This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: * Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests . - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service . * New features - Added new 'protocol = capwin' and 'protocol = capwinctrl' configuration file options. - Added support for the new SSL_set_options values. - Added a bash completion script. - New "sessionResume" service-level option to allow or disallow session resumption - Download fresh ca-certs.pem for each new release. - New "protocolHeader" service-level option to insert custom "connect" protocol negotiation headers. This feature can be used to impersonate other software . - "protocolHost" can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. - Client-side 'protocol = ldap' support * Bugfixes - Fixed a transfer loop bug. - Fixed reloading configuration with 'systemctl reload stunnel.service'. - Fixed incorrect messages logged for OpenSSL errors. - Fixed "redirect" with "protocol". This combination is not supported by "smtp", "pop3" and "imap" protocols. - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling. - Fixed engine initialization. - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. - Fix configuration reload when compression is used - Fix test suite fixed not to require external connectivity