode=link cc  -O2 -pipe  -fstack-protector -fno-strict-aliasing -D_THREAD_SAFE  -Wall -Wextra -Wpedantic -Wformat=2 -Wconversion -Wno-long-long -Wno-deprecated-declarations -fPIE -D_FORTIFY_SOURCE=2  -L/usr/local/lib64 -L/usr/local/lib -lssl -lcrypto -lpthread -Wl,-rpath,/usr/local/lib -fstack-protector -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -o stunnel  stunnel-tls.o stunnel-str.o  stunnel-file.o stunnel-client.o  stunnel-log.o stunnel-options.o  stunnel-protocol.o stunnel-network.o  stunnel-resolver.o stunnel-ssl.o  stunnel-ctx.o stunnel-verify.o  stunnel-sthreads.o stunnel-fd.o  stunnel-dhparam.o stunnel-cron.o  stunnel-stunnel.o  stunnel-pty.o stunnel-libwrap.o  stunnel-ui_unix.o  -lz -lutil
libtool: link: cc -O2 -pipe -fstack-protector -fno-strict-aliasing -D_THREAD_SAFE -Wall -Wextra -Wpedantic -Wformat=2 -Wconversion -Wno-long-long -Wno-deprecated-declarations -fPIE -D_FORTIFY_SOURCE=2 -Wl,-rpath -Wl,/usr/local/lib -fstack-protector -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-z -Wl,noexecstack -o stunnel stunnel-tls.o stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o stunnel-dhparam.o stunnel-cron.o stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o  -L/usr/local/lib64 -L/usr/local/lib -lssl -lcrypto -lpthread -lz -lutil
stunnel-ssl.o: In function `ssl_configure':
ssl.c:(.text+0x281): undefined reference to `RAND_egd'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [stunnel] Error code 1
```
Is this a known bug? Is there any workaround?

Olaf


----------



## tobik@ (Jul 14, 2015)

See PR 198997 (found on https://wiki.freebsd.org/LibreSSL).


----------



## olafz (Jul 14, 2015)

OK, a political thing... are there any stunnel alternatives? I want a TLS secured connection to a Squid proxy.


----------



## junovitch@ (Jul 14, 2015)

olafz said:


> OK, a political thing... are there any stunnel alternatives? I want a TLS secured connection to a Squid proxy.


Take a look at www/pound.


----------

