stunnel: update and fix compile with libressl

package/stunnel/Makefile

@@ -4,9 +4,9 @@
 include $(ADK_TOPDIR)/rules.mk
 
 PKG_NAME:=		stunnel
-PKG_VERSION:=		5.18
+PKG_VERSION:=		5.24
 PKG_RELEASE:=		1
-PKG_HASH:=		0532c0a2f8de3da1ab625e384146501ce5936fac63d01561c3a9bf652b692317
+PKG_HASH:=		ab2e5a1034d422951ddad21b572eb7fa8efb4c4ce04bc86536c6845f3d02b07e
 PKG_DESCR:=		encryption wrapper
 PKG_SECTION:=		net/security
 PKG_URL:=		https://www.stunnel.org

package/stunnel/patches/patch-configure_ac

@@ -1,6 +1,6 @@
---- stunnel-5.16.orig/configure.ac	2015-04-16 16:03:28.000000000 +0200
-+++ stunnel-5.16/configure.ac	2015-04-25 04:32:12.000000000 +0200
-@@ -71,13 +71,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
+--- stunnel-5.24.orig/configure.ac	2015-09-02 23:21:07.000000000 +0200
++++ stunnel-5.24/configure.ac	2015-10-21 10:48:27.000000000 +0200
+@@ -72,13 +72,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
  AX_APPEND_COMPILE_FLAGS([-Wconversion])
  AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
  AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])

package/stunnel/patches/patch-src_verify_c

@@ -0,0 +1,75 @@
+--- stunnel-5.24.orig/src/verify.c	2015-09-23 12:00:08.000000000 +0200
++++ stunnel-5.24/src/verify.c	2015-10-21 11:17:41.000000000 +0200
+@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE *
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+ NOEXPORT int compare_pubkeys(X509 *, X509 *);
+ #ifndef OPENSSL_NO_OCSP
+@@ -280,10 +277,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
+     }
+ 
+     if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-        if(!cert_check_subject(c, callback_ctx))
+-            return 0; /* reject */
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+         if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx))
+             return 0; /* reject */
+     }
+@@ -291,51 +284,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
+     return 1; /* accept */
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+-    X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+-    NAME_LIST *ptr;
+-    char *peername=NULL;
+-
+-    if(c->opt->check_host) {
+-        for(ptr=c->opt->check_host; ptr; ptr=ptr->next)
+-            if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0)
+-                break;
+-        if(!ptr) {
+-            s_log(LOG_WARNING, "CERT: No matching host name found");
+-            return 0; /* reject */
+-        }
+-        s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"",
+-            ptr->name, peername);
+-        OPENSSL_free(peername);
+-    }
+-
+-    if(c->opt->check_email) {
+-        for(ptr=c->opt->check_email; ptr; ptr=ptr->next)
+-            if(X509_check_email(cert, ptr->name, 0, 0)>0)
+-                break;
+-        if(!ptr) {
+-            s_log(LOG_WARNING, "CERT: No matching email address found");
+-            return 0; /* reject */
+-        }
+-        s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name);
+-    }
+-
+-    if(c->opt->check_ip) {
+-        for(ptr=c->opt->check_ip; ptr; ptr=ptr->next)
+-            if(X509_check_ip_asc(cert, ptr->name, 0)>0)
+-                break;
+-        if(!ptr) {
+-            s_log(LOG_WARNING, "CERT: No matching IP address found");
+-            return 0; /* reject */
+-        }
+-        s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name);
+-    }
+-
+-    return 1; /* accept */
+-}
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+-
+ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+     X509 *cert;
+     X509_NAME *subject;