include $(TOPDIR)/rules.mk
PKG_NAME:=stunnel
-PKG_VERSION:=4.27
+PKG_VERSION:=4.29
PKG_RELEASE:=1
-PKG_MD5SUM:=3c655d815576f50046a1c28744b88681
+PKG_MD5SUM:=14dc3f8412947f0548975cbce74d6863
PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
encryption, requiring no changes to the daemon's code.
endef
+define Package/stunnel/conffiles
+/etc/stunnel/stunnel.conf
+endef
define Build/Configure
$(call Build/Configure/Default, \
$(INSTALL_DIR) $(1)/usr/lib/stunnel
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
$(INSTALL_DIR) $(1)/etc/stunnel
- $(INSTALL_CONF) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf
+ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.conf-sample $(1)/etc/stunnel/stunnel.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/stunnel.init $(1)/etc/init.d/stunnel
endef
+++ /dev/null
-
-; Certificate/key is needed in server mode and optional in client mode
-cert = /etc/stunnel/stunnel.pem
-;key = /usr/etc/stunnel/mail.pem
-
-; Protocol version (all, SSLv2, SSLv3, TLSv1)
-sslVersion = all
-
-; Some security enhancements for UNIX systems - comment them out on Win32
-chroot = /tmp
-setuid = nobody
-;setgid = nobody
-pid = /stunnel.pid
-
-; Some performance tunings
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-;compression = rle
-
-; Workaround for Eudora bug
-;options = DONT_INSERT_EMPTY_FRAGMENTS
-
-;verify = 2
-;CApath = /certs
-;CAfile = /usr/etc/stunnel/certs.pem
-;CRLpath = /crls
-;CRLfile = /usr/etc/stunnel/crls.pem
-
-; Some debugging stuff useful for troubleshooting
-;debug = 7
-;output = stunnel.log
-
-; Use it for client mode
-;client = yes
-
-; Service-level configuration
-
-;[pop3s]
-;accept = 995
-;connect = 110
-;
-;[imaps]
-;accept = 993
-;connect = 143
-;
-;[ssmtp]
-;accept = 465
-;connect = 25
-
-[https]
-accept = 443
-connect = 80
-TIMEOUTclose = 0
-
-[chilli]
-accept = 3443
-connect = 3442
-TIMEOUTclose = 0
-
-; vim:ft=dosini
# Copyright (C) 2006-2008 OpenWrt.org
START=90
+RUN_D=/var
+PID_F=$RUN_D/stunnel.pid
start() {
if [ -s "/etc/stunnel/stunnel.pem" ]; then
chmod og-rwx /etc/stunnel/stunnel.pem
- stunnel
+ [ ! -f $PID_F ] && stunnel
else
[ -e /etc/stunnel/config ] && \
. /etc/stunnel/config
X509_CN=${X509_CN:-"router"}
X509_O=${X509_O:-"openwrt.org"}
X509_OU=${X509_OU:-"open-source firmware"}
-
+
[ -x /sbin/keygen ] && {
(keygen "$X509_CN" "$X509_O" "$X509_OU" > /etc/stunnel/stunnel.pem;
chmod og-rwx /etc/stunnel/stunnel.pem;
}
stop() {
- killall stunnel
- killall -9 stunnel
+ [ -f $PID_F ] && kill -9 $(cat $PID_F) && rm -f $PID_F
}
--- a/src/ssl.c
+++ b/src/ssl.c
-@@ -62,13 +62,16 @@ void ssl_init(void) { /* init SSL before
+@@ -63,13 +63,16 @@ void ssl_init(void) { /* init SSL before
}
void ssl_configure(void) { /* configure global SSL settings */
int id=0;
COMP_METHOD *cm=NULL;
char *name="unknown";
-@@ -97,6 +100,7 @@ static void init_compression(void) {
+@@ -98,6 +101,7 @@ static void init_compression(void) {
die(1);
}
s_log(LOG_INFO, "Compression enabled using %s method", name);
--- a/src/options.c
+++ b/src/options.c
-@@ -1166,8 +1166,10 @@ static char *service_options(CMD cmd, LO
+@@ -1198,8 +1198,10 @@ static char *service_options(CMD cmd, LO
section->client_method=(SSL_METHOD *)SSLv23_client_method();
section->server_method=(SSL_METHOD *)SSLv23_server_method();
} else if(!strcasecmp(arg, "SSLv2")) {
--- /dev/null
+Avoid linking with zlib, which is a dependency of openssl, not ours.
+--- a/configure
++++ b/configure
+@@ -23001,7 +23001,7 @@ if test $ac_cv_lib_z_inflateEnd = yes; t
+ #define HAVE_LIBZ 1
+ _ACEOF
+
+- LIBS="-lz $LIBS"
++# LIBS="-lz $LIBS"
+
+ fi
+
--- /dev/null
+## Do several path fixups, removing unneeded @prefix@s
+--- a/tools/stunnel.conf-sample.in
++++ b/tools/stunnel.conf-sample.in
+@@ -3,14 +3,14 @@
+ ; Please make sure you understand them (especially the effect of the chroot jail)
+
+ ; Certificate/key is needed in server mode and optional in client mode
+-cert = @prefix@/etc/stunnel/mail.pem
+-;key = @prefix@/etc/stunnel/mail.pem
++cert = @sysconfdir@/stunnel/stunnel.pem
++;key = @sysconfdir@/stunnel/stunnel.pem
+
+ ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+ sslVersion = SSLv3
+
+ ; Some security enhancements for UNIX systems - comment them out on Win32
+-chroot = @prefix@/var/lib/stunnel/
++chroot = @localstatedir@
+ setuid = nobody
+ setgid = @DEFAULT_GROUP@
+ ; PID is created inside the chroot jail
+@@ -30,16 +30,16 @@ socket = r:TCP_NODELAY=1
+ ; CApath is located inside chroot jail
+ ;CApath = /certs
+ ; It's often easier to use CAfile
+-;CAfile = @prefix@/etc/stunnel/certs.pem
++;CAfile = @sysconfdir@/stunnel/certs.pem
+ ; Don't forget to c_rehash CRLpath
+ ; CRLpath is located inside chroot jail
+ ;CRLpath = /crls
+ ; Alternatively you can use CRLfile
+-;CRLfile = @prefix@/etc/stunnel/crls.pem
++;CRLfile = @sysconfdir@/stunnel/crls.pem
+
+ ; Some debugging stuff useful for troubleshooting
+ ;debug = 7
+-;output = stunnel.log
++;output = @localstatedir@/log/stunnel.log
+
+ ; Use it for client mode
+ ;client = yes
--- /dev/null
+--- a/tools/stunnel.conf-sample.in
++++ b/tools/stunnel.conf-sample.in
+@@ -7,7 +7,7 @@ cert = @sysconfdir@/stunnel/stunnel.pem
+ ;key = @sysconfdir@/stunnel/stunnel.pem
+
+ ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+-sslVersion = SSLv3
++sslVersion = all
+
+ ; Some security enhancements for UNIX systems - comment them out on Win32
+ chroot = @localstatedir@
+@@ -46,21 +46,26 @@ socket = r:TCP_NODELAY=1
+
+ ; Service-level configuration
+
+-[pop3s]
+-accept = 995
+-connect = 110
+-
+-[imaps]
+-accept = 993
+-connect = 143
+-
+-[ssmtp]
+-accept = 465
+-connect = 25
+-
+-;[https]
+-;accept = 443
+-;connect = 80
+-;TIMEOUTclose = 0
++;[pop3s]
++;accept = 995
++;connect = 110
++
++;[imaps]
++;accept = 993
++;connect = 143
++
++;[ssmtp]
++;accept = 465
++;connect = 25
++
++[https]
++accept = 443
++connect = 80
++TIMEOUTclose = 0
++
++[chilli]
++accept = 3443
++connect = 3442
++TIMEOUTclose = 0
+
+ ; vim:ft=dosini
projects / openwrt / svn-archive / archive.git / commitdiff