diff --git a/net/stunnel/Makefile b/net/stunnel/Makefile
index 93161e938..ec01f399f 100644
--- a/net/stunnel/Makefile
+++ b/net/stunnel/Makefile
@@ -2,9 +2,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stunnel
-PKG_VERSION:=4.25
+PKG_VERSION:=4.27
 PKG_RELEASE:=1
-PKG_MD5SUM:=7f00799f43910c0362df0e69c65965aa
+PKG_MD5SUM:=3c655d815576f50046a1c28744b88681
 PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 
@@ -23,7 +23,7 @@ define Package/stunnel/description
 	connections inside SSL (Secure Sockets Layer) available on both Unix
 	and Windows. Stunnel can allow you to secure non-SSL aware daemons and
 	protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the
-	encryption, requiring no changes to the daemon's code. 
+	encryption, requiring no changes to the daemon's code.
 endef
 
 
@@ -35,7 +35,7 @@ define Build/Configure
 	)
 endef
 
-define Build/Compile	
+define Build/Compile
 	mkdir -p $(PKG_INSTALL_DIR)/etc/stunnel
 	echo '#dummy' > $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.pem
 	$(MAKE) -C $(PKG_BUILD_DIR) \
@@ -43,11 +43,11 @@ define Build/Compile
 		all install
 endef
 
-define Package/stunnel/install	
+define Package/stunnel/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stunnel $(1)/usr/bin/
 	$(INSTALL_DIR) $(1)/usr/lib/stunnel
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
 	$(INSTALL_DIR) $(1)/etc/stunnel
 	$(INSTALL_CONF) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf
 	$(INSTALL_DIR) $(1)/etc/init.d
diff --git a/net/stunnel/files/stunnel.init b/net/stunnel/files/stunnel.init
index e9ebfebf8..3929335de 100644
--- a/net/stunnel/files/stunnel.init
+++ b/net/stunnel/files/stunnel.init
@@ -3,8 +3,7 @@
 
 START=90
 
-case "$1" in
-    start|boot)
+start() {
 	if [ -s "/etc/stunnel/stunnel.pem" ]; then
 		chmod og-rwx /etc/stunnel/stunnel.pem
 		stunnel
@@ -22,9 +21,9 @@ case "$1" in
 			stunnel) &
 		}
 	fi
-	;;
-    stop)
+}
+
+stop() {
 	killall stunnel
 	killall -9 stunnel
-	;;
-esac
+}
diff --git a/net/stunnel/patches/100-cross-compile.patch b/net/stunnel/patches/100-cross-compile.patch
index c7452317d..52052a02e 100644
--- a/net/stunnel/patches/100-cross-compile.patch
+++ b/net/stunnel/patches/100-cross-compile.patch
@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -20898,56 +20898,56 @@
+@@ -21536,56 +21536,56 @@ _ACEOF
  fi
  rm -f conftest*
  
@@ -100,7 +100,7 @@
  
  
  { echo "$as_me:$LINENO: **************************************** entropy" >&5
-@@ -23394,8 +23394,8 @@
+@@ -24033,8 +24033,8 @@ _ACEOF
  
  
  # Add SSL includes and libraries
diff --git a/net/stunnel/patches/101-no-comp.patch b/net/stunnel/patches/101-no-comp.patch
index a122d0e89..d9950359f 100644
--- a/net/stunnel/patches/101-no-comp.patch
+++ b/net/stunnel/patches/101-no-comp.patch
@@ -1,6 +1,6 @@
 --- a/src/ssl.c
 +++ b/src/ssl.c
-@@ -62,13 +62,16 @@
+@@ -62,13 +62,16 @@ void ssl_init(void) { /* init SSL before
  }
  
  void ssl_configure(void) { /* configure global SSL settings */
@@ -17,7 +17,7 @@
      int id=0;
      COMP_METHOD *cm=NULL;
      char *name="unknown";
-@@ -97,6 +100,7 @@
+@@ -97,6 +100,7 @@ static void init_compression(void) {
          die(1);
      }
      s_log(LOG_INFO, "Compression enabled using %s method", name);
diff --git a/net/stunnel/patches/102-no-ssl2.patch b/net/stunnel/patches/102-no-ssl2.patch
index 45c4215a5..c7dca9ea3 100644
--- a/net/stunnel/patches/102-no-ssl2.patch
+++ b/net/stunnel/patches/102-no-ssl2.patch
@@ -1,13 +1,13 @@
 --- a/src/options.c
 +++ b/src/options.c
-@@ -1127,8 +1127,10 @@
-             section->client_method=SSLv23_client_method;
-             section->server_method=SSLv23_server_method;
+@@ -1166,8 +1166,10 @@ static char *service_options(CMD cmd, LO
+             section->client_method=(SSL_METHOD *)SSLv23_client_method();
+             section->server_method=(SSL_METHOD *)SSLv23_server_method();
          } else if(!strcasecmp(arg, "SSLv2")) {
 +#ifndef OPENSSL_NO_SSL2
-             section->client_method=SSLv2_client_method;
-             section->server_method=SSLv2_server_method;
+             section->client_method=(SSL_METHOD *)SSLv2_client_method();
+             section->server_method=(SSL_METHOD *)SSLv2_server_method();
 +#endif
          } else if(!strcasecmp(arg, "SSLv3")) {
-             section->client_method=SSLv3_client_method;
-             section->server_method=SSLv3_server_method;
+             section->client_method=(SSL_METHOD *)SSLv3_client_method();
+             section->server_method=(SSL_METHOD *)SSLv3_server_method();