cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 23:48:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

stunnel: Bring it back at v5.10

Browse Source 
From: Michael Haas <haas@computerlinguist.org>

* init script no longer creates certificates (consider client mode as use
  case)
* patches/010_fix_getnameinfo.patch: Fix getnameinfo signature
* patches/011_disable_ssp_linking.patch: Disable -fstack-protector as it
  is not always available in OpenWRT
* old patches (in oldpackages) no longer necessary
* remove libwrap dependency
* remove libpthread dependency
* respect CONFIG_IPV6
* init script uses procd
* sample stunnel.conf runs in client mode - prevents start failure,
  does not require cert

Possible enhancement: automatically generate certificate as done in
uhttpd. However, as client mode is a possible use case, I'd rather not.
Additionally, stunnel may use several certs with user-defined locations
and we can't easily set a cert location via command-line args.

The package is based on
https://sites.google.com/site/twisteroidambassador/openwrt/stunnel

Signed-off-by: Michael Haas <haas@computerlinguist.org>
This commit is contained in:
Michael Haas
2015-03-10 09:54:17 +01:00
committed by Michael Haas
parent b59def2299
commit f6927350e4
5 changed files with 299 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/stunnel/files/stunnel.conf
+45
View File
@@ -0,0 +1,45 @@
; Drop privileges
setuid = nobody
setgid = nogroup
; When running under procd, stay in foreground
foreground = yes
; Don't log to stderr, use syslog
syslog = yes
; 1-7. Use 7 for greatest verbosity
;debug = 5
; Starting here, enter your services or uncomment the examples
; Example:
; If your local httpd does not support HTTPS, use stunnel in remote
; mode to forward TLS connections coming in on port 443 to non-TLS
; on port 80.
; Make sure that the cert is available.
;[httpd]
;accept = 443
;connect = 127.0.0.1:80
;cert = /etc/stunnel/stunnel.pem
; Example:
; If your local email client does not support TLS,
; use stunnel in client mode to forward non-TLS connections on
; port 143 to TLS-enabled servername:993.
;[imap]
;client = yes
;accept = 143
;connect = servername:993
; Disable peer verification - be sure to understand the limitations of peer
; verification in stunnel when enabling.
;verify = 0
; Default client section:
; stunnel requires at least one section to start successfully.
; You can safely remove this section once you have configured
; your own. We use client mode here as server requires a certificate.
[dummy]
client = yes
accept = localhost:6000
connect = localhost:6001