stunnel broken, realpath problem

Jeffrey Walton noloader at gmail.com
Mon Jun 21 03:30:51 CEST 2021 

On Sun, Jun 20, 2021 at 5:10 PM Norman Wilson via users
<users at lists.opencsw.org> wrote:
>
>
> The Solaris 10 i386 stunnel package in unstable,
> CSWstunnel 5.50,REV=2018.12.03, doesn't work.  It cannot
> read any configuration file, always reporting
>
> [!] Invalid configuration file name "/etc/opt/csw/stunnel/stunnel.conf"
> [!] realpath: Invalid argument (22)
>
> to standard error on startup (with whatever filename you specify,
> of course).
>
> I suspect the SPARC version is affected the same way, but I can't
> easily test that at the moment.
>
> The trouble is with realpath(3c).  Modern versions (including in
> Solaris 11, I think) allow calls like s = realpath(p, NULL) to
> mean realpath should malloc a buffer for the result; Solaris 10
> realpath fails with EINVAL instead.  stunnel calls realpath with
> second argument NULL, and doesn't expect the error.
>
> A simple workaround is to apply a manual hack while building:
>
> ./configure
> ed src/config.h <<!
> /HAVE_REALPATH/d
> w
> q
> !
>
> i.e. remove the symbol configure made to assert that stunnel
> may use realpath.
>
> I fetched stunnel 5.59 (the latest version) directly from
> www.stunnel.org, built it with that hack interposed, and all
> is well.
>
> There are probably more-graceful ways to fix this (maybe there's
> an argument to ./configure to tell it to do that? maybe a simple
> patch to configure.ac?).  Or maybe it's just not worth fixing,
> since the bug has probably been there quite a while, and it
> only affects Solaris 10.  I'm working to move to a newer OS
> version myself, so it won't hurt my feelings if you decide to
> let sleeping stunnels lie.  But here it is if it's worth doing.

Re: configure and confgiure.ac, you can disable the realpath function
at configure time with:

    ./configure \
        <your standard options> \
        ac_cv_realpath=no

You have to use that trick on occasion, like when configuring cURL.
cURL enables SSLv2 and SSLv3 by default and without a --disable-*
option. For curl, they look like ac_cv_func_SSLv2_client_method=no and
ac_cv_func_SSLv3_client_method=no.

Jeff

More information about the users mailing list