stunnel: update to 5.35

package/stunnel/Makefile

@@ -4,9 +4,9 @@
 include $(ADK_TOPDIR)/rules.mk
 
 PKG_NAME:=		stunnel
-PKG_VERSION:=		5.31
+PKG_VERSION:=		5.35
 PKG_RELEASE:=		1
-PKG_HASH:=		a746b71ab3dc6c23eacb0daf7342467870e43ac933430905eb1b1d050bbae0b7
+PKG_HASH:=		ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
 PKG_DESCR:=		encryption wrapper
 PKG_SECTION:=		net/security
 PKG_URL:=		https://www.stunnel.org

package/stunnel/patches/patch-src_verify_c

@@ -1,75 +0,0 @@
---- stunnel-5.31.orig/src/verify.c	2016-02-19 20:18:43.000000000 +0100
-+++ stunnel-5.31/src/verify.c	2016-03-13 13:30:11.000000000 +0100
-@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE *
- NOEXPORT int verify_callback(int, X509_STORE_CTX *);
- NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
- NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
--NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
--#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
- NOEXPORT int cert_check_local(X509_STORE_CTX *);
- NOEXPORT int compare_pubkeys(X509 *, X509 *);
- #ifndef OPENSSL_NO_OCSP
-@@ -274,10 +271,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
-     }
- 
-     if(depth==0) { /* additional peer certificate checks */
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
--        if(!cert_check_subject(c, callback_ctx))
--            return 0; /* reject */
--#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-         if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx))
-             return 0; /* reject */
-     }
-@@ -285,51 +278,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
-     return 1; /* accept */
- }
- 
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
--NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
--    X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
--    NAME_LIST *ptr;
--    char *peername=NULL;
--
--    if(c->opt->check_host) {
--        for(ptr=c->opt->check_host; ptr; ptr=ptr->next)
--            if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0)
--                break;
--        if(!ptr) {
--            s_log(LOG_WARNING, "CERT: No matching host name found");
--            return 0; /* reject */
--        }
--        s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"",
--            ptr->name, peername);
--        OPENSSL_free(peername);
--    }
--
--    if(c->opt->check_email) {
--        for(ptr=c->opt->check_email; ptr; ptr=ptr->next)
--            if(X509_check_email(cert, ptr->name, 0, 0)>0)
--                break;
--        if(!ptr) {
--            s_log(LOG_WARNING, "CERT: No matching email address found");
--            return 0; /* reject */
--        }
--        s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name);
--    }
--
--    if(c->opt->check_ip) {
--        for(ptr=c->opt->check_ip; ptr; ptr=ptr->next)
--            if(X509_check_ip_asc(cert, ptr->name, 0)>0)
--                break;
--        if(!ptr) {
--            s_log(LOG_WARNING, "CERT: No matching IP address found");
--            return 0; /* reject */
--        }
--        s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name);
--    }
--
--    return 1; /* accept */
--}
--#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
--
- NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
-     X509 *cert;
-     X509_NAME *subject;