Compare commits
No commits in common. "master" and "pristine-tar" have entirely different histories.
master
...
pristine-t
34
.travis.yml
34
.travis.yml
@ -1,34 +0,0 @@
|
|||||||
sudo: false
|
|
||||||
|
|
||||||
language: c
|
|
||||||
|
|
||||||
os:
|
|
||||||
- linux
|
|
||||||
- osx
|
|
||||||
|
|
||||||
compiler:
|
|
||||||
- gcc
|
|
||||||
- clang
|
|
||||||
|
|
||||||
env:
|
|
||||||
- CONFIGURE_OPTIONS='--with-threads=pthread'
|
|
||||||
- CONFIGURE_OPTIONS='--with-threads=fork'
|
|
||||||
- CONFIGURE_OPTIONS='--with-threads=ucontext'
|
|
||||||
- CONFIGURE_OPTIONS='--disable-ipv6 --disable-fips --disable-systemd --disable-libwrap'
|
|
||||||
|
|
||||||
addons:
|
|
||||||
apt:
|
|
||||||
packages:
|
|
||||||
- autoconf-archive
|
|
||||||
- libssl-dev
|
|
||||||
- libwrap0-dev
|
|
||||||
- nmap
|
|
||||||
|
|
||||||
before_script:
|
|
||||||
- if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew update; brew install autoconf-archive nmap; fi; true
|
|
||||||
- autoreconf -fvi && touch src/dhparam.c
|
|
||||||
|
|
||||||
script:
|
|
||||||
- ./configure $CONFIGURE_OPTIONS
|
|
||||||
- make
|
|
||||||
- make test || ( for FILE in tests/logs/*.log; do echo "*** $FILE ***"; cat "$FILE"; done; false )
|
|
5
BUGS
5
BUGS
@ -1,5 +0,0 @@
|
|||||||
stunnel known bugs
|
|
||||||
|
|
||||||
|
|
||||||
- Shared library for transparent proxy does not support IPv6.
|
|
||||||
|
|
33
COPYING
33
COPYING
@ -1,33 +0,0 @@
|
|||||||
stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
|
|
||||||
|
|
||||||
Copyright (C) 1998-2017 Michal Trojnara
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify it under
|
|
||||||
the terms of the GNU General Public License as published by the Free Software
|
|
||||||
Foundation; either version 2 of the License, or (at your option) any later
|
|
||||||
version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
||||||
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License along with
|
|
||||||
this program; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
|
|
||||||
Linking stunnel statically or dynamically with other modules is making
|
|
||||||
a combined work based on stunnel. Thus, the terms and conditions of the
|
|
||||||
GNU General Public License cover the whole combination.
|
|
||||||
|
|
||||||
In addition, as a special exception, the copyright holder of stunnel gives you
|
|
||||||
permission to combine stunnel with free software programs or libraries that
|
|
||||||
are released under the GNU LGPL and with code included in the standard release
|
|
||||||
of OpenSSL under the OpenSSL License (or modified versions of such code, with
|
|
||||||
unchanged license). You may copy and distribute such a system following the
|
|
||||||
terms of the GNU GPL for stunnel and the licenses of the other code concerned.
|
|
||||||
|
|
||||||
Note that people who make modified versions of stunnel are not obligated to
|
|
||||||
grant this special exception for their modified versions; it is their choice
|
|
||||||
whether to do so. The GNU General Public License gives permission to release
|
|
||||||
a modified version without this exception; this exception also makes it
|
|
||||||
possible to release a modified version which carries forward this exception.
|
|
||||||
|
|
339
COPYRIGHT.GPL
339
COPYRIGHT.GPL
@ -1,339 +0,0 @@
|
|||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
Version 2, June 1991
|
|
||||||
|
|
||||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
|
||||||
51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
Preamble
|
|
||||||
|
|
||||||
The licenses for most software are designed to take away your
|
|
||||||
freedom to share and change it. By contrast, the GNU General Public
|
|
||||||
License is intended to guarantee your freedom to share and change free
|
|
||||||
software--to make sure the software is free for all its users. This
|
|
||||||
General Public License applies to most of the Free Software
|
|
||||||
Foundation's software and to any other program whose authors commit to
|
|
||||||
using it. (Some other Free Software Foundation software is covered by
|
|
||||||
the GNU Library General Public License instead.) You can apply it to
|
|
||||||
your programs, too.
|
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom, not
|
|
||||||
price. Our General Public Licenses are designed to make sure that you
|
|
||||||
have the freedom to distribute copies of free software (and charge for
|
|
||||||
this service if you wish), that you receive source code or can get it
|
|
||||||
if you want it, that you can change the software or use pieces of it
|
|
||||||
in new free programs; and that you know you can do these things.
|
|
||||||
|
|
||||||
To protect your rights, we need to make restrictions that forbid
|
|
||||||
anyone to deny you these rights or to ask you to surrender the rights.
|
|
||||||
These restrictions translate to certain responsibilities for you if you
|
|
||||||
distribute copies of the software, or if you modify it.
|
|
||||||
|
|
||||||
For example, if you distribute copies of such a program, whether
|
|
||||||
gratis or for a fee, you must give the recipients all the rights that
|
|
||||||
you have. You must make sure that they, too, receive or can get the
|
|
||||||
source code. And you must show them these terms so they know their
|
|
||||||
rights.
|
|
||||||
|
|
||||||
We protect your rights with two steps: (1) copyright the software, and
|
|
||||||
(2) offer you this license which gives you legal permission to copy,
|
|
||||||
distribute and/or modify the software.
|
|
||||||
|
|
||||||
Also, for each author's protection and ours, we want to make certain
|
|
||||||
that everyone understands that there is no warranty for this free
|
|
||||||
software. If the software is modified by someone else and passed on, we
|
|
||||||
want its recipients to know that what they have is not the original, so
|
|
||||||
that any problems introduced by others will not reflect on the original
|
|
||||||
authors' reputations.
|
|
||||||
|
|
||||||
Finally, any free program is threatened constantly by software
|
|
||||||
patents. We wish to avoid the danger that redistributors of a free
|
|
||||||
program will individually obtain patent licenses, in effect making the
|
|
||||||
program proprietary. To prevent this, we have made it clear that any
|
|
||||||
patent must be licensed for everyone's free use or not licensed at all.
|
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
|
||||||
modification follow.
|
|
||||||
|
|
||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
|
||||||
|
|
||||||
0. This License applies to any program or other work which contains
|
|
||||||
a notice placed by the copyright holder saying it may be distributed
|
|
||||||
under the terms of this General Public License. The "Program", below,
|
|
||||||
refers to any such program or work, and a "work based on the Program"
|
|
||||||
means either the Program or any derivative work under copyright law:
|
|
||||||
that is to say, a work containing the Program or a portion of it,
|
|
||||||
either verbatim or with modifications and/or translated into another
|
|
||||||
language. (Hereinafter, translation is included without limitation in
|
|
||||||
the term "modification".) Each licensee is addressed as "you".
|
|
||||||
|
|
||||||
Activities other than copying, distribution and modification are not
|
|
||||||
covered by this License; they are outside its scope. The act of
|
|
||||||
running the Program is not restricted, and the output from the Program
|
|
||||||
is covered only if its contents constitute a work based on the
|
|
||||||
Program (independent of having been made by running the Program).
|
|
||||||
Whether that is true depends on what the Program does.
|
|
||||||
|
|
||||||
1. You may copy and distribute verbatim copies of the Program's
|
|
||||||
source code as you receive it, in any medium, provided that you
|
|
||||||
conspicuously and appropriately publish on each copy an appropriate
|
|
||||||
copyright notice and disclaimer of warranty; keep intact all the
|
|
||||||
notices that refer to this License and to the absence of any warranty;
|
|
||||||
and give any other recipients of the Program a copy of this License
|
|
||||||
along with the Program.
|
|
||||||
|
|
||||||
You may charge a fee for the physical act of transferring a copy, and
|
|
||||||
you may at your option offer warranty protection in exchange for a fee.
|
|
||||||
|
|
||||||
2. You may modify your copy or copies of the Program or any portion
|
|
||||||
of it, thus forming a work based on the Program, and copy and
|
|
||||||
distribute such modifications or work under the terms of Section 1
|
|
||||||
above, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) You must cause the modified files to carry prominent notices
|
|
||||||
stating that you changed the files and the date of any change.
|
|
||||||
|
|
||||||
b) You must cause any work that you distribute or publish, that in
|
|
||||||
whole or in part contains or is derived from the Program or any
|
|
||||||
part thereof, to be licensed as a whole at no charge to all third
|
|
||||||
parties under the terms of this License.
|
|
||||||
|
|
||||||
c) If the modified program normally reads commands interactively
|
|
||||||
when run, you must cause it, when started running for such
|
|
||||||
interactive use in the most ordinary way, to print or display an
|
|
||||||
announcement including an appropriate copyright notice and a
|
|
||||||
notice that there is no warranty (or else, saying that you provide
|
|
||||||
a warranty) and that users may redistribute the program under
|
|
||||||
these conditions, and telling the user how to view a copy of this
|
|
||||||
License. (Exception: if the Program itself is interactive but
|
|
||||||
does not normally print such an announcement, your work based on
|
|
||||||
the Program is not required to print an announcement.)
|
|
||||||
|
|
||||||
These requirements apply to the modified work as a whole. If
|
|
||||||
identifiable sections of that work are not derived from the Program,
|
|
||||||
and can be reasonably considered independent and separate works in
|
|
||||||
themselves, then this License, and its terms, do not apply to those
|
|
||||||
sections when you distribute them as separate works. But when you
|
|
||||||
distribute the same sections as part of a whole which is a work based
|
|
||||||
on the Program, the distribution of the whole must be on the terms of
|
|
||||||
this License, whose permissions for other licensees extend to the
|
|
||||||
entire whole, and thus to each and every part regardless of who wrote it.
|
|
||||||
|
|
||||||
Thus, it is not the intent of this section to claim rights or contest
|
|
||||||
your rights to work written entirely by you; rather, the intent is to
|
|
||||||
exercise the right to control the distribution of derivative or
|
|
||||||
collective works based on the Program.
|
|
||||||
|
|
||||||
In addition, mere aggregation of another work not based on the Program
|
|
||||||
with the Program (or with a work based on the Program) on a volume of
|
|
||||||
a storage or distribution medium does not bring the other work under
|
|
||||||
the scope of this License.
|
|
||||||
|
|
||||||
3. You may copy and distribute the Program (or a work based on it,
|
|
||||||
under Section 2) in object code or executable form under the terms of
|
|
||||||
Sections 1 and 2 above provided that you also do one of the following:
|
|
||||||
|
|
||||||
a) Accompany it with the complete corresponding machine-readable
|
|
||||||
source code, which must be distributed under the terms of Sections
|
|
||||||
1 and 2 above on a medium customarily used for software interchange; or,
|
|
||||||
|
|
||||||
b) Accompany it with a written offer, valid for at least three
|
|
||||||
years, to give any third party, for a charge no more than your
|
|
||||||
cost of physically performing source distribution, a complete
|
|
||||||
machine-readable copy of the corresponding source code, to be
|
|
||||||
distributed under the terms of Sections 1 and 2 above on a medium
|
|
||||||
customarily used for software interchange; or,
|
|
||||||
|
|
||||||
c) Accompany it with the information you received as to the offer
|
|
||||||
to distribute corresponding source code. (This alternative is
|
|
||||||
allowed only for noncommercial distribution and only if you
|
|
||||||
received the program in object code or executable form with such
|
|
||||||
an offer, in accord with Subsection b above.)
|
|
||||||
|
|
||||||
The source code for a work means the preferred form of the work for
|
|
||||||
making modifications to it. For an executable work, complete source
|
|
||||||
code means all the source code for all modules it contains, plus any
|
|
||||||
associated interface definition files, plus the scripts used to
|
|
||||||
control compilation and installation of the executable. However, as a
|
|
||||||
special exception, the source code distributed need not include
|
|
||||||
anything that is normally distributed (in either source or binary
|
|
||||||
form) with the major components (compiler, kernel, and so on) of the
|
|
||||||
operating system on which the executable runs, unless that component
|
|
||||||
itself accompanies the executable.
|
|
||||||
|
|
||||||
If distribution of executable or object code is made by offering
|
|
||||||
access to copy from a designated place, then offering equivalent
|
|
||||||
access to copy the source code from the same place counts as
|
|
||||||
distribution of the source code, even though third parties are not
|
|
||||||
compelled to copy the source along with the object code.
|
|
||||||
|
|
||||||
4. You may not copy, modify, sublicense, or distribute the Program
|
|
||||||
except as expressly provided under this License. Any attempt
|
|
||||||
otherwise to copy, modify, sublicense or distribute the Program is
|
|
||||||
void, and will automatically terminate your rights under this License.
|
|
||||||
However, parties who have received copies, or rights, from you under
|
|
||||||
this License will not have their licenses terminated so long as such
|
|
||||||
parties remain in full compliance.
|
|
||||||
|
|
||||||
5. You are not required to accept this License, since you have not
|
|
||||||
signed it. However, nothing else grants you permission to modify or
|
|
||||||
distribute the Program or its derivative works. These actions are
|
|
||||||
prohibited by law if you do not accept this License. Therefore, by
|
|
||||||
modifying or distributing the Program (or any work based on the
|
|
||||||
Program), you indicate your acceptance of this License to do so, and
|
|
||||||
all its terms and conditions for copying, distributing or modifying
|
|
||||||
the Program or works based on it.
|
|
||||||
|
|
||||||
6. Each time you redistribute the Program (or any work based on the
|
|
||||||
Program), the recipient automatically receives a license from the
|
|
||||||
original licensor to copy, distribute or modify the Program subject to
|
|
||||||
these terms and conditions. You may not impose any further
|
|
||||||
restrictions on the recipients' exercise of the rights granted herein.
|
|
||||||
You are not responsible for enforcing compliance by third parties to
|
|
||||||
this License.
|
|
||||||
|
|
||||||
7. If, as a consequence of a court judgment or allegation of patent
|
|
||||||
infringement or for any other reason (not limited to patent issues),
|
|
||||||
conditions are imposed on you (whether by court order, agreement or
|
|
||||||
otherwise) that contradict the conditions of this License, they do not
|
|
||||||
excuse you from the conditions of this License. If you cannot
|
|
||||||
distribute so as to satisfy simultaneously your obligations under this
|
|
||||||
License and any other pertinent obligations, then as a consequence you
|
|
||||||
may not distribute the Program at all. For example, if a patent
|
|
||||||
license would not permit royalty-free redistribution of the Program by
|
|
||||||
all those who receive copies directly or indirectly through you, then
|
|
||||||
the only way you could satisfy both it and this License would be to
|
|
||||||
refrain entirely from distribution of the Program.
|
|
||||||
|
|
||||||
If any portion of this section is held invalid or unenforceable under
|
|
||||||
any particular circumstance, the balance of the section is intended to
|
|
||||||
apply and the section as a whole is intended to apply in other
|
|
||||||
circumstances.
|
|
||||||
|
|
||||||
It is not the purpose of this section to induce you to infringe any
|
|
||||||
patents or other property right claims or to contest validity of any
|
|
||||||
such claims; this section has the sole purpose of protecting the
|
|
||||||
integrity of the free software distribution system, which is
|
|
||||||
implemented by public license practices. Many people have made
|
|
||||||
generous contributions to the wide range of software distributed
|
|
||||||
through that system in reliance on consistent application of that
|
|
||||||
system; it is up to the author/donor to decide if he or she is willing
|
|
||||||
to distribute software through any other system and a licensee cannot
|
|
||||||
impose that choice.
|
|
||||||
|
|
||||||
This section is intended to make thoroughly clear what is believed to
|
|
||||||
be a consequence of the rest of this License.
|
|
||||||
|
|
||||||
8. If the distribution and/or use of the Program is restricted in
|
|
||||||
certain countries either by patents or by copyrighted interfaces, the
|
|
||||||
original copyright holder who places the Program under this License
|
|
||||||
may add an explicit geographical distribution limitation excluding
|
|
||||||
those countries, so that distribution is permitted only in or among
|
|
||||||
countries not thus excluded. In such case, this License incorporates
|
|
||||||
the limitation as if written in the body of this License.
|
|
||||||
|
|
||||||
9. The Free Software Foundation may publish revised and/or new versions
|
|
||||||
of the General Public License from time to time. Such new versions will
|
|
||||||
be similar in spirit to the present version, but may differ in detail to
|
|
||||||
address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Program
|
|
||||||
specifies a version number of this License which applies to it and "any
|
|
||||||
later version", you have the option of following the terms and conditions
|
|
||||||
either of that version or of any later version published by the Free
|
|
||||||
Software Foundation. If the Program does not specify a version number of
|
|
||||||
this License, you may choose any version ever published by the Free Software
|
|
||||||
Foundation.
|
|
||||||
|
|
||||||
10. If you wish to incorporate parts of the Program into other free
|
|
||||||
programs whose distribution conditions are different, write to the author
|
|
||||||
to ask for permission. For software which is copyrighted by the Free
|
|
||||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
|
||||||
make exceptions for this. Our decision will be guided by the two goals
|
|
||||||
of preserving the free status of all derivatives of our free software and
|
|
||||||
of promoting the sharing and reuse of software generally.
|
|
||||||
|
|
||||||
NO WARRANTY
|
|
||||||
|
|
||||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
|
||||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
|
||||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
|
||||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
|
||||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
||||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
|
||||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
|
||||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
|
||||||
REPAIR OR CORRECTION.
|
|
||||||
|
|
||||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
|
||||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
|
||||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
|
||||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
|
||||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
|
||||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
|
||||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
|
||||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
|
||||||
POSSIBILITY OF SUCH DAMAGES.
|
|
||||||
|
|
||||||
END OF TERMS AND CONDITIONS
|
|
||||||
|
|
||||||
Appendix: How to Apply These Terms to Your New Programs
|
|
||||||
|
|
||||||
If you develop a new program, and you want it to be of the greatest
|
|
||||||
possible use to the public, the best way to achieve this is to make it
|
|
||||||
free software which everyone can redistribute and change under these terms.
|
|
||||||
|
|
||||||
To do so, attach the following notices to the program. It is safest
|
|
||||||
to attach them to the start of each source file to most effectively
|
|
||||||
convey the exclusion of warranty; and each file should have at least
|
|
||||||
the "copyright" line and a pointer to where the full notice is found.
|
|
||||||
|
|
||||||
<one line to give the program's name and a brief idea of what it does.>
|
|
||||||
Copyright (C) 19yy <name of author>
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this program; if not, write to the Free Software
|
|
||||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
|
|
||||||
Also add information on how to contact you by electronic and paper mail.
|
|
||||||
|
|
||||||
If the program is interactive, make it output a short notice like this
|
|
||||||
when it starts in an interactive mode:
|
|
||||||
|
|
||||||
Gnomovision version 69, Copyright (C) 19yy name of author
|
|
||||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
|
||||||
This is free software, and you are welcome to redistribute it
|
|
||||||
under certain conditions; type `show c' for details.
|
|
||||||
|
|
||||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
|
||||||
parts of the General Public License. Of course, the commands you use may
|
|
||||||
be called something other than `show w' and `show c'; they could even be
|
|
||||||
mouse-clicks or menu items--whatever suits your program.
|
|
||||||
|
|
||||||
You should also get your employer (if you work as a programmer) or your
|
|
||||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
|
||||||
necessary. Here is a sample; alter the names:
|
|
||||||
|
|
||||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
|
||||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
|
||||||
|
|
||||||
<signature of Ty Coon>, 1 April 1989
|
|
||||||
Ty Coon, President of Vice
|
|
||||||
|
|
||||||
This General Public License does not permit incorporating your program into
|
|
||||||
proprietary programs. If your program is a subroutine library, you may
|
|
||||||
consider it more useful to permit linking proprietary applications with the
|
|
||||||
library. If this is what you want to do, use the GNU Library General
|
|
||||||
Public License instead of this License.
|
|
40
CREDITS
40
CREDITS
@ -1,40 +0,0 @@
|
|||||||
stunnel code contributions
|
|
||||||
|
|
||||||
|
|
||||||
The code contributions are licensed as public domain unless stated otherwise.
|
|
||||||
|
|
||||||
Several Win32 and WCE improvements and bugfixes:
|
|
||||||
* Pierre Delaage <delaage.pierre@free.fr>
|
|
||||||
|
|
||||||
systemd socket activation in version 5.05:
|
|
||||||
Copyright (c) 2014 Mark Theunissen
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
||||||
this software and associated documentation files (the "Software"), to deal in
|
|
||||||
the Software without restriction, including without limitation the rights to
|
|
||||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
|
||||||
of the Software, and to permit persons to whom the Software is furnished to do
|
|
||||||
so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
|
||||||
copies or substantial portions of the Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
SOFTWARE.
|
|
||||||
|
|
||||||
Several bugfixes and improvements mostly in versions 3.xx:
|
|
||||||
* Brian Hatch <bri@stunnel.org>
|
|
||||||
|
|
||||||
Initial PTY support in version 3.05:
|
|
||||||
* Dirk O. Siebnich <dok@vossnet.de>
|
|
||||||
|
|
||||||
Initial SSL support in versions 1.x:
|
|
||||||
* Adam Hernik <adas@infocentrum.com>
|
|
||||||
* Pawel Krawczyk <kravietz@ceti.com.pl>
|
|
||||||
|
|
||||||
and many others...
|
|
370
INSTALL
370
INSTALL
@ -1,370 +0,0 @@
|
|||||||
Installation Instructions
|
|
||||||
*************************
|
|
||||||
|
|
||||||
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
|
|
||||||
Inc.
|
|
||||||
|
|
||||||
Copying and distribution of this file, with or without modification,
|
|
||||||
are permitted in any medium without royalty provided the copyright
|
|
||||||
notice and this notice are preserved. This file is offered as-is,
|
|
||||||
without warranty of any kind.
|
|
||||||
|
|
||||||
Basic Installation
|
|
||||||
==================
|
|
||||||
|
|
||||||
Briefly, the shell command `./configure && make && make install'
|
|
||||||
should configure, build, and install this package. The following
|
|
||||||
more-detailed instructions are generic; see the `README' file for
|
|
||||||
instructions specific to this package. Some packages provide this
|
|
||||||
`INSTALL' file but do not implement all of the features documented
|
|
||||||
below. The lack of an optional feature in a given package is not
|
|
||||||
necessarily a bug. More recommendations for GNU packages can be found
|
|
||||||
in *note Makefile Conventions: (standards)Makefile Conventions.
|
|
||||||
|
|
||||||
The `configure' shell script attempts to guess correct values for
|
|
||||||
various system-dependent variables used during compilation. It uses
|
|
||||||
those values to create a `Makefile' in each directory of the package.
|
|
||||||
It may also create one or more `.h' files containing system-dependent
|
|
||||||
definitions. Finally, it creates a shell script `config.status' that
|
|
||||||
you can run in the future to recreate the current configuration, and a
|
|
||||||
file `config.log' containing compiler output (useful mainly for
|
|
||||||
debugging `configure').
|
|
||||||
|
|
||||||
It can also use an optional file (typically called `config.cache'
|
|
||||||
and enabled with `--cache-file=config.cache' or simply `-C') that saves
|
|
||||||
the results of its tests to speed up reconfiguring. Caching is
|
|
||||||
disabled by default to prevent problems with accidental use of stale
|
|
||||||
cache files.
|
|
||||||
|
|
||||||
If you need to do unusual things to compile the package, please try
|
|
||||||
to figure out how `configure' could check whether to do them, and mail
|
|
||||||
diffs or instructions to the address given in the `README' so they can
|
|
||||||
be considered for the next release. If you are using the cache, and at
|
|
||||||
some point `config.cache' contains results you don't want to keep, you
|
|
||||||
may remove or edit it.
|
|
||||||
|
|
||||||
The file `configure.ac' (or `configure.in') is used to create
|
|
||||||
`configure' by a program called `autoconf'. You need `configure.ac' if
|
|
||||||
you want to change it or regenerate `configure' using a newer version
|
|
||||||
of `autoconf'.
|
|
||||||
|
|
||||||
The simplest way to compile this package is:
|
|
||||||
|
|
||||||
1. `cd' to the directory containing the package's source code and type
|
|
||||||
`./configure' to configure the package for your system.
|
|
||||||
|
|
||||||
Running `configure' might take a while. While running, it prints
|
|
||||||
some messages telling which features it is checking for.
|
|
||||||
|
|
||||||
2. Type `make' to compile the package.
|
|
||||||
|
|
||||||
3. Optionally, type `make check' to run any self-tests that come with
|
|
||||||
the package, generally using the just-built uninstalled binaries.
|
|
||||||
|
|
||||||
4. Type `make install' to install the programs and any data files and
|
|
||||||
documentation. When installing into a prefix owned by root, it is
|
|
||||||
recommended that the package be configured and built as a regular
|
|
||||||
user, and only the `make install' phase executed with root
|
|
||||||
privileges.
|
|
||||||
|
|
||||||
5. Optionally, type `make installcheck' to repeat any self-tests, but
|
|
||||||
this time using the binaries in their final installed location.
|
|
||||||
This target does not install anything. Running this target as a
|
|
||||||
regular user, particularly if the prior `make install' required
|
|
||||||
root privileges, verifies that the installation completed
|
|
||||||
correctly.
|
|
||||||
|
|
||||||
6. You can remove the program binaries and object files from the
|
|
||||||
source code directory by typing `make clean'. To also remove the
|
|
||||||
files that `configure' created (so you can compile the package for
|
|
||||||
a different kind of computer), type `make distclean'. There is
|
|
||||||
also a `make maintainer-clean' target, but that is intended mainly
|
|
||||||
for the package's developers. If you use it, you may have to get
|
|
||||||
all sorts of other programs in order to regenerate files that came
|
|
||||||
with the distribution.
|
|
||||||
|
|
||||||
7. Often, you can also type `make uninstall' to remove the installed
|
|
||||||
files again. In practice, not all packages have tested that
|
|
||||||
uninstallation works correctly, even though it is required by the
|
|
||||||
GNU Coding Standards.
|
|
||||||
|
|
||||||
8. Some packages, particularly those that use Automake, provide `make
|
|
||||||
distcheck', which can by used by developers to test that all other
|
|
||||||
targets like `make install' and `make uninstall' work correctly.
|
|
||||||
This target is generally not run by end users.
|
|
||||||
|
|
||||||
Compilers and Options
|
|
||||||
=====================
|
|
||||||
|
|
||||||
Some systems require unusual options for compilation or linking that
|
|
||||||
the `configure' script does not know about. Run `./configure --help'
|
|
||||||
for details on some of the pertinent environment variables.
|
|
||||||
|
|
||||||
You can give `configure' initial values for configuration parameters
|
|
||||||
by setting variables in the command line or in the environment. Here
|
|
||||||
is an example:
|
|
||||||
|
|
||||||
./configure CC=c99 CFLAGS=-g LIBS=-lposix
|
|
||||||
|
|
||||||
*Note Defining Variables::, for more details.
|
|
||||||
|
|
||||||
Compiling For Multiple Architectures
|
|
||||||
====================================
|
|
||||||
|
|
||||||
You can compile the package for more than one kind of computer at the
|
|
||||||
same time, by placing the object files for each architecture in their
|
|
||||||
own directory. To do this, you can use GNU `make'. `cd' to the
|
|
||||||
directory where you want the object files and executables to go and run
|
|
||||||
the `configure' script. `configure' automatically checks for the
|
|
||||||
source code in the directory that `configure' is in and in `..'. This
|
|
||||||
is known as a "VPATH" build.
|
|
||||||
|
|
||||||
With a non-GNU `make', it is safer to compile the package for one
|
|
||||||
architecture at a time in the source code directory. After you have
|
|
||||||
installed the package for one architecture, use `make distclean' before
|
|
||||||
reconfiguring for another architecture.
|
|
||||||
|
|
||||||
On MacOS X 10.5 and later systems, you can create libraries and
|
|
||||||
executables that work on multiple system types--known as "fat" or
|
|
||||||
"universal" binaries--by specifying multiple `-arch' options to the
|
|
||||||
compiler but only a single `-arch' option to the preprocessor. Like
|
|
||||||
this:
|
|
||||||
|
|
||||||
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
|
||||||
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
|
||||||
CPP="gcc -E" CXXCPP="g++ -E"
|
|
||||||
|
|
||||||
This is not guaranteed to produce working output in all cases, you
|
|
||||||
may have to build one architecture at a time and combine the results
|
|
||||||
using the `lipo' tool if you have problems.
|
|
||||||
|
|
||||||
Installation Names
|
|
||||||
==================
|
|
||||||
|
|
||||||
By default, `make install' installs the package's commands under
|
|
||||||
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
|
||||||
can specify an installation prefix other than `/usr/local' by giving
|
|
||||||
`configure' the option `--prefix=PREFIX', where PREFIX must be an
|
|
||||||
absolute file name.
|
|
||||||
|
|
||||||
You can specify separate installation prefixes for
|
|
||||||
architecture-specific files and architecture-independent files. If you
|
|
||||||
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
|
|
||||||
PREFIX as the prefix for installing programs and libraries.
|
|
||||||
Documentation and other data files still use the regular prefix.
|
|
||||||
|
|
||||||
In addition, if you use an unusual directory layout you can give
|
|
||||||
options like `--bindir=DIR' to specify different values for particular
|
|
||||||
kinds of files. Run `configure --help' for a list of the directories
|
|
||||||
you can set and what kinds of files go in them. In general, the
|
|
||||||
default for these options is expressed in terms of `${prefix}', so that
|
|
||||||
specifying just `--prefix' will affect all of the other directory
|
|
||||||
specifications that were not explicitly provided.
|
|
||||||
|
|
||||||
The most portable way to affect installation locations is to pass the
|
|
||||||
correct locations to `configure'; however, many packages provide one or
|
|
||||||
both of the following shortcuts of passing variable assignments to the
|
|
||||||
`make install' command line to change installation locations without
|
|
||||||
having to reconfigure or recompile.
|
|
||||||
|
|
||||||
The first method involves providing an override variable for each
|
|
||||||
affected directory. For example, `make install
|
|
||||||
prefix=/alternate/directory' will choose an alternate location for all
|
|
||||||
directory configuration variables that were expressed in terms of
|
|
||||||
`${prefix}'. Any directories that were specified during `configure',
|
|
||||||
but not in terms of `${prefix}', must each be overridden at install
|
|
||||||
time for the entire installation to be relocated. The approach of
|
|
||||||
makefile variable overrides for each directory variable is required by
|
|
||||||
the GNU Coding Standards, and ideally causes no recompilation.
|
|
||||||
However, some platforms have known limitations with the semantics of
|
|
||||||
shared libraries that end up requiring recompilation when using this
|
|
||||||
method, particularly noticeable in packages that use GNU Libtool.
|
|
||||||
|
|
||||||
The second method involves providing the `DESTDIR' variable. For
|
|
||||||
example, `make install DESTDIR=/alternate/directory' will prepend
|
|
||||||
`/alternate/directory' before all installation names. The approach of
|
|
||||||
`DESTDIR' overrides is not required by the GNU Coding Standards, and
|
|
||||||
does not work on platforms that have drive letters. On the other hand,
|
|
||||||
it does better at avoiding recompilation issues, and works well even
|
|
||||||
when some directory options were not specified in terms of `${prefix}'
|
|
||||||
at `configure' time.
|
|
||||||
|
|
||||||
Optional Features
|
|
||||||
=================
|
|
||||||
|
|
||||||
If the package supports it, you can cause programs to be installed
|
|
||||||
with an extra prefix or suffix on their names by giving `configure' the
|
|
||||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
|
||||||
|
|
||||||
Some packages pay attention to `--enable-FEATURE' options to
|
|
||||||
`configure', where FEATURE indicates an optional part of the package.
|
|
||||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
|
||||||
is something like `gnu-as' or `x' (for the X Window System). The
|
|
||||||
`README' should mention any `--enable-' and `--with-' options that the
|
|
||||||
package recognizes.
|
|
||||||
|
|
||||||
For packages that use the X Window System, `configure' can usually
|
|
||||||
find the X include and library files automatically, but if it doesn't,
|
|
||||||
you can use the `configure' options `--x-includes=DIR' and
|
|
||||||
`--x-libraries=DIR' to specify their locations.
|
|
||||||
|
|
||||||
Some packages offer the ability to configure how verbose the
|
|
||||||
execution of `make' will be. For these packages, running `./configure
|
|
||||||
--enable-silent-rules' sets the default to minimal output, which can be
|
|
||||||
overridden with `make V=1'; while running `./configure
|
|
||||||
--disable-silent-rules' sets the default to verbose, which can be
|
|
||||||
overridden with `make V=0'.
|
|
||||||
|
|
||||||
Particular systems
|
|
||||||
==================
|
|
||||||
|
|
||||||
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
|
|
||||||
CC is not installed, it is recommended to use the following options in
|
|
||||||
order to use an ANSI C compiler:
|
|
||||||
|
|
||||||
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
|
|
||||||
|
|
||||||
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
|
|
||||||
|
|
||||||
HP-UX `make' updates targets which have the same time stamps as
|
|
||||||
their prerequisites, which makes it generally unusable when shipped
|
|
||||||
generated files such as `configure' are involved. Use GNU `make'
|
|
||||||
instead.
|
|
||||||
|
|
||||||
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
|
|
||||||
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
|
|
||||||
a workaround. If GNU CC is not installed, it is therefore recommended
|
|
||||||
to try
|
|
||||||
|
|
||||||
./configure CC="cc"
|
|
||||||
|
|
||||||
and if that doesn't work, try
|
|
||||||
|
|
||||||
./configure CC="cc -nodtk"
|
|
||||||
|
|
||||||
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
|
|
||||||
directory contains several dysfunctional programs; working variants of
|
|
||||||
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
|
|
||||||
in your `PATH', put it _after_ `/usr/bin'.
|
|
||||||
|
|
||||||
On Haiku, software installed for all users goes in `/boot/common',
|
|
||||||
not `/usr/local'. It is recommended to use the following options:
|
|
||||||
|
|
||||||
./configure --prefix=/boot/common
|
|
||||||
|
|
||||||
Specifying the System Type
|
|
||||||
==========================
|
|
||||||
|
|
||||||
There may be some features `configure' cannot figure out
|
|
||||||
automatically, but needs to determine by the type of machine the package
|
|
||||||
will run on. Usually, assuming the package is built to be run on the
|
|
||||||
_same_ architectures, `configure' can figure that out, but if it prints
|
|
||||||
a message saying it cannot guess the machine type, give it the
|
|
||||||
`--build=TYPE' option. TYPE can either be a short name for the system
|
|
||||||
type, such as `sun4', or a canonical name which has the form:
|
|
||||||
|
|
||||||
CPU-COMPANY-SYSTEM
|
|
||||||
|
|
||||||
where SYSTEM can have one of these forms:
|
|
||||||
|
|
||||||
OS
|
|
||||||
KERNEL-OS
|
|
||||||
|
|
||||||
See the file `config.sub' for the possible values of each field. If
|
|
||||||
`config.sub' isn't included in this package, then this package doesn't
|
|
||||||
need to know the machine type.
|
|
||||||
|
|
||||||
If you are _building_ compiler tools for cross-compiling, you should
|
|
||||||
use the option `--target=TYPE' to select the type of system they will
|
|
||||||
produce code for.
|
|
||||||
|
|
||||||
If you want to _use_ a cross compiler, that generates code for a
|
|
||||||
platform different from the build platform, you should specify the
|
|
||||||
"host" platform (i.e., that on which the generated programs will
|
|
||||||
eventually be run) with `--host=TYPE'.
|
|
||||||
|
|
||||||
Sharing Defaults
|
|
||||||
================
|
|
||||||
|
|
||||||
If you want to set default values for `configure' scripts to share,
|
|
||||||
you can create a site shell script called `config.site' that gives
|
|
||||||
default values for variables like `CC', `cache_file', and `prefix'.
|
|
||||||
`configure' looks for `PREFIX/share/config.site' if it exists, then
|
|
||||||
`PREFIX/etc/config.site' if it exists. Or, you can set the
|
|
||||||
`CONFIG_SITE' environment variable to the location of the site script.
|
|
||||||
A warning: not all `configure' scripts look for a site script.
|
|
||||||
|
|
||||||
Defining Variables
|
|
||||||
==================
|
|
||||||
|
|
||||||
Variables not defined in a site shell script can be set in the
|
|
||||||
environment passed to `configure'. However, some packages may run
|
|
||||||
configure again during the build, and the customized values of these
|
|
||||||
variables may be lost. In order to avoid this problem, you should set
|
|
||||||
them in the `configure' command line, using `VAR=value'. For example:
|
|
||||||
|
|
||||||
./configure CC=/usr/local2/bin/gcc
|
|
||||||
|
|
||||||
causes the specified `gcc' to be used as the C compiler (unless it is
|
|
||||||
overridden in the site shell script).
|
|
||||||
|
|
||||||
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
|
|
||||||
an Autoconf limitation. Until the limitation is lifted, you can use
|
|
||||||
this workaround:
|
|
||||||
|
|
||||||
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
|
|
||||||
|
|
||||||
`configure' Invocation
|
|
||||||
======================
|
|
||||||
|
|
||||||
`configure' recognizes the following options to control how it
|
|
||||||
operates.
|
|
||||||
|
|
||||||
`--help'
|
|
||||||
`-h'
|
|
||||||
Print a summary of all of the options to `configure', and exit.
|
|
||||||
|
|
||||||
`--help=short'
|
|
||||||
`--help=recursive'
|
|
||||||
Print a summary of the options unique to this package's
|
|
||||||
`configure', and exit. The `short' variant lists options used
|
|
||||||
only in the top level, while the `recursive' variant lists options
|
|
||||||
also present in any nested packages.
|
|
||||||
|
|
||||||
`--version'
|
|
||||||
`-V'
|
|
||||||
Print the version of Autoconf used to generate the `configure'
|
|
||||||
script, and exit.
|
|
||||||
|
|
||||||
`--cache-file=FILE'
|
|
||||||
Enable the cache: use and save the results of the tests in FILE,
|
|
||||||
traditionally `config.cache'. FILE defaults to `/dev/null' to
|
|
||||||
disable caching.
|
|
||||||
|
|
||||||
`--config-cache'
|
|
||||||
`-C'
|
|
||||||
Alias for `--cache-file=config.cache'.
|
|
||||||
|
|
||||||
`--quiet'
|
|
||||||
`--silent'
|
|
||||||
`-q'
|
|
||||||
Do not print messages saying which checks are being made. To
|
|
||||||
suppress all normal output, redirect it to `/dev/null' (any error
|
|
||||||
messages will still be shown).
|
|
||||||
|
|
||||||
`--srcdir=DIR'
|
|
||||||
Look for the package's source code in directory DIR. Usually
|
|
||||||
`configure' can determine that directory automatically.
|
|
||||||
|
|
||||||
`--prefix=DIR'
|
|
||||||
Use DIR as the installation prefix. *note Installation Names::
|
|
||||||
for more details, including other options available for fine-tuning
|
|
||||||
the installation locations.
|
|
||||||
|
|
||||||
`--no-create'
|
|
||||||
`-n'
|
|
||||||
Run the configure checks, but stop before creating any output
|
|
||||||
files.
|
|
||||||
|
|
||||||
`configure' also accepts some other, not widely useful, options. Run
|
|
||||||
`configure --help' for more details.
|
|
25
INSTALL.FIPS
25
INSTALL.FIPS
@ -1,25 +0,0 @@
|
|||||||
stunnel FIPS install notes
|
|
||||||
|
|
||||||
|
|
||||||
Unix HOWTO:
|
|
||||||
* Only dynamic linking of the FIPS-enabled OpenSSL is currently supported,
|
|
||||||
i.e. FIPS-enabled OpenSSL has to be configured with "shared" parameter.
|
|
||||||
* FIPS mode is autodetected if possible. It can be forced with:
|
|
||||||
./configure --enable-fips
|
|
||||||
or disable with:
|
|
||||||
./configure --disable-fips
|
|
||||||
|
|
||||||
WIN32 HOWTO:
|
|
||||||
* On 32-bit Windows install one of the following compilers:
|
|
||||||
- MSVC 8.0 (VS 2005) Standard or Professional Edition
|
|
||||||
- MSVC 9.0 (VS 2008) any edition including Express Edition
|
|
||||||
* On 64-bit Windows install one of the following compilers:
|
|
||||||
- MSVC 8.0 (VS 2005) Standard or Professional Edition
|
|
||||||
- MSVC 9.0 (VS 2008) Standard or Professional Edition
|
|
||||||
* Build FIPS-compliant OpenSSL DLLS according to:
|
|
||||||
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
|
|
||||||
* Build stunnel normally with MSVC or Mingw.
|
|
||||||
Mingw build requires DLL stubs. Stubs can be built with:
|
|
||||||
dlltool --def ms/libeay32.def --output-lib libcrypto.a
|
|
||||||
dlltool --def ms/ssleay32.def --output-lib libssl.a
|
|
||||||
|
|
66
INSTALL.W32
66
INSTALL.W32
@ -1,66 +0,0 @@
|
|||||||
stunnel Windows install notes
|
|
||||||
|
|
||||||
|
|
||||||
Cross-compiling stunnel from source with MinGW (optional):
|
|
||||||
|
|
||||||
1) Install the mingw32 cross-compiler on a Unix/Linux machine.
|
|
||||||
On Debian (and derivatives, including Ubuntu):
|
|
||||||
sudo apt-get install gcc-mingw-w64-i686
|
|
||||||
On Arch Linux:
|
|
||||||
sudo pacman -S mingw-w64-gcc
|
|
||||||
|
|
||||||
2) Download the recent OpenSSL and unpack it:
|
|
||||||
tar zvxf ~/openssl-(version).tar.gz
|
|
||||||
mv openssl-(version) openssl-(version)-i686
|
|
||||||
cd openssl-(version)-i686/
|
|
||||||
|
|
||||||
3) Build OpenSSL.
|
|
||||||
For 32-bit Windows:
|
|
||||||
./Configure \
|
|
||||||
--cross-compile-prefix=i686-w64-mingw32- \
|
|
||||||
--openssldir=/opt/openssl-mingw mingw shared
|
|
||||||
make
|
|
||||||
sudo make install
|
|
||||||
sudo cp ms/applink.c /opt/openssl-mingw/include/openssl/
|
|
||||||
For 64-bit Windows:
|
|
||||||
./Configure \
|
|
||||||
--cross-compile-prefix=x86_64-w64-mingw32- \
|
|
||||||
--openssldir=/opt/openssl-mingw64 mingw64 shared
|
|
||||||
make
|
|
||||||
sudo make install
|
|
||||||
sudo cp ms/applink.c /opt/openssl-mingw64/include/openssl/
|
|
||||||
|
|
||||||
4) Download and unpack stunnel-(version).tar.gz.
|
|
||||||
|
|
||||||
5) Configure stunnel:
|
|
||||||
cd stunnel-(version)
|
|
||||||
./configure
|
|
||||||
|
|
||||||
6) Build Windows 32-bit and/or 64-bit executables:
|
|
||||||
cd src
|
|
||||||
make mingw
|
|
||||||
make mingw64
|
|
||||||
|
|
||||||
|
|
||||||
Building stunnel from source with MinGW (optional):
|
|
||||||
|
|
||||||
Building on a Windows machine is possible, but not currently supported.
|
|
||||||
|
|
||||||
|
|
||||||
Building stunnel from source with Visual Studio (optional):
|
|
||||||
|
|
||||||
TODO
|
|
||||||
|
|
||||||
|
|
||||||
Installing stunnel:
|
|
||||||
|
|
||||||
1) Run installer to install the precompiled binaries, or
|
|
||||||
copy the stunnel.exe or tstunnel.exe executable located in the
|
|
||||||
/stunnel-(version)/bin/mingw/ directory into the destination
|
|
||||||
directory on a Windows machine, and
|
|
||||||
copy OpenSSL DLLs: libeay32.dll, libssp-0.dll and ssleay32.dll
|
|
||||||
into the same directory, if necessary.
|
|
||||||
|
|
||||||
2) Read the manual (stunnel.html).
|
|
||||||
|
|
||||||
3) Create/edit the stunnel.conf configuration file.
|
|
45
INSTALL.WCE
45
INSTALL.WCE
@ -1,45 +0,0 @@
|
|||||||
stunnel Windows CE install notes
|
|
||||||
|
|
||||||
|
|
||||||
Two stunnel executables are available for Windows CE platform:
|
|
||||||
|
|
||||||
1) stunnel.exe - version with interactive GUI
|
|
||||||
|
|
||||||
2) tstunnel.exe - non-iteractive version for headless devices
|
|
||||||
|
|
||||||
|
|
||||||
Building stunnel from source (optional):
|
|
||||||
|
|
||||||
1) install the following tools:
|
|
||||||
evt2002web_min.exe from http://www.microsoft.com/
|
|
||||||
ActivePerl from http://www.activestate.com/Products/ActivePerl/
|
|
||||||
unzip.exe (file needs to be renamed) from
|
|
||||||
http://www.mirrorservice.org/sites/ftp.info-zip.org/pub/infozip/WIN32/
|
|
||||||
|
|
||||||
2) download the OpenSSL source files (the whole directory):
|
|
||||||
ftp://ftp.stunnel.org/stunnel/openssl/ce/
|
|
||||||
|
|
||||||
3) your directory should look like this:
|
|
||||||
build.bat
|
|
||||||
build.pl
|
|
||||||
unzip.exe
|
|
||||||
src\openssl-0.9.8a.zip
|
|
||||||
src\wcecompat-1.2.zip
|
|
||||||
|
|
||||||
4) type "build" to build OpenSSL
|
|
||||||
|
|
||||||
5) download and unpack stunnel-(version).tar.gz
|
|
||||||
|
|
||||||
4) enter "stunnel-(version)\src" subdirectory
|
|
||||||
|
|
||||||
5) type "makece" to build stunnel
|
|
||||||
|
|
||||||
|
|
||||||
Installing stunnel:
|
|
||||||
|
|
||||||
1) copy OpenSSL DLLs and stunnel.exe or tstunnel.exe into \stunnel directory
|
|
||||||
|
|
||||||
2) read the manual (stunnel.html)
|
|
||||||
|
|
||||||
3) create/edit stunnel.conf configuration file
|
|
||||||
|
|
58
Makefile.am
58
Makefile.am
@ -1,58 +0,0 @@
|
|||||||
## Process this file with automake to produce Makefile.in
|
|
||||||
# by Michal Trojnara 2015-2017
|
|
||||||
|
|
||||||
ACLOCAL_AMFLAGS = -I m4
|
|
||||||
|
|
||||||
SUBDIRS = src doc tools tests
|
|
||||||
|
|
||||||
LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
|
||||||
libtool: $(LIBTOOL_DEPS)
|
|
||||||
$(SHELL) ./config.status libtool
|
|
||||||
|
|
||||||
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS
|
|
||||||
EXTRA_DIST += INSTALL.W32 INSTALL.WCE INSTALL.FIPS
|
|
||||||
EXTRA_DIST += build-android.sh .travis.yml
|
|
||||||
|
|
||||||
docdir = $(datadir)/doc/stunnel
|
|
||||||
doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog
|
|
||||||
doc_DATA += PORTS BUGS COPYRIGHT.GPL CREDITS
|
|
||||||
doc_DATA += INSTALL.W32 INSTALL.WCE INSTALL.FIPS
|
|
||||||
|
|
||||||
distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
|
|
||||||
|
|
||||||
distclean-local:
|
|
||||||
rm -rf autom4te.cache
|
|
||||||
# rm -f $(distdir)-win32-installer.exe
|
|
||||||
|
|
||||||
#dist-hook:
|
|
||||||
# makensis -NOCD -DVERSION=${VERSION} \
|
|
||||||
# -DSTUNNEL_DIR=$(srcdir) \
|
|
||||||
# -DROOT_DIR=/usr/src \
|
|
||||||
# $(srcdir)/tools/stunnel.nsi
|
|
||||||
|
|
||||||
sign: dist
|
|
||||||
cp -f $(distdir).tar.gz $(distdir)-win32-installer.exe $(distdir)-android.zip ../dist
|
|
||||||
gpg-agent --daemon /bin/sh -c "cd ../dist; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir).tar.gz; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-win32-installer.exe; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-android.zip"
|
|
||||||
sha256sum $(distdir).tar.gz >../dist/$(distdir).tar.gz.sha256
|
|
||||||
sha256sum $(distdir)-win32-installer.exe >../dist/$(distdir)-win32-installer.exe.sha256
|
|
||||||
sha256sum $(distdir)-android.zip >../dist/$(distdir)-android.zip.sha256
|
|
||||||
cat ../dist/$(distdir)*.sha256 | tac
|
|
||||||
|
|
||||||
cert:
|
|
||||||
$(MAKE) -C tools cert
|
|
||||||
|
|
||||||
test: check
|
|
||||||
|
|
||||||
install-data-hook:
|
|
||||||
@echo "*********************************************************"
|
|
||||||
@echo "* Type 'make cert' to also install a sample certificate *"
|
|
||||||
@echo "*********************************************************"
|
|
||||||
|
|
||||||
edit = sed \
|
|
||||||
-e 's|@bindir[@]|$(bindir)|g' \
|
|
||||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g'
|
|
||||||
|
|
||||||
stunnel.pod: Makefile
|
|
||||||
$(edit) '$(srcdir)/$@.in' >$@
|
|
||||||
|
|
||||||
stunnel.pod: $(srcdir)/stunnel.pod
|
|
907
Makefile.in
907
Makefile.in
@ -1,907 +0,0 @@
|
|||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
|
||||||
# @configure_input@
|
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
|
||||||
# with or without modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
|
||||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
||||||
# PARTICULAR PURPOSE.
|
|
||||||
|
|
||||||
@SET_MAKE@
|
|
||||||
|
|
||||||
# by Michal Trojnara 2015-2017
|
|
||||||
|
|
||||||
VPATH = @srcdir@
|
|
||||||
am__is_gnu_make = { \
|
|
||||||
if test -z '$(MAKELEVEL)'; then \
|
|
||||||
false; \
|
|
||||||
elif test -n '$(MAKE_HOST)'; then \
|
|
||||||
true; \
|
|
||||||
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
|
|
||||||
true; \
|
|
||||||
else \
|
|
||||||
false; \
|
|
||||||
fi; \
|
|
||||||
}
|
|
||||||
am__make_running_with_option = \
|
|
||||||
case $${target_option-} in \
|
|
||||||
?) ;; \
|
|
||||||
*) echo "am__make_running_with_option: internal error: invalid" \
|
|
||||||
"target option '$${target_option-}' specified" >&2; \
|
|
||||||
exit 1;; \
|
|
||||||
esac; \
|
|
||||||
has_opt=no; \
|
|
||||||
sane_makeflags=$$MAKEFLAGS; \
|
|
||||||
if $(am__is_gnu_make); then \
|
|
||||||
sane_makeflags=$$MFLAGS; \
|
|
||||||
else \
|
|
||||||
case $$MAKEFLAGS in \
|
|
||||||
*\\[\ \ ]*) \
|
|
||||||
bs=\\; \
|
|
||||||
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
|
|
||||||
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
|
|
||||||
esac; \
|
|
||||||
fi; \
|
|
||||||
skip_next=no; \
|
|
||||||
strip_trailopt () \
|
|
||||||
{ \
|
|
||||||
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
|
|
||||||
}; \
|
|
||||||
for flg in $$sane_makeflags; do \
|
|
||||||
test $$skip_next = yes && { skip_next=no; continue; }; \
|
|
||||||
case $$flg in \
|
|
||||||
*=*|--*) continue;; \
|
|
||||||
-*I) strip_trailopt 'I'; skip_next=yes;; \
|
|
||||||
-*I?*) strip_trailopt 'I';; \
|
|
||||||
-*O) strip_trailopt 'O'; skip_next=yes;; \
|
|
||||||
-*O?*) strip_trailopt 'O';; \
|
|
||||||
-*l) strip_trailopt 'l'; skip_next=yes;; \
|
|
||||||
-*l?*) strip_trailopt 'l';; \
|
|
||||||
-[dEDm]) skip_next=yes;; \
|
|
||||||
-[JT]) skip_next=yes;; \
|
|
||||||
esac; \
|
|
||||||
case $$flg in \
|
|
||||||
*$$target_option*) has_opt=yes; break;; \
|
|
||||||
esac; \
|
|
||||||
done; \
|
|
||||||
test $$has_opt = yes
|
|
||||||
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
|
|
||||||
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
|
|
||||||
pkgdatadir = $(datadir)/@PACKAGE@
|
|
||||||
pkgincludedir = $(includedir)/@PACKAGE@
|
|
||||||
pkglibdir = $(libdir)/@PACKAGE@
|
|
||||||
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
|
||||||
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
|
||||||
install_sh_DATA = $(install_sh) -c -m 644
|
|
||||||
install_sh_PROGRAM = $(install_sh) -c
|
|
||||||
install_sh_SCRIPT = $(install_sh) -c
|
|
||||||
INSTALL_HEADER = $(INSTALL_DATA)
|
|
||||||
transform = $(program_transform_name)
|
|
||||||
NORMAL_INSTALL = :
|
|
||||||
PRE_INSTALL = :
|
|
||||||
POST_INSTALL = :
|
|
||||||
NORMAL_UNINSTALL = :
|
|
||||||
PRE_UNINSTALL = :
|
|
||||||
POST_UNINSTALL = :
|
|
||||||
build_triplet = @build@
|
|
||||||
host_triplet = @host@
|
|
||||||
subdir = .
|
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
|
|
||||||
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
|
|
||||||
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
|
|
||||||
$(top_srcdir)/configure.ac
|
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
|
||||||
$(ACLOCAL_M4)
|
|
||||||
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
|
|
||||||
$(am__configure_deps) $(am__DIST_COMMON)
|
|
||||||
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
|
|
||||||
configure.lineno config.status.lineno
|
|
||||||
mkinstalldirs = $(install_sh) -d
|
|
||||||
CONFIG_HEADER = $(top_builddir)/src/config.h
|
|
||||||
CONFIG_CLEAN_FILES =
|
|
||||||
CONFIG_CLEAN_VPATH_FILES =
|
|
||||||
AM_V_P = $(am__v_P_@AM_V@)
|
|
||||||
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
|
|
||||||
am__v_P_0 = false
|
|
||||||
am__v_P_1 = :
|
|
||||||
AM_V_GEN = $(am__v_GEN_@AM_V@)
|
|
||||||
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
|
|
||||||
am__v_GEN_0 = @echo " GEN " $@;
|
|
||||||
am__v_GEN_1 =
|
|
||||||
AM_V_at = $(am__v_at_@AM_V@)
|
|
||||||
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
|
|
||||||
am__v_at_0 = @
|
|
||||||
am__v_at_1 =
|
|
||||||
SOURCES =
|
|
||||||
DIST_SOURCES =
|
|
||||||
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
|
|
||||||
ctags-recursive dvi-recursive html-recursive info-recursive \
|
|
||||||
install-data-recursive install-dvi-recursive \
|
|
||||||
install-exec-recursive install-html-recursive \
|
|
||||||
install-info-recursive install-pdf-recursive \
|
|
||||||
install-ps-recursive install-recursive installcheck-recursive \
|
|
||||||
installdirs-recursive pdf-recursive ps-recursive \
|
|
||||||
tags-recursive uninstall-recursive
|
|
||||||
am__can_run_installinfo = \
|
|
||||||
case $$AM_UPDATE_INFO_DIR in \
|
|
||||||
n|no|NO) false;; \
|
|
||||||
*) (install-info --version) >/dev/null 2>&1;; \
|
|
||||||
esac
|
|
||||||
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
|
|
||||||
am__vpath_adj = case $$p in \
|
|
||||||
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
|
|
||||||
*) f=$$p;; \
|
|
||||||
esac;
|
|
||||||
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
|
|
||||||
am__install_max = 40
|
|
||||||
am__nobase_strip_setup = \
|
|
||||||
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
|
|
||||||
am__nobase_strip = \
|
|
||||||
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
|
|
||||||
am__nobase_list = $(am__nobase_strip_setup); \
|
|
||||||
for p in $$list; do echo "$$p $$p"; done | \
|
|
||||||
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
|
|
||||||
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
|
|
||||||
if (++n[$$2] == $(am__install_max)) \
|
|
||||||
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
|
|
||||||
END { for (dir in files) print dir, files[dir] }'
|
|
||||||
am__base_list = \
|
|
||||||
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
|
|
||||||
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
|
|
||||||
am__uninstall_files_from_dir = { \
|
|
||||||
test -z "$$files" \
|
|
||||||
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|
|
||||||
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
|
|
||||||
$(am__cd) "$$dir" && rm -f $$files; }; \
|
|
||||||
}
|
|
||||||
am__installdirs = "$(DESTDIR)$(docdir)"
|
|
||||||
DATA = $(doc_DATA)
|
|
||||||
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
|
|
||||||
distclean-recursive maintainer-clean-recursive
|
|
||||||
am__recursive_targets = \
|
|
||||||
$(RECURSIVE_TARGETS) \
|
|
||||||
$(RECURSIVE_CLEAN_TARGETS) \
|
|
||||||
$(am__extra_recursive_targets)
|
|
||||||
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
|
|
||||||
cscope distdir dist dist-all distcheck
|
|
||||||
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
|
|
||||||
# Read a list of newline-separated strings from the standard input,
|
|
||||||
# and print each of them once, without duplicates. Input order is
|
|
||||||
# *not* preserved.
|
|
||||||
am__uniquify_input = $(AWK) '\
|
|
||||||
BEGIN { nonempty = 0; } \
|
|
||||||
{ items[$$0] = 1; nonempty = 1; } \
|
|
||||||
END { if (nonempty) { for (i in items) print i; }; } \
|
|
||||||
'
|
|
||||||
# Make sure the list of sources is unique. This is necessary because,
|
|
||||||
# e.g., the same source file might be shared among _SOURCES variables
|
|
||||||
# for different programs/libraries.
|
|
||||||
am__define_uniq_tagged_files = \
|
|
||||||
list='$(am__tagged_files)'; \
|
|
||||||
unique=`for i in $$list; do \
|
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
|
||||||
done | $(am__uniquify_input)`
|
|
||||||
ETAGS = etags
|
|
||||||
CTAGS = ctags
|
|
||||||
CSCOPE = cscope
|
|
||||||
DIST_SUBDIRS = $(SUBDIRS)
|
|
||||||
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/auto/compile \
|
|
||||||
$(top_srcdir)/auto/config.guess $(top_srcdir)/auto/config.sub \
|
|
||||||
$(top_srcdir)/auto/install-sh $(top_srcdir)/auto/ltmain.sh \
|
|
||||||
$(top_srcdir)/auto/missing AUTHORS COPYING ChangeLog INSTALL \
|
|
||||||
NEWS README TODO auto/compile auto/config.guess \
|
|
||||||
auto/config.sub auto/depcomp auto/install-sh auto/ltmain.sh \
|
|
||||||
auto/missing
|
|
||||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
|
||||||
distdir = $(PACKAGE)-$(VERSION)
|
|
||||||
top_distdir = $(distdir)
|
|
||||||
am__remove_distdir = \
|
|
||||||
if test -d "$(distdir)"; then \
|
|
||||||
find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
|
|
||||||
&& rm -rf "$(distdir)" \
|
|
||||||
|| { sleep 5 && rm -rf "$(distdir)"; }; \
|
|
||||||
else :; fi
|
|
||||||
am__post_remove_distdir = $(am__remove_distdir)
|
|
||||||
am__relativize = \
|
|
||||||
dir0=`pwd`; \
|
|
||||||
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
|
|
||||||
sed_rest='s,^[^/]*/*,,'; \
|
|
||||||
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
|
|
||||||
sed_butlast='s,/*[^/]*$$,,'; \
|
|
||||||
while test -n "$$dir1"; do \
|
|
||||||
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
|
|
||||||
if test "$$first" != "."; then \
|
|
||||||
if test "$$first" = ".."; then \
|
|
||||||
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
|
|
||||||
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
|
|
||||||
else \
|
|
||||||
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
|
|
||||||
if test "$$first2" = "$$first"; then \
|
|
||||||
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
|
|
||||||
else \
|
|
||||||
dir2="../$$dir2"; \
|
|
||||||
fi; \
|
|
||||||
dir0="$$dir0"/"$$first"; \
|
|
||||||
fi; \
|
|
||||||
fi; \
|
|
||||||
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
|
|
||||||
done; \
|
|
||||||
reldir="$$dir2"
|
|
||||||
DIST_ARCHIVES = $(distdir).tar.gz
|
|
||||||
GZIP_ENV = --best
|
|
||||||
DIST_TARGETS = dist-gzip
|
|
||||||
distuninstallcheck_listfiles = find . -type f -print
|
|
||||||
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
|
|
||||||
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
|
|
||||||
ACLOCAL = @ACLOCAL@
|
|
||||||
AMTAR = @AMTAR@
|
|
||||||
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
|
|
||||||
AR = @AR@
|
|
||||||
AUTOCONF = @AUTOCONF@
|
|
||||||
AUTOHEADER = @AUTOHEADER@
|
|
||||||
AUTOMAKE = @AUTOMAKE@
|
|
||||||
AWK = @AWK@
|
|
||||||
CC = @CC@
|
|
||||||
CCDEPMODE = @CCDEPMODE@
|
|
||||||
CFLAGS = @CFLAGS@
|
|
||||||
CPP = @CPP@
|
|
||||||
CPPFLAGS = @CPPFLAGS@
|
|
||||||
CYGPATH_W = @CYGPATH_W@
|
|
||||||
DEFAULT_GROUP = @DEFAULT_GROUP@
|
|
||||||
DEFS = @DEFS@
|
|
||||||
DEPDIR = @DEPDIR@
|
|
||||||
DLLTOOL = @DLLTOOL@
|
|
||||||
DSYMUTIL = @DSYMUTIL@
|
|
||||||
DUMPBIN = @DUMPBIN@
|
|
||||||
ECHO_C = @ECHO_C@
|
|
||||||
ECHO_N = @ECHO_N@
|
|
||||||
ECHO_T = @ECHO_T@
|
|
||||||
EGREP = @EGREP@
|
|
||||||
EXEEXT = @EXEEXT@
|
|
||||||
FGREP = @FGREP@
|
|
||||||
GREP = @GREP@
|
|
||||||
INSTALL = @INSTALL@
|
|
||||||
INSTALL_DATA = @INSTALL_DATA@
|
|
||||||
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
|
||||||
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
|
||||||
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
|
||||||
LD = @LD@
|
|
||||||
LDFLAGS = @LDFLAGS@
|
|
||||||
LIBOBJS = @LIBOBJS@
|
|
||||||
LIBS = @LIBS@
|
|
||||||
LIBTOOL = @LIBTOOL@
|
|
||||||
LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
|
||||||
LIPO = @LIPO@
|
|
||||||
LN_S = @LN_S@
|
|
||||||
LTLIBOBJS = @LTLIBOBJS@
|
|
||||||
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
|
|
||||||
MAKEINFO = @MAKEINFO@
|
|
||||||
MANIFEST_TOOL = @MANIFEST_TOOL@
|
|
||||||
MKDIR_P = @MKDIR_P@
|
|
||||||
NM = @NM@
|
|
||||||
NMEDIT = @NMEDIT@
|
|
||||||
OBJDUMP = @OBJDUMP@
|
|
||||||
OBJEXT = @OBJEXT@
|
|
||||||
OTOOL = @OTOOL@
|
|
||||||
OTOOL64 = @OTOOL64@
|
|
||||||
PACKAGE = @PACKAGE@
|
|
||||||
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
|
||||||
PACKAGE_NAME = @PACKAGE_NAME@
|
|
||||||
PACKAGE_STRING = @PACKAGE_STRING@
|
|
||||||
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
|
||||||
PACKAGE_URL = @PACKAGE_URL@
|
|
||||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
|
||||||
PATH_SEPARATOR = @PATH_SEPARATOR@
|
|
||||||
PTHREAD_CC = @PTHREAD_CC@
|
|
||||||
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
|
|
||||||
PTHREAD_LIBS = @PTHREAD_LIBS@
|
|
||||||
RANDOM_FILE = @RANDOM_FILE@
|
|
||||||
RANLIB = @RANLIB@
|
|
||||||
SED = @SED@
|
|
||||||
SET_MAKE = @SET_MAKE@
|
|
||||||
SHELL = @SHELL@
|
|
||||||
SSLDIR = @SSLDIR@
|
|
||||||
STRIP = @STRIP@
|
|
||||||
VERSION = @VERSION@
|
|
||||||
abs_builddir = @abs_builddir@
|
|
||||||
abs_srcdir = @abs_srcdir@
|
|
||||||
abs_top_builddir = @abs_top_builddir@
|
|
||||||
abs_top_srcdir = @abs_top_srcdir@
|
|
||||||
ac_ct_AR = @ac_ct_AR@
|
|
||||||
ac_ct_CC = @ac_ct_CC@
|
|
||||||
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
|
|
||||||
am__include = @am__include@
|
|
||||||
am__leading_dot = @am__leading_dot@
|
|
||||||
am__quote = @am__quote@
|
|
||||||
am__tar = @am__tar@
|
|
||||||
am__untar = @am__untar@
|
|
||||||
ax_pthread_config = @ax_pthread_config@
|
|
||||||
bindir = @bindir@
|
|
||||||
build = @build@
|
|
||||||
build_alias = @build_alias@
|
|
||||||
build_cpu = @build_cpu@
|
|
||||||
build_os = @build_os@
|
|
||||||
build_vendor = @build_vendor@
|
|
||||||
builddir = @builddir@
|
|
||||||
datadir = @datadir@
|
|
||||||
datarootdir = @datarootdir@
|
|
||||||
docdir = $(datadir)/doc/stunnel
|
|
||||||
dvidir = @dvidir@
|
|
||||||
exec_prefix = @exec_prefix@
|
|
||||||
host = @host@
|
|
||||||
host_alias = @host_alias@
|
|
||||||
host_cpu = @host_cpu@
|
|
||||||
host_os = @host_os@
|
|
||||||
host_vendor = @host_vendor@
|
|
||||||
htmldir = @htmldir@
|
|
||||||
includedir = @includedir@
|
|
||||||
infodir = @infodir@
|
|
||||||
install_sh = @install_sh@
|
|
||||||
libdir = @libdir@
|
|
||||||
libexecdir = @libexecdir@
|
|
||||||
localedir = @localedir@
|
|
||||||
localstatedir = @localstatedir@
|
|
||||||
mandir = @mandir@
|
|
||||||
mkdir_p = @mkdir_p@
|
|
||||||
oldincludedir = @oldincludedir@
|
|
||||||
pdfdir = @pdfdir@
|
|
||||||
prefix = @prefix@
|
|
||||||
program_transform_name = @program_transform_name@
|
|
||||||
psdir = @psdir@
|
|
||||||
runstatedir = @runstatedir@
|
|
||||||
sbindir = @sbindir@
|
|
||||||
sharedstatedir = @sharedstatedir@
|
|
||||||
srcdir = @srcdir@
|
|
||||||
sysconfdir = @sysconfdir@
|
|
||||||
target_alias = @target_alias@
|
|
||||||
top_build_prefix = @top_build_prefix@
|
|
||||||
top_builddir = @top_builddir@
|
|
||||||
top_srcdir = @top_srcdir@
|
|
||||||
ACLOCAL_AMFLAGS = -I m4
|
|
||||||
SUBDIRS = src doc tools tests
|
|
||||||
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE \
|
|
||||||
INSTALL.FIPS build-android.sh .travis.yml
|
|
||||||
doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog PORTS BUGS \
|
|
||||||
COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS
|
|
||||||
distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
|
|
||||||
edit = sed \
|
|
||||||
-e 's|@bindir[@]|$(bindir)|g' \
|
|
||||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g'
|
|
||||||
|
|
||||||
all: all-recursive
|
|
||||||
|
|
||||||
.SUFFIXES:
|
|
||||||
am--refresh: Makefile
|
|
||||||
@:
|
|
||||||
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
|
|
||||||
@for dep in $?; do \
|
|
||||||
case '$(am__configure_deps)' in \
|
|
||||||
*$$dep*) \
|
|
||||||
echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
|
|
||||||
$(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
|
|
||||||
&& exit 0; \
|
|
||||||
exit 1;; \
|
|
||||||
esac; \
|
|
||||||
done; \
|
|
||||||
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
|
|
||||||
$(am__cd) $(top_srcdir) && \
|
|
||||||
$(AUTOMAKE) --gnu Makefile
|
|
||||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
|
||||||
@case '$?' in \
|
|
||||||
*config.status*) \
|
|
||||||
echo ' $(SHELL) ./config.status'; \
|
|
||||||
$(SHELL) ./config.status;; \
|
|
||||||
*) \
|
|
||||||
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
|
|
||||||
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
|
|
||||||
esac;
|
|
||||||
|
|
||||||
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
|
|
||||||
$(SHELL) ./config.status --recheck
|
|
||||||
|
|
||||||
$(top_srcdir)/configure: $(am__configure_deps)
|
|
||||||
$(am__cd) $(srcdir) && $(AUTOCONF)
|
|
||||||
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
|
|
||||||
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
|
|
||||||
$(am__aclocal_m4_deps):
|
|
||||||
|
|
||||||
mostlyclean-libtool:
|
|
||||||
-rm -f *.lo
|
|
||||||
|
|
||||||
clean-libtool:
|
|
||||||
-rm -rf .libs _libs
|
|
||||||
|
|
||||||
distclean-libtool:
|
|
||||||
-rm -f libtool config.lt
|
|
||||||
install-docDATA: $(doc_DATA)
|
|
||||||
@$(NORMAL_INSTALL)
|
|
||||||
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
|
|
||||||
if test -n "$$list"; then \
|
|
||||||
echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \
|
|
||||||
$(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \
|
|
||||||
fi; \
|
|
||||||
for p in $$list; do \
|
|
||||||
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
|
|
||||||
echo "$$d$$p"; \
|
|
||||||
done | $(am__base_list) | \
|
|
||||||
while read files; do \
|
|
||||||
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
|
|
||||||
$(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
|
|
||||||
done
|
|
||||||
|
|
||||||
uninstall-docDATA:
|
|
||||||
@$(NORMAL_UNINSTALL)
|
|
||||||
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
|
|
||||||
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
|
|
||||||
dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir)
|
|
||||||
|
|
||||||
# This directory's subdirectories are mostly independent; you can cd
|
|
||||||
# into them and run 'make' without going through this Makefile.
|
|
||||||
# To change the values of 'make' variables: instead of editing Makefiles,
|
|
||||||
# (1) if the variable is set in 'config.status', edit 'config.status'
|
|
||||||
# (which will cause the Makefiles to be regenerated when you run 'make');
|
|
||||||
# (2) otherwise, pass the desired values on the 'make' command line.
|
|
||||||
$(am__recursive_targets):
|
|
||||||
@fail=; \
|
|
||||||
if $(am__make_keepgoing); then \
|
|
||||||
failcom='fail=yes'; \
|
|
||||||
else \
|
|
||||||
failcom='exit 1'; \
|
|
||||||
fi; \
|
|
||||||
dot_seen=no; \
|
|
||||||
target=`echo $@ | sed s/-recursive//`; \
|
|
||||||
case "$@" in \
|
|
||||||
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
|
|
||||||
*) list='$(SUBDIRS)' ;; \
|
|
||||||
esac; \
|
|
||||||
for subdir in $$list; do \
|
|
||||||
echo "Making $$target in $$subdir"; \
|
|
||||||
if test "$$subdir" = "."; then \
|
|
||||||
dot_seen=yes; \
|
|
||||||
local_target="$$target-am"; \
|
|
||||||
else \
|
|
||||||
local_target="$$target"; \
|
|
||||||
fi; \
|
|
||||||
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|
|
||||||
|| eval $$failcom; \
|
|
||||||
done; \
|
|
||||||
if test "$$dot_seen" = "no"; then \
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
|
|
||||||
fi; test -z "$$fail"
|
|
||||||
|
|
||||||
ID: $(am__tagged_files)
|
|
||||||
$(am__define_uniq_tagged_files); mkid -fID $$unique
|
|
||||||
tags: tags-recursive
|
|
||||||
TAGS: tags
|
|
||||||
|
|
||||||
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
|
||||||
set x; \
|
|
||||||
here=`pwd`; \
|
|
||||||
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
|
|
||||||
include_option=--etags-include; \
|
|
||||||
empty_fix=.; \
|
|
||||||
else \
|
|
||||||
include_option=--include; \
|
|
||||||
empty_fix=; \
|
|
||||||
fi; \
|
|
||||||
list='$(SUBDIRS)'; for subdir in $$list; do \
|
|
||||||
if test "$$subdir" = .; then :; else \
|
|
||||||
test ! -f $$subdir/TAGS || \
|
|
||||||
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
|
|
||||||
fi; \
|
|
||||||
done; \
|
|
||||||
$(am__define_uniq_tagged_files); \
|
|
||||||
shift; \
|
|
||||||
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
|
|
||||||
test -n "$$unique" || unique=$$empty_fix; \
|
|
||||||
if test $$# -gt 0; then \
|
|
||||||
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
|
||||||
"$$@" $$unique; \
|
|
||||||
else \
|
|
||||||
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
|
||||||
$$unique; \
|
|
||||||
fi; \
|
|
||||||
fi
|
|
||||||
ctags: ctags-recursive
|
|
||||||
|
|
||||||
CTAGS: ctags
|
|
||||||
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
|
||||||
$(am__define_uniq_tagged_files); \
|
|
||||||
test -z "$(CTAGS_ARGS)$$unique" \
|
|
||||||
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
|
||||||
$$unique
|
|
||||||
|
|
||||||
GTAGS:
|
|
||||||
here=`$(am__cd) $(top_builddir) && pwd` \
|
|
||||||
&& $(am__cd) $(top_srcdir) \
|
|
||||||
&& gtags -i $(GTAGS_ARGS) "$$here"
|
|
||||||
cscope: cscope.files
|
|
||||||
test ! -s cscope.files \
|
|
||||||
|| $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
|
|
||||||
clean-cscope:
|
|
||||||
-rm -f cscope.files
|
|
||||||
cscope.files: clean-cscope cscopelist
|
|
||||||
cscopelist: cscopelist-recursive
|
|
||||||
|
|
||||||
cscopelist-am: $(am__tagged_files)
|
|
||||||
list='$(am__tagged_files)'; \
|
|
||||||
case "$(srcdir)" in \
|
|
||||||
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
|
|
||||||
*) sdir=$(subdir)/$(srcdir) ;; \
|
|
||||||
esac; \
|
|
||||||
for i in $$list; do \
|
|
||||||
if test -f "$$i"; then \
|
|
||||||
echo "$(subdir)/$$i"; \
|
|
||||||
else \
|
|
||||||
echo "$$sdir/$$i"; \
|
|
||||||
fi; \
|
|
||||||
done >> $(top_builddir)/cscope.files
|
|
||||||
|
|
||||||
distclean-tags:
|
|
||||||
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
|
|
||||||
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
|
|
||||||
|
|
||||||
distdir: $(DISTFILES)
|
|
||||||
$(am__remove_distdir)
|
|
||||||
test -d "$(distdir)" || mkdir "$(distdir)"
|
|
||||||
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
|
||||||
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
|
||||||
list='$(DISTFILES)'; \
|
|
||||||
dist_files=`for file in $$list; do echo $$file; done | \
|
|
||||||
sed -e "s|^$$srcdirstrip/||;t" \
|
|
||||||
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
|
|
||||||
case $$dist_files in \
|
|
||||||
*/*) $(MKDIR_P) `echo "$$dist_files" | \
|
|
||||||
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
|
|
||||||
sort -u` ;; \
|
|
||||||
esac; \
|
|
||||||
for file in $$dist_files; do \
|
|
||||||
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
|
||||||
if test -d $$d/$$file; then \
|
|
||||||
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
|
|
||||||
if test -d "$(distdir)/$$file"; then \
|
|
||||||
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
|
||||||
fi; \
|
|
||||||
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
|
||||||
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
|
|
||||||
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
|
||||||
fi; \
|
|
||||||
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
|
|
||||||
else \
|
|
||||||
test -f "$(distdir)/$$file" \
|
|
||||||
|| cp -p $$d/$$file "$(distdir)/$$file" \
|
|
||||||
|| exit 1; \
|
|
||||||
fi; \
|
|
||||||
done
|
|
||||||
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
|
|
||||||
if test "$$subdir" = .; then :; else \
|
|
||||||
$(am__make_dryrun) \
|
|
||||||
|| test -d "$(distdir)/$$subdir" \
|
|
||||||
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|
|
||||||
|| exit 1; \
|
|
||||||
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
|
|
||||||
$(am__relativize); \
|
|
||||||
new_distdir=$$reldir; \
|
|
||||||
dir1=$$subdir; dir2="$(top_distdir)"; \
|
|
||||||
$(am__relativize); \
|
|
||||||
new_top_distdir=$$reldir; \
|
|
||||||
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
|
|
||||||
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
|
|
||||||
($(am__cd) $$subdir && \
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) \
|
|
||||||
top_distdir="$$new_top_distdir" \
|
|
||||||
distdir="$$new_distdir" \
|
|
||||||
am__remove_distdir=: \
|
|
||||||
am__skip_length_check=: \
|
|
||||||
am__skip_mode_fix=: \
|
|
||||||
distdir) \
|
|
||||||
|| exit 1; \
|
|
||||||
fi; \
|
|
||||||
done
|
|
||||||
-test -n "$(am__skip_mode_fix)" \
|
|
||||||
|| find "$(distdir)" -type d ! -perm -755 \
|
|
||||||
-exec chmod u+rwx,go+rx {} \; -o \
|
|
||||||
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
|
|
||||||
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
|
|
||||||
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
|
||||||
|| chmod -R a+r "$(distdir)"
|
|
||||||
dist-gzip: distdir
|
|
||||||
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist-bzip2: distdir
|
|
||||||
tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist-lzip: distdir
|
|
||||||
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist-xz: distdir
|
|
||||||
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist-tarZ: distdir
|
|
||||||
@echo WARNING: "Support for distribution archives compressed with" \
|
|
||||||
"legacy program 'compress' is deprecated." >&2
|
|
||||||
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
|
||||||
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist-shar: distdir
|
|
||||||
@echo WARNING: "Support for shar distribution archives is" \
|
|
||||||
"deprecated." >&2
|
|
||||||
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
|
||||||
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist-zip: distdir
|
|
||||||
-rm -f $(distdir).zip
|
|
||||||
zip -rq $(distdir).zip $(distdir)
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
dist dist-all:
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
|
|
||||||
# This target untars the dist file and tries a VPATH configuration. Then
|
|
||||||
# it guarantees that the distribution is self-contained by making another
|
|
||||||
# tarfile.
|
|
||||||
distcheck: dist
|
|
||||||
case '$(DIST_ARCHIVES)' in \
|
|
||||||
*.tar.gz*) \
|
|
||||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
|
|
||||||
*.tar.bz2*) \
|
|
||||||
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
|
||||||
*.tar.lz*) \
|
|
||||||
lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
|
|
||||||
*.tar.xz*) \
|
|
||||||
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
|
|
||||||
*.tar.Z*) \
|
|
||||||
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
|
||||||
*.shar.gz*) \
|
|
||||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
|
|
||||||
*.zip*) \
|
|
||||||
unzip $(distdir).zip ;;\
|
|
||||||
esac
|
|
||||||
chmod -R a-w $(distdir)
|
|
||||||
chmod u+w $(distdir)
|
|
||||||
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
|
|
||||||
chmod a-w $(distdir)
|
|
||||||
test -d $(distdir)/_build || exit 0; \
|
|
||||||
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
|
|
||||||
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
|
|
||||||
&& am__cwd=`pwd` \
|
|
||||||
&& $(am__cd) $(distdir)/_build/sub \
|
|
||||||
&& ../../configure \
|
|
||||||
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
|
|
||||||
$(DISTCHECK_CONFIGURE_FLAGS) \
|
|
||||||
--srcdir=../.. --prefix="$$dc_install_base" \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) check \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) install \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) uninstall \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
|
|
||||||
distuninstallcheck \
|
|
||||||
&& chmod -R a-w "$$dc_install_base" \
|
|
||||||
&& ({ \
|
|
||||||
(cd ../.. && umask 077 && mkdir "$$dc_destdir") \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
|
|
||||||
distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
|
|
||||||
} || { rm -rf "$$dc_destdir"; exit 1; }) \
|
|
||||||
&& rm -rf "$$dc_destdir" \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) dist \
|
|
||||||
&& rm -rf $(DIST_ARCHIVES) \
|
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
|
|
||||||
&& cd "$$am__cwd" \
|
|
||||||
|| exit 1
|
|
||||||
$(am__post_remove_distdir)
|
|
||||||
@(echo "$(distdir) archives ready for distribution: "; \
|
|
||||||
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
|
|
||||||
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
|
|
||||||
distuninstallcheck:
|
|
||||||
@test -n '$(distuninstallcheck_dir)' || { \
|
|
||||||
echo 'ERROR: trying to run $@ with an empty' \
|
|
||||||
'$$(distuninstallcheck_dir)' >&2; \
|
|
||||||
exit 1; \
|
|
||||||
}; \
|
|
||||||
$(am__cd) '$(distuninstallcheck_dir)' || { \
|
|
||||||
echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
|
|
||||||
exit 1; \
|
|
||||||
}; \
|
|
||||||
test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|
|
||||||
|| { echo "ERROR: files left after uninstall:" ; \
|
|
||||||
if test -n "$(DESTDIR)"; then \
|
|
||||||
echo " (check DESTDIR support)"; \
|
|
||||||
fi ; \
|
|
||||||
$(distuninstallcheck_listfiles) ; \
|
|
||||||
exit 1; } >&2
|
|
||||||
distcleancheck: distclean
|
|
||||||
@if test '$(srcdir)' = . ; then \
|
|
||||||
echo "ERROR: distcleancheck can only run from a VPATH build" ; \
|
|
||||||
exit 1 ; \
|
|
||||||
fi
|
|
||||||
@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
|
|
||||||
|| { echo "ERROR: files left in build directory after distclean:" ; \
|
|
||||||
$(distcleancheck_listfiles) ; \
|
|
||||||
exit 1; } >&2
|
|
||||||
check-am: all-am
|
|
||||||
check: check-recursive
|
|
||||||
all-am: Makefile $(DATA)
|
|
||||||
installdirs: installdirs-recursive
|
|
||||||
installdirs-am:
|
|
||||||
for dir in "$(DESTDIR)$(docdir)"; do \
|
|
||||||
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
|
|
||||||
done
|
|
||||||
install: install-recursive
|
|
||||||
install-exec: install-exec-recursive
|
|
||||||
install-data: install-data-recursive
|
|
||||||
uninstall: uninstall-recursive
|
|
||||||
|
|
||||||
install-am: all-am
|
|
||||||
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
|
||||||
|
|
||||||
installcheck: installcheck-recursive
|
|
||||||
install-strip:
|
|
||||||
if test -z '$(STRIP)'; then \
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
|
||||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
|
||||||
install; \
|
|
||||||
else \
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
|
||||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
|
||||||
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
|
||||||
fi
|
|
||||||
mostlyclean-generic:
|
|
||||||
|
|
||||||
clean-generic:
|
|
||||||
|
|
||||||
distclean-generic:
|
|
||||||
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
|
|
||||||
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
|
|
||||||
|
|
||||||
maintainer-clean-generic:
|
|
||||||
@echo "This command is intended for maintainers to use"
|
|
||||||
@echo "it deletes files that may require special tools to rebuild."
|
|
||||||
clean: clean-recursive
|
|
||||||
|
|
||||||
clean-am: clean-generic clean-libtool mostlyclean-am
|
|
||||||
|
|
||||||
distclean: distclean-recursive
|
|
||||||
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
|
|
||||||
-rm -f Makefile
|
|
||||||
distclean-am: clean-am distclean-generic distclean-libtool \
|
|
||||||
distclean-local distclean-tags
|
|
||||||
|
|
||||||
dvi: dvi-recursive
|
|
||||||
|
|
||||||
dvi-am:
|
|
||||||
|
|
||||||
html: html-recursive
|
|
||||||
|
|
||||||
html-am:
|
|
||||||
|
|
||||||
info: info-recursive
|
|
||||||
|
|
||||||
info-am:
|
|
||||||
|
|
||||||
install-data-am: install-docDATA
|
|
||||||
@$(NORMAL_INSTALL)
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
|
|
||||||
install-dvi: install-dvi-recursive
|
|
||||||
|
|
||||||
install-dvi-am:
|
|
||||||
|
|
||||||
install-exec-am:
|
|
||||||
|
|
||||||
install-html: install-html-recursive
|
|
||||||
|
|
||||||
install-html-am:
|
|
||||||
|
|
||||||
install-info: install-info-recursive
|
|
||||||
|
|
||||||
install-info-am:
|
|
||||||
|
|
||||||
install-man:
|
|
||||||
|
|
||||||
install-pdf: install-pdf-recursive
|
|
||||||
|
|
||||||
install-pdf-am:
|
|
||||||
|
|
||||||
install-ps: install-ps-recursive
|
|
||||||
|
|
||||||
install-ps-am:
|
|
||||||
|
|
||||||
installcheck-am:
|
|
||||||
|
|
||||||
maintainer-clean: maintainer-clean-recursive
|
|
||||||
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
|
|
||||||
-rm -rf $(top_srcdir)/autom4te.cache
|
|
||||||
-rm -f Makefile
|
|
||||||
maintainer-clean-am: distclean-am maintainer-clean-generic
|
|
||||||
|
|
||||||
mostlyclean: mostlyclean-recursive
|
|
||||||
|
|
||||||
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
|
|
||||||
|
|
||||||
pdf: pdf-recursive
|
|
||||||
|
|
||||||
pdf-am:
|
|
||||||
|
|
||||||
ps: ps-recursive
|
|
||||||
|
|
||||||
ps-am:
|
|
||||||
|
|
||||||
uninstall-am: uninstall-docDATA
|
|
||||||
|
|
||||||
.MAKE: $(am__recursive_targets) install-am install-data-am \
|
|
||||||
install-strip
|
|
||||||
|
|
||||||
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
|
|
||||||
am--refresh check check-am clean clean-cscope clean-generic \
|
|
||||||
clean-libtool cscope cscopelist-am ctags ctags-am dist \
|
|
||||||
dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
|
|
||||||
dist-xz dist-zip distcheck distclean distclean-generic \
|
|
||||||
distclean-libtool distclean-local distclean-tags \
|
|
||||||
distcleancheck distdir distuninstallcheck dvi dvi-am html \
|
|
||||||
html-am info info-am install install-am install-data \
|
|
||||||
install-data-am install-data-hook install-docDATA install-dvi \
|
|
||||||
install-dvi-am install-exec install-exec-am install-html \
|
|
||||||
install-html-am install-info install-info-am install-man \
|
|
||||||
install-pdf install-pdf-am install-ps install-ps-am \
|
|
||||||
install-strip installcheck installcheck-am installdirs \
|
|
||||||
installdirs-am maintainer-clean maintainer-clean-generic \
|
|
||||||
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
|
|
||||||
ps ps-am tags tags-am uninstall uninstall-am uninstall-docDATA
|
|
||||||
|
|
||||||
.PRECIOUS: Makefile
|
|
||||||
|
|
||||||
libtool: $(LIBTOOL_DEPS)
|
|
||||||
$(SHELL) ./config.status libtool
|
|
||||||
|
|
||||||
distclean-local:
|
|
||||||
rm -rf autom4te.cache
|
|
||||||
# rm -f $(distdir)-win32-installer.exe
|
|
||||||
|
|
||||||
#dist-hook:
|
|
||||||
# makensis -NOCD -DVERSION=${VERSION} \
|
|
||||||
# -DSTUNNEL_DIR=$(srcdir) \
|
|
||||||
# -DROOT_DIR=/usr/src \
|
|
||||||
# $(srcdir)/tools/stunnel.nsi
|
|
||||||
|
|
||||||
sign: dist
|
|
||||||
cp -f $(distdir).tar.gz $(distdir)-win32-installer.exe $(distdir)-android.zip ../dist
|
|
||||||
gpg-agent --daemon /bin/sh -c "cd ../dist; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir).tar.gz; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-win32-installer.exe; gpg --yes --armor --detach-sign --force-v3-sigs $(distdir)-android.zip"
|
|
||||||
sha256sum $(distdir).tar.gz >../dist/$(distdir).tar.gz.sha256
|
|
||||||
sha256sum $(distdir)-win32-installer.exe >../dist/$(distdir)-win32-installer.exe.sha256
|
|
||||||
sha256sum $(distdir)-android.zip >../dist/$(distdir)-android.zip.sha256
|
|
||||||
cat ../dist/$(distdir)*.sha256 | tac
|
|
||||||
|
|
||||||
cert:
|
|
||||||
$(MAKE) -C tools cert
|
|
||||||
|
|
||||||
test: check
|
|
||||||
|
|
||||||
install-data-hook:
|
|
||||||
@echo "*********************************************************"
|
|
||||||
@echo "* Type 'make cert' to also install a sample certificate *"
|
|
||||||
@echo "*********************************************************"
|
|
||||||
|
|
||||||
stunnel.pod: Makefile
|
|
||||||
$(edit) '$(srcdir)/$@.in' >$@
|
|
||||||
|
|
||||||
stunnel.pod: $(srcdir)/stunnel.pod
|
|
||||||
|
|
||||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
|
||||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
|
||||||
.NOEXPORT:
|
|
17
PORTS
17
PORTS
@ -1,17 +0,0 @@
|
|||||||
stunnel known port maintainers
|
|
||||||
|
|
||||||
|
|
||||||
* Cygwin
|
|
||||||
- Andrew Schulman <andrex@alumni.utexas.net>
|
|
||||||
* Debian GNU/Linux
|
|
||||||
- Peter Pentchev <roam@ringlet.net>
|
|
||||||
* FreeBSD
|
|
||||||
- Ryan Steinmetz <zi@FreeBSD.org>
|
|
||||||
* NetBSD
|
|
||||||
- Martti Kuparinen <martti.kuparinen@iki.fi>
|
|
||||||
* OpenBSD
|
|
||||||
- Gleydson Soares <gsoares@openbsd.org>
|
|
||||||
* OpenCSW Solaris
|
|
||||||
- Dagobert Michelsen <dam@opencsw.org>
|
|
||||||
* RedHat Linux
|
|
||||||
- Damien Miller <dmiller@ilogic.com.au>
|
|
30
README
30
README
@ -1,30 +0,0 @@
|
|||||||
stunnel overview
|
|
||||||
|
|
||||||
Short description
|
|
||||||
|
|
||||||
The stunnel program is designed to work as an SSL encryption
|
|
||||||
wrapper between remote client and local (inetd-startable) or
|
|
||||||
remote servers. The goal is to facilitate SSL encryption and
|
|
||||||
authentication for non-SSL-aware programs.
|
|
||||||
|
|
||||||
stunnel can be used to add SSL functionality to commonly
|
|
||||||
used inetd daemons like POP-2, POP-3 and IMAP servers
|
|
||||||
without any changes in the programs' code.
|
|
||||||
|
|
||||||
Compile instructions
|
|
||||||
|
|
||||||
See INSTALL file.
|
|
||||||
|
|
||||||
License
|
|
||||||
|
|
||||||
See COPYING file.
|
|
||||||
|
|
||||||
Other files you should read
|
|
||||||
|
|
||||||
Changelog What I did
|
|
||||||
TODO What I'm going to do
|
|
||||||
|
|
||||||
Reporting problems and other contacts
|
|
||||||
|
|
||||||
See FAQ file.
|
|
||||||
|
|
52
TODO
52
TODO
@ -1,52 +0,0 @@
|
|||||||
stunnel TODO
|
|
||||||
|
|
||||||
|
|
||||||
High priority features. They will likely be supported some day.
|
|
||||||
A sponsor could allocate my time to get them faster.
|
|
||||||
* Add client certificate autoselection based on the list of accepted issuers:
|
|
||||||
SSL_CTX_set_client_cert_cb(), SSL_get_client_CA_list().
|
|
||||||
* Add an Apparmor profile.
|
|
||||||
* Optional line-buffering of the log file.
|
|
||||||
* Log rotation on Windows.
|
|
||||||
* Configuration file option to limit the number of concurrent connections.
|
|
||||||
* Implement reference counting of the SERVICE_OPTIONS structure
|
|
||||||
- Add 'leastconn' failover strategy to order defined 'connect' targets
|
|
||||||
by the number of active connections.
|
|
||||||
- Add '-status' command line option reporting the number of clients
|
|
||||||
connected to each service.
|
|
||||||
- Deallocate SERVICE_OPTIONS structure when the configuration file
|
|
||||||
is reloaded *and* old connections are closed.
|
|
||||||
* Command-line server control interface on both Unix and Windows.
|
|
||||||
* Separate GUI process running as the current user on Windows.
|
|
||||||
* An Android GUI.
|
|
||||||
* OCSP stapling (tlsext_status).
|
|
||||||
* Extend session tickets and/or sessiond to also serialize application
|
|
||||||
data ("redirect" state and session persistence).
|
|
||||||
* Indirect CRL support (RFC 3280, section 5).
|
|
||||||
* Provide 64-bit Windows builds (besides 32-bit builds).
|
|
||||||
This requires either Microsoft Visual Studio Standard Edition or Microsoft
|
|
||||||
Visual Studio Professional Edition in order to retain FIPS compliance.
|
|
||||||
* MSI installer for Windows.
|
|
||||||
* Add user-defined headers to CONNECT proxy requests.
|
|
||||||
This can be used to impersonate other software (e.g. web browsers).
|
|
||||||
|
|
||||||
Low priority features. They will unlikely ever be supported.
|
|
||||||
* Database and/or directory interface for retrieving PSK secrets.
|
|
||||||
* Support static FIPS-enabled build.
|
|
||||||
* Service-level logging destination.
|
|
||||||
* Enforce key renegotiation (re-handshake) for long connections.
|
|
||||||
* Logging to NT EventLog on Windows.
|
|
||||||
* Internationalization of logged messages (i18n).
|
|
||||||
* Generic scripting engine instead or static protocol.c.
|
|
||||||
|
|
||||||
Features I won't support, unless convinced otherwise by a wealthy sponsor.
|
|
||||||
* Support for adding X-Forwarded-For to HTTP request headers.
|
|
||||||
This feature is less useful since PROXY protocol support is available.
|
|
||||||
* Support for adding X-Forwarded-For to SMTP email headers.
|
|
||||||
This feature is most likely to be implemented as a separate proxy.
|
|
||||||
* Additional certificate checks (including wildcard comparison) based on:
|
|
||||||
- O (Organization), and
|
|
||||||
- OU (Organizational Unit).
|
|
||||||
* Set processes title that appear on the ps(1) and top(1) commands.
|
|
||||||
I could not find a portable *and* non-copyleft library for it.
|
|
||||||
|
|
2037
aclocal.m4
vendored
2037
aclocal.m4
vendored
File diff suppressed because it is too large
Load Diff
347
auto/compile
347
auto/compile
@ -1,347 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
# Wrapper for compilers which do not understand '-c -o'.
|
|
||||||
|
|
||||||
scriptversion=2012-10-14.11; # UTC
|
|
||||||
|
|
||||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
|
||||||
# Written by Tom Tromey <tromey@cygnus.com>.
|
|
||||||
#
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2, or (at your option)
|
|
||||||
# any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# As a special exception to the GNU General Public License, if you
|
|
||||||
# distribute this file as part of a program that contains a
|
|
||||||
# configuration script generated by Autoconf, you may include it under
|
|
||||||
# the same distribution terms that you use for the rest of that program.
|
|
||||||
|
|
||||||
# This file is maintained in Automake, please report
|
|
||||||
# bugs to <bug-automake@gnu.org> or send patches to
|
|
||||||
# <automake-patches@gnu.org>.
|
|
||||||
|
|
||||||
nl='
|
|
||||||
'
|
|
||||||
|
|
||||||
# We need space, tab and new line, in precisely that order. Quoting is
|
|
||||||
# there to prevent tools from complaining about whitespace usage.
|
|
||||||
IFS=" "" $nl"
|
|
||||||
|
|
||||||
file_conv=
|
|
||||||
|
|
||||||
# func_file_conv build_file lazy
|
|
||||||
# Convert a $build file to $host form and store it in $file
|
|
||||||
# Currently only supports Windows hosts. If the determined conversion
|
|
||||||
# type is listed in (the comma separated) LAZY, no conversion will
|
|
||||||
# take place.
|
|
||||||
func_file_conv ()
|
|
||||||
{
|
|
||||||
file=$1
|
|
||||||
case $file in
|
|
||||||
/ | /[!/]*) # absolute file, and not a UNC file
|
|
||||||
if test -z "$file_conv"; then
|
|
||||||
# lazily determine how to convert abs files
|
|
||||||
case `uname -s` in
|
|
||||||
MINGW*)
|
|
||||||
file_conv=mingw
|
|
||||||
;;
|
|
||||||
CYGWIN*)
|
|
||||||
file_conv=cygwin
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
file_conv=wine
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
case $file_conv/,$2, in
|
|
||||||
*,$file_conv,*)
|
|
||||||
;;
|
|
||||||
mingw/*)
|
|
||||||
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
|
|
||||||
;;
|
|
||||||
cygwin/*)
|
|
||||||
file=`cygpath -m "$file" || echo "$file"`
|
|
||||||
;;
|
|
||||||
wine/*)
|
|
||||||
file=`winepath -w "$file" || echo "$file"`
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
# func_cl_dashL linkdir
|
|
||||||
# Make cl look for libraries in LINKDIR
|
|
||||||
func_cl_dashL ()
|
|
||||||
{
|
|
||||||
func_file_conv "$1"
|
|
||||||
if test -z "$lib_path"; then
|
|
||||||
lib_path=$file
|
|
||||||
else
|
|
||||||
lib_path="$lib_path;$file"
|
|
||||||
fi
|
|
||||||
linker_opts="$linker_opts -LIBPATH:$file"
|
|
||||||
}
|
|
||||||
|
|
||||||
# func_cl_dashl library
|
|
||||||
# Do a library search-path lookup for cl
|
|
||||||
func_cl_dashl ()
|
|
||||||
{
|
|
||||||
lib=$1
|
|
||||||
found=no
|
|
||||||
save_IFS=$IFS
|
|
||||||
IFS=';'
|
|
||||||
for dir in $lib_path $LIB
|
|
||||||
do
|
|
||||||
IFS=$save_IFS
|
|
||||||
if $shared && test -f "$dir/$lib.dll.lib"; then
|
|
||||||
found=yes
|
|
||||||
lib=$dir/$lib.dll.lib
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
if test -f "$dir/$lib.lib"; then
|
|
||||||
found=yes
|
|
||||||
lib=$dir/$lib.lib
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
if test -f "$dir/lib$lib.a"; then
|
|
||||||
found=yes
|
|
||||||
lib=$dir/lib$lib.a
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS=$save_IFS
|
|
||||||
|
|
||||||
if test "$found" != yes; then
|
|
||||||
lib=$lib.lib
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# func_cl_wrapper cl arg...
|
|
||||||
# Adjust compile command to suit cl
|
|
||||||
func_cl_wrapper ()
|
|
||||||
{
|
|
||||||
# Assume a capable shell
|
|
||||||
lib_path=
|
|
||||||
shared=:
|
|
||||||
linker_opts=
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
if test -n "$eat"; then
|
|
||||||
eat=
|
|
||||||
else
|
|
||||||
case $1 in
|
|
||||||
-o)
|
|
||||||
# configure might choose to run compile as 'compile cc -o foo foo.c'.
|
|
||||||
eat=1
|
|
||||||
case $2 in
|
|
||||||
*.o | *.[oO][bB][jJ])
|
|
||||||
func_file_conv "$2"
|
|
||||||
set x "$@" -Fo"$file"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
func_file_conv "$2"
|
|
||||||
set x "$@" -Fe"$file"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
-I)
|
|
||||||
eat=1
|
|
||||||
func_file_conv "$2" mingw
|
|
||||||
set x "$@" -I"$file"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
-I*)
|
|
||||||
func_file_conv "${1#-I}" mingw
|
|
||||||
set x "$@" -I"$file"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
-l)
|
|
||||||
eat=1
|
|
||||||
func_cl_dashl "$2"
|
|
||||||
set x "$@" "$lib"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
-l*)
|
|
||||||
func_cl_dashl "${1#-l}"
|
|
||||||
set x "$@" "$lib"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
-L)
|
|
||||||
eat=1
|
|
||||||
func_cl_dashL "$2"
|
|
||||||
;;
|
|
||||||
-L*)
|
|
||||||
func_cl_dashL "${1#-L}"
|
|
||||||
;;
|
|
||||||
-static)
|
|
||||||
shared=false
|
|
||||||
;;
|
|
||||||
-Wl,*)
|
|
||||||
arg=${1#-Wl,}
|
|
||||||
save_ifs="$IFS"; IFS=','
|
|
||||||
for flag in $arg; do
|
|
||||||
IFS="$save_ifs"
|
|
||||||
linker_opts="$linker_opts $flag"
|
|
||||||
done
|
|
||||||
IFS="$save_ifs"
|
|
||||||
;;
|
|
||||||
-Xlinker)
|
|
||||||
eat=1
|
|
||||||
linker_opts="$linker_opts $2"
|
|
||||||
;;
|
|
||||||
-*)
|
|
||||||
set x "$@" "$1"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
|
|
||||||
func_file_conv "$1"
|
|
||||||
set x "$@" -Tp"$file"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
|
|
||||||
func_file_conv "$1" mingw
|
|
||||||
set x "$@" "$file"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set x "$@" "$1"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
if test -n "$linker_opts"; then
|
|
||||||
linker_opts="-link$linker_opts"
|
|
||||||
fi
|
|
||||||
exec "$@" $linker_opts
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
eat=
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
'')
|
|
||||||
echo "$0: No command. Try '$0 --help' for more information." 1>&2
|
|
||||||
exit 1;
|
|
||||||
;;
|
|
||||||
-h | --h*)
|
|
||||||
cat <<\EOF
|
|
||||||
Usage: compile [--help] [--version] PROGRAM [ARGS]
|
|
||||||
|
|
||||||
Wrapper for compilers which do not understand '-c -o'.
|
|
||||||
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
|
|
||||||
arguments, and rename the output as expected.
|
|
||||||
|
|
||||||
If you are trying to build a whole package this is not the
|
|
||||||
right script to run: please start by reading the file 'INSTALL'.
|
|
||||||
|
|
||||||
Report bugs to <bug-automake@gnu.org>.
|
|
||||||
EOF
|
|
||||||
exit $?
|
|
||||||
;;
|
|
||||||
-v | --v*)
|
|
||||||
echo "compile $scriptversion"
|
|
||||||
exit $?
|
|
||||||
;;
|
|
||||||
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
|
|
||||||
func_cl_wrapper "$@" # Doesn't return...
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
ofile=
|
|
||||||
cfile=
|
|
||||||
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
if test -n "$eat"; then
|
|
||||||
eat=
|
|
||||||
else
|
|
||||||
case $1 in
|
|
||||||
-o)
|
|
||||||
# configure might choose to run compile as 'compile cc -o foo foo.c'.
|
|
||||||
# So we strip '-o arg' only if arg is an object.
|
|
||||||
eat=1
|
|
||||||
case $2 in
|
|
||||||
*.o | *.obj)
|
|
||||||
ofile=$2
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set x "$@" -o "$2"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*.c)
|
|
||||||
cfile=$1
|
|
||||||
set x "$@" "$1"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set x "$@" "$1"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
|
|
||||||
if test -z "$ofile" || test -z "$cfile"; then
|
|
||||||
# If no '-o' option was seen then we might have been invoked from a
|
|
||||||
# pattern rule where we don't need one. That is ok -- this is a
|
|
||||||
# normal compilation that the losing compiler can handle. If no
|
|
||||||
# '.c' file was seen then we are probably linking. That is also
|
|
||||||
# ok.
|
|
||||||
exec "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Name of file we expect compiler to create.
|
|
||||||
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
|
|
||||||
|
|
||||||
# Create the lock directory.
|
|
||||||
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
|
|
||||||
# that we are using for the .o file. Also, base the name on the expected
|
|
||||||
# object file name, since that is what matters with a parallel build.
|
|
||||||
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
|
|
||||||
while true; do
|
|
||||||
if mkdir "$lockdir" >/dev/null 2>&1; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
# FIXME: race condition here if user kills between mkdir and trap.
|
|
||||||
trap "rmdir '$lockdir'; exit 1" 1 2 15
|
|
||||||
|
|
||||||
# Run the compile.
|
|
||||||
"$@"
|
|
||||||
ret=$?
|
|
||||||
|
|
||||||
if test -f "$cofile"; then
|
|
||||||
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
|
|
||||||
elif test -f "${cofile}bj"; then
|
|
||||||
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
|
|
||||||
fi
|
|
||||||
|
|
||||||
rmdir "$lockdir"
|
|
||||||
exit $ret
|
|
||||||
|
|
||||||
# Local Variables:
|
|
||||||
# mode: shell-script
|
|
||||||
# sh-indentation: 2
|
|
||||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
|
||||||
# time-stamp-start: "scriptversion="
|
|
||||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
|
||||||
# time-stamp-time-zone: "UTC"
|
|
||||||
# time-stamp-end: "; # UTC"
|
|
||||||
# End:
|
|
1462
auto/config.guess
vendored
1462
auto/config.guess
vendored
File diff suppressed because it is too large
Load Diff
1825
auto/config.sub
vendored
1825
auto/config.sub
vendored
File diff suppressed because it is too large
Load Diff
791
auto/depcomp
791
auto/depcomp
@ -1,791 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
# depcomp - compile a program generating dependencies as side-effects
|
|
||||||
|
|
||||||
scriptversion=2013-05-30.07; # UTC
|
|
||||||
|
|
||||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2, or (at your option)
|
|
||||||
# any later version.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# As a special exception to the GNU General Public License, if you
|
|
||||||
# distribute this file as part of a program that contains a
|
|
||||||
# configuration script generated by Autoconf, you may include it under
|
|
||||||
# the same distribution terms that you use for the rest of that program.
|
|
||||||
|
|
||||||
# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
'')
|
|
||||||
echo "$0: No command. Try '$0 --help' for more information." 1>&2
|
|
||||||
exit 1;
|
|
||||||
;;
|
|
||||||
-h | --h*)
|
|
||||||
cat <<\EOF
|
|
||||||
Usage: depcomp [--help] [--version] PROGRAM [ARGS]
|
|
||||||
|
|
||||||
Run PROGRAMS ARGS to compile a file, generating dependencies
|
|
||||||
as side-effects.
|
|
||||||
|
|
||||||
Environment variables:
|
|
||||||
depmode Dependency tracking mode.
|
|
||||||
source Source file read by 'PROGRAMS ARGS'.
|
|
||||||
object Object file output by 'PROGRAMS ARGS'.
|
|
||||||
DEPDIR directory where to store dependencies.
|
|
||||||
depfile Dependency file to output.
|
|
||||||
tmpdepfile Temporary file to use when outputting dependencies.
|
|
||||||
libtool Whether libtool is used (yes/no).
|
|
||||||
|
|
||||||
Report bugs to <bug-automake@gnu.org>.
|
|
||||||
EOF
|
|
||||||
exit $?
|
|
||||||
;;
|
|
||||||
-v | --v*)
|
|
||||||
echo "depcomp $scriptversion"
|
|
||||||
exit $?
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Get the directory component of the given path, and save it in the
|
|
||||||
# global variables '$dir'. Note that this directory component will
|
|
||||||
# be either empty or ending with a '/' character. This is deliberate.
|
|
||||||
set_dir_from ()
|
|
||||||
{
|
|
||||||
case $1 in
|
|
||||||
*/*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
|
|
||||||
*) dir=;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get the suffix-stripped basename of the given path, and save it the
|
|
||||||
# global variable '$base'.
|
|
||||||
set_base_from ()
|
|
||||||
{
|
|
||||||
base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
|
|
||||||
}
|
|
||||||
|
|
||||||
# If no dependency file was actually created by the compiler invocation,
|
|
||||||
# we still have to create a dummy depfile, to avoid errors with the
|
|
||||||
# Makefile "include basename.Plo" scheme.
|
|
||||||
make_dummy_depfile ()
|
|
||||||
{
|
|
||||||
echo "#dummy" > "$depfile"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Factor out some common post-processing of the generated depfile.
|
|
||||||
# Requires the auxiliary global variable '$tmpdepfile' to be set.
|
|
||||||
aix_post_process_depfile ()
|
|
||||||
{
|
|
||||||
# If the compiler actually managed to produce a dependency file,
|
|
||||||
# post-process it.
|
|
||||||
if test -f "$tmpdepfile"; then
|
|
||||||
# Each line is of the form 'foo.o: dependency.h'.
|
|
||||||
# Do two passes, one to just change these to
|
|
||||||
# $object: dependency.h
|
|
||||||
# and one to simply output
|
|
||||||
# dependency.h:
|
|
||||||
# which is needed to avoid the deleted-header problem.
|
|
||||||
{ sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
|
|
||||||
sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
|
|
||||||
} > "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
else
|
|
||||||
make_dummy_depfile
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# A tabulation character.
|
|
||||||
tab=' '
|
|
||||||
# A newline character.
|
|
||||||
nl='
|
|
||||||
'
|
|
||||||
# Character ranges might be problematic outside the C locale.
|
|
||||||
# These definitions help.
|
|
||||||
upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
|
|
||||||
lower=abcdefghijklmnopqrstuvwxyz
|
|
||||||
digits=0123456789
|
|
||||||
alpha=${upper}${lower}
|
|
||||||
|
|
||||||
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
|
|
||||||
echo "depcomp: Variables source, object and depmode must be set" 1>&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
|
|
||||||
depfile=${depfile-`echo "$object" |
|
|
||||||
sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
|
|
||||||
tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
|
|
||||||
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
|
|
||||||
# Avoid interferences from the environment.
|
|
||||||
gccflag= dashmflag=
|
|
||||||
|
|
||||||
# Some modes work just like other modes, but use different flags. We
|
|
||||||
# parameterize here, but still list the modes in the big case below,
|
|
||||||
# to make depend.m4 easier to write. Note that we *cannot* use a case
|
|
||||||
# here, because this file can only contain one case statement.
|
|
||||||
if test "$depmode" = hp; then
|
|
||||||
# HP compiler uses -M and no extra arg.
|
|
||||||
gccflag=-M
|
|
||||||
depmode=gcc
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$depmode" = dashXmstdout; then
|
|
||||||
# This is just like dashmstdout with a different argument.
|
|
||||||
dashmflag=-xM
|
|
||||||
depmode=dashmstdout
|
|
||||||
fi
|
|
||||||
|
|
||||||
cygpath_u="cygpath -u -f -"
|
|
||||||
if test "$depmode" = msvcmsys; then
|
|
||||||
# This is just like msvisualcpp but w/o cygpath translation.
|
|
||||||
# Just convert the backslash-escaped backslashes to single forward
|
|
||||||
# slashes to satisfy depend.m4
|
|
||||||
cygpath_u='sed s,\\\\,/,g'
|
|
||||||
depmode=msvisualcpp
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$depmode" = msvc7msys; then
|
|
||||||
# This is just like msvc7 but w/o cygpath translation.
|
|
||||||
# Just convert the backslash-escaped backslashes to single forward
|
|
||||||
# slashes to satisfy depend.m4
|
|
||||||
cygpath_u='sed s,\\\\,/,g'
|
|
||||||
depmode=msvc7
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test "$depmode" = xlc; then
|
|
||||||
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
|
|
||||||
gccflag=-qmakedep=gcc,-MF
|
|
||||||
depmode=gcc
|
|
||||||
fi
|
|
||||||
|
|
||||||
case "$depmode" in
|
|
||||||
gcc3)
|
|
||||||
## gcc 3 implements dependency tracking that does exactly what
|
|
||||||
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
|
|
||||||
## it if -MD -MP comes after the -MF stuff. Hmm.
|
|
||||||
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
|
|
||||||
## the command line argument order; so add the flags where they
|
|
||||||
## appear in depend2.am. Note that the slowdown incurred here
|
|
||||||
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
case $arg in
|
|
||||||
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
|
|
||||||
*) set fnord "$@" "$arg" ;;
|
|
||||||
esac
|
|
||||||
shift # fnord
|
|
||||||
shift # $arg
|
|
||||||
done
|
|
||||||
"$@"
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
mv "$tmpdepfile" "$depfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
gcc)
|
|
||||||
## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
|
|
||||||
## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
|
|
||||||
## (see the conditional assignment to $gccflag above).
|
|
||||||
## There are various ways to get dependency output from gcc. Here's
|
|
||||||
## why we pick this rather obscure method:
|
|
||||||
## - Don't want to use -MD because we'd like the dependencies to end
|
|
||||||
## up in a subdir. Having to rename by hand is ugly.
|
|
||||||
## (We might end up doing this anyway to support other compilers.)
|
|
||||||
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
|
|
||||||
## -MM, not -M (despite what the docs say). Also, it might not be
|
|
||||||
## supported by the other compilers which use the 'gcc' depmode.
|
|
||||||
## - Using -M directly means running the compiler twice (even worse
|
|
||||||
## than renaming).
|
|
||||||
if test -z "$gccflag"; then
|
|
||||||
gccflag=-MD,
|
|
||||||
fi
|
|
||||||
"$@" -Wp,"$gccflag$tmpdepfile"
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
rm -f "$depfile"
|
|
||||||
echo "$object : \\" > "$depfile"
|
|
||||||
# The second -e expression handles DOS-style file names with drive
|
|
||||||
# letters.
|
|
||||||
sed -e 's/^[^:]*: / /' \
|
|
||||||
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
|
|
||||||
## This next piece of magic avoids the "deleted header file" problem.
|
|
||||||
## The problem is that when a header file which appears in a .P file
|
|
||||||
## is deleted, the dependency causes make to die (because there is
|
|
||||||
## typically no way to rebuild the header). We avoid this by adding
|
|
||||||
## dummy dependencies for each header file. Too bad gcc doesn't do
|
|
||||||
## this for us directly.
|
|
||||||
## Some versions of gcc put a space before the ':'. On the theory
|
|
||||||
## that the space means something, we add a space to the output as
|
|
||||||
## well. hp depmode also adds that space, but also prefixes the VPATH
|
|
||||||
## to the object. Take care to not repeat it in the output.
|
|
||||||
## Some versions of the HPUX 10.20 sed can't process this invocation
|
|
||||||
## correctly. Breaking it into two sed invocations is a workaround.
|
|
||||||
tr ' ' "$nl" < "$tmpdepfile" \
|
|
||||||
| sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
|
|
||||||
| sed -e 's/$/ :/' >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
hp)
|
|
||||||
# This case exists only to let depend.m4 do its work. It works by
|
|
||||||
# looking at the text of this script. This case will never be run,
|
|
||||||
# since it is checked for above.
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
|
|
||||||
sgi)
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
"$@" "-Wp,-MDupdate,$tmpdepfile"
|
|
||||||
else
|
|
||||||
"$@" -MDupdate "$tmpdepfile"
|
|
||||||
fi
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
rm -f "$depfile"
|
|
||||||
|
|
||||||
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
|
|
||||||
echo "$object : \\" > "$depfile"
|
|
||||||
# Clip off the initial element (the dependent). Don't try to be
|
|
||||||
# clever and replace this with sed code, as IRIX sed won't handle
|
|
||||||
# lines with more than a fixed number of characters (4096 in
|
|
||||||
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
|
|
||||||
# the IRIX cc adds comments like '#:fec' to the end of the
|
|
||||||
# dependency line.
|
|
||||||
tr ' ' "$nl" < "$tmpdepfile" \
|
|
||||||
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
|
|
||||||
| tr "$nl" ' ' >> "$depfile"
|
|
||||||
echo >> "$depfile"
|
|
||||||
# The second pass generates a dummy entry for each header file.
|
|
||||||
tr ' ' "$nl" < "$tmpdepfile" \
|
|
||||||
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
|
|
||||||
>> "$depfile"
|
|
||||||
else
|
|
||||||
make_dummy_depfile
|
|
||||||
fi
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
xlc)
|
|
||||||
# This case exists only to let depend.m4 do its work. It works by
|
|
||||||
# looking at the text of this script. This case will never be run,
|
|
||||||
# since it is checked for above.
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
|
|
||||||
aix)
|
|
||||||
# The C for AIX Compiler uses -M and outputs the dependencies
|
|
||||||
# in a .u file. In older versions, this file always lives in the
|
|
||||||
# current directory. Also, the AIX compiler puts '$object:' at the
|
|
||||||
# start of each line; $object doesn't have directory information.
|
|
||||||
# Version 6 uses the directory in both cases.
|
|
||||||
set_dir_from "$object"
|
|
||||||
set_base_from "$object"
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
tmpdepfile1=$dir$base.u
|
|
||||||
tmpdepfile2=$base.u
|
|
||||||
tmpdepfile3=$dir.libs/$base.u
|
|
||||||
"$@" -Wc,-M
|
|
||||||
else
|
|
||||||
tmpdepfile1=$dir$base.u
|
|
||||||
tmpdepfile2=$dir$base.u
|
|
||||||
tmpdepfile3=$dir$base.u
|
|
||||||
"$@" -M
|
|
||||||
fi
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
|
|
||||||
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
|
|
||||||
do
|
|
||||||
test -f "$tmpdepfile" && break
|
|
||||||
done
|
|
||||||
aix_post_process_depfile
|
|
||||||
;;
|
|
||||||
|
|
||||||
tcc)
|
|
||||||
# tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
|
|
||||||
# FIXME: That version still under development at the moment of writing.
|
|
||||||
# Make that this statement remains true also for stable, released
|
|
||||||
# versions.
|
|
||||||
# It will wrap lines (doesn't matter whether long or short) with a
|
|
||||||
# trailing '\', as in:
|
|
||||||
#
|
|
||||||
# foo.o : \
|
|
||||||
# foo.c \
|
|
||||||
# foo.h \
|
|
||||||
#
|
|
||||||
# It will put a trailing '\' even on the last line, and will use leading
|
|
||||||
# spaces rather than leading tabs (at least since its commit 0394caf7
|
|
||||||
# "Emit spaces for -MD").
|
|
||||||
"$@" -MD -MF "$tmpdepfile"
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
rm -f "$depfile"
|
|
||||||
# Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
|
|
||||||
# We have to change lines of the first kind to '$object: \'.
|
|
||||||
sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
|
|
||||||
# And for each line of the second kind, we have to emit a 'dep.h:'
|
|
||||||
# dummy dependency, to avoid the deleted-header problem.
|
|
||||||
sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
## The order of this option in the case statement is important, since the
|
|
||||||
## shell code in configure will try each of these formats in the order
|
|
||||||
## listed in this file. A plain '-MD' option would be understood by many
|
|
||||||
## compilers, so we must ensure this comes after the gcc and icc options.
|
|
||||||
pgcc)
|
|
||||||
# Portland's C compiler understands '-MD'.
|
|
||||||
# Will always output deps to 'file.d' where file is the root name of the
|
|
||||||
# source file under compilation, even if file resides in a subdirectory.
|
|
||||||
# The object file name does not affect the name of the '.d' file.
|
|
||||||
# pgcc 10.2 will output
|
|
||||||
# foo.o: sub/foo.c sub/foo.h
|
|
||||||
# and will wrap long lines using '\' :
|
|
||||||
# foo.o: sub/foo.c ... \
|
|
||||||
# sub/foo.h ... \
|
|
||||||
# ...
|
|
||||||
set_dir_from "$object"
|
|
||||||
# Use the source, not the object, to determine the base name, since
|
|
||||||
# that's sadly what pgcc will do too.
|
|
||||||
set_base_from "$source"
|
|
||||||
tmpdepfile=$base.d
|
|
||||||
|
|
||||||
# For projects that build the same source file twice into different object
|
|
||||||
# files, the pgcc approach of using the *source* file root name can cause
|
|
||||||
# problems in parallel builds. Use a locking strategy to avoid stomping on
|
|
||||||
# the same $tmpdepfile.
|
|
||||||
lockdir=$base.d-lock
|
|
||||||
trap "
|
|
||||||
echo '$0: caught signal, cleaning up...' >&2
|
|
||||||
rmdir '$lockdir'
|
|
||||||
exit 1
|
|
||||||
" 1 2 13 15
|
|
||||||
numtries=100
|
|
||||||
i=$numtries
|
|
||||||
while test $i -gt 0; do
|
|
||||||
# mkdir is a portable test-and-set.
|
|
||||||
if mkdir "$lockdir" 2>/dev/null; then
|
|
||||||
# This process acquired the lock.
|
|
||||||
"$@" -MD
|
|
||||||
stat=$?
|
|
||||||
# Release the lock.
|
|
||||||
rmdir "$lockdir"
|
|
||||||
break
|
|
||||||
else
|
|
||||||
# If the lock is being held by a different process, wait
|
|
||||||
# until the winning process is done or we timeout.
|
|
||||||
while test -d "$lockdir" && test $i -gt 0; do
|
|
||||||
sleep 1
|
|
||||||
i=`expr $i - 1`
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
i=`expr $i - 1`
|
|
||||||
done
|
|
||||||
trap - 1 2 13 15
|
|
||||||
if test $i -le 0; then
|
|
||||||
echo "$0: failed to acquire lock after $numtries attempts" >&2
|
|
||||||
echo "$0: check lockdir '$lockdir'" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
rm -f "$depfile"
|
|
||||||
# Each line is of the form `foo.o: dependent.h',
|
|
||||||
# or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
|
|
||||||
# Do two passes, one to just change these to
|
|
||||||
# `$object: dependent.h' and one to simply `dependent.h:'.
|
|
||||||
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
|
|
||||||
# Some versions of the HPUX 10.20 sed can't process this invocation
|
|
||||||
# correctly. Breaking it into two sed invocations is a workaround.
|
|
||||||
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
|
|
||||||
| sed -e 's/$/ :/' >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
hp2)
|
|
||||||
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
|
|
||||||
# compilers, which have integrated preprocessors. The correct option
|
|
||||||
# to use with these is +Maked; it writes dependencies to a file named
|
|
||||||
# 'foo.d', which lands next to the object file, wherever that
|
|
||||||
# happens to be.
|
|
||||||
# Much of this is similar to the tru64 case; see comments there.
|
|
||||||
set_dir_from "$object"
|
|
||||||
set_base_from "$object"
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
tmpdepfile1=$dir$base.d
|
|
||||||
tmpdepfile2=$dir.libs/$base.d
|
|
||||||
"$@" -Wc,+Maked
|
|
||||||
else
|
|
||||||
tmpdepfile1=$dir$base.d
|
|
||||||
tmpdepfile2=$dir$base.d
|
|
||||||
"$@" +Maked
|
|
||||||
fi
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile1" "$tmpdepfile2"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
|
|
||||||
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
|
|
||||||
do
|
|
||||||
test -f "$tmpdepfile" && break
|
|
||||||
done
|
|
||||||
if test -f "$tmpdepfile"; then
|
|
||||||
sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
|
|
||||||
# Add 'dependent.h:' lines.
|
|
||||||
sed -ne '2,${
|
|
||||||
s/^ *//
|
|
||||||
s/ \\*$//
|
|
||||||
s/$/:/
|
|
||||||
p
|
|
||||||
}' "$tmpdepfile" >> "$depfile"
|
|
||||||
else
|
|
||||||
make_dummy_depfile
|
|
||||||
fi
|
|
||||||
rm -f "$tmpdepfile" "$tmpdepfile2"
|
|
||||||
;;
|
|
||||||
|
|
||||||
tru64)
|
|
||||||
# The Tru64 compiler uses -MD to generate dependencies as a side
|
|
||||||
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
|
|
||||||
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
|
|
||||||
# dependencies in 'foo.d' instead, so we check for that too.
|
|
||||||
# Subdirectories are respected.
|
|
||||||
set_dir_from "$object"
|
|
||||||
set_base_from "$object"
|
|
||||||
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
# Libtool generates 2 separate objects for the 2 libraries. These
|
|
||||||
# two compilations output dependencies in $dir.libs/$base.o.d and
|
|
||||||
# in $dir$base.o.d. We have to check for both files, because
|
|
||||||
# one of the two compilations can be disabled. We should prefer
|
|
||||||
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
|
|
||||||
# automatically cleaned when .libs/ is deleted, while ignoring
|
|
||||||
# the former would cause a distcleancheck panic.
|
|
||||||
tmpdepfile1=$dir$base.o.d # libtool 1.5
|
|
||||||
tmpdepfile2=$dir.libs/$base.o.d # Likewise.
|
|
||||||
tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
|
|
||||||
"$@" -Wc,-MD
|
|
||||||
else
|
|
||||||
tmpdepfile1=$dir$base.d
|
|
||||||
tmpdepfile2=$dir$base.d
|
|
||||||
tmpdepfile3=$dir$base.d
|
|
||||||
"$@" -MD
|
|
||||||
fi
|
|
||||||
|
|
||||||
stat=$?
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
|
|
||||||
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
|
|
||||||
do
|
|
||||||
test -f "$tmpdepfile" && break
|
|
||||||
done
|
|
||||||
# Same post-processing that is required for AIX mode.
|
|
||||||
aix_post_process_depfile
|
|
||||||
;;
|
|
||||||
|
|
||||||
msvc7)
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
showIncludes=-Wc,-showIncludes
|
|
||||||
else
|
|
||||||
showIncludes=-showIncludes
|
|
||||||
fi
|
|
||||||
"$@" $showIncludes > "$tmpdepfile"
|
|
||||||
stat=$?
|
|
||||||
grep -v '^Note: including file: ' "$tmpdepfile"
|
|
||||||
if test $stat -ne 0; then
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
exit $stat
|
|
||||||
fi
|
|
||||||
rm -f "$depfile"
|
|
||||||
echo "$object : \\" > "$depfile"
|
|
||||||
# The first sed program below extracts the file names and escapes
|
|
||||||
# backslashes for cygpath. The second sed program outputs the file
|
|
||||||
# name when reading, but also accumulates all include files in the
|
|
||||||
# hold buffer in order to output them again at the end. This only
|
|
||||||
# works with sed implementations that can handle large buffers.
|
|
||||||
sed < "$tmpdepfile" -n '
|
|
||||||
/^Note: including file: *\(.*\)/ {
|
|
||||||
s//\1/
|
|
||||||
s/\\/\\\\/g
|
|
||||||
p
|
|
||||||
}' | $cygpath_u | sort -u | sed -n '
|
|
||||||
s/ /\\ /g
|
|
||||||
s/\(.*\)/'"$tab"'\1 \\/p
|
|
||||||
s/.\(.*\) \\/\1:/
|
|
||||||
H
|
|
||||||
$ {
|
|
||||||
s/.*/'"$tab"'/
|
|
||||||
G
|
|
||||||
p
|
|
||||||
}' >> "$depfile"
|
|
||||||
echo >> "$depfile" # make sure the fragment doesn't end with a backslash
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
msvc7msys)
|
|
||||||
# This case exists only to let depend.m4 do its work. It works by
|
|
||||||
# looking at the text of this script. This case will never be run,
|
|
||||||
# since it is checked for above.
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
|
|
||||||
#nosideeffect)
|
|
||||||
# This comment above is used by automake to tell side-effect
|
|
||||||
# dependency tracking mechanisms from slower ones.
|
|
||||||
|
|
||||||
dashmstdout)
|
|
||||||
# Important note: in order to support this mode, a compiler *must*
|
|
||||||
# always write the preprocessed file to stdout, regardless of -o.
|
|
||||||
"$@" || exit $?
|
|
||||||
|
|
||||||
# Remove the call to Libtool.
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
while test "X$1" != 'X--mode=compile'; do
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Remove '-o $object'.
|
|
||||||
IFS=" "
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
case $arg in
|
|
||||||
-o)
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
$object)
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set fnord "$@" "$arg"
|
|
||||||
shift # fnord
|
|
||||||
shift # $arg
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
test -z "$dashmflag" && dashmflag=-M
|
|
||||||
# Require at least two characters before searching for ':'
|
|
||||||
# in the target name. This is to cope with DOS-style filenames:
|
|
||||||
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
|
|
||||||
"$@" $dashmflag |
|
|
||||||
sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
|
|
||||||
rm -f "$depfile"
|
|
||||||
cat < "$tmpdepfile" > "$depfile"
|
|
||||||
# Some versions of the HPUX 10.20 sed can't process this sed invocation
|
|
||||||
# correctly. Breaking it into two sed invocations is a workaround.
|
|
||||||
tr ' ' "$nl" < "$tmpdepfile" \
|
|
||||||
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
|
|
||||||
| sed -e 's/$/ :/' >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
dashXmstdout)
|
|
||||||
# This case only exists to satisfy depend.m4. It is never actually
|
|
||||||
# run, as this mode is specially recognized in the preamble.
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
|
|
||||||
makedepend)
|
|
||||||
"$@" || exit $?
|
|
||||||
# Remove any Libtool call
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
while test "X$1" != 'X--mode=compile'; do
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
# X makedepend
|
|
||||||
shift
|
|
||||||
cleared=no eat=no
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
case $cleared in
|
|
||||||
no)
|
|
||||||
set ""; shift
|
|
||||||
cleared=yes ;;
|
|
||||||
esac
|
|
||||||
if test $eat = yes; then
|
|
||||||
eat=no
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
case "$arg" in
|
|
||||||
-D*|-I*)
|
|
||||||
set fnord "$@" "$arg"; shift ;;
|
|
||||||
# Strip any option that makedepend may not understand. Remove
|
|
||||||
# the object too, otherwise makedepend will parse it as a source file.
|
|
||||||
-arch)
|
|
||||||
eat=yes ;;
|
|
||||||
-*|$object)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set fnord "$@" "$arg"; shift ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
obj_suffix=`echo "$object" | sed 's/^.*\././'`
|
|
||||||
touch "$tmpdepfile"
|
|
||||||
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
|
|
||||||
rm -f "$depfile"
|
|
||||||
# makedepend may prepend the VPATH from the source file name to the object.
|
|
||||||
# No need to regex-escape $object, excess matching of '.' is harmless.
|
|
||||||
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
|
|
||||||
# Some versions of the HPUX 10.20 sed can't process the last invocation
|
|
||||||
# correctly. Breaking it into two sed invocations is a workaround.
|
|
||||||
sed '1,2d' "$tmpdepfile" \
|
|
||||||
| tr ' ' "$nl" \
|
|
||||||
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
|
|
||||||
| sed -e 's/$/ :/' >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile" "$tmpdepfile".bak
|
|
||||||
;;
|
|
||||||
|
|
||||||
cpp)
|
|
||||||
# Important note: in order to support this mode, a compiler *must*
|
|
||||||
# always write the preprocessed file to stdout.
|
|
||||||
"$@" || exit $?
|
|
||||||
|
|
||||||
# Remove the call to Libtool.
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
while test "X$1" != 'X--mode=compile'; do
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Remove '-o $object'.
|
|
||||||
IFS=" "
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
case $arg in
|
|
||||||
-o)
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
$object)
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set fnord "$@" "$arg"
|
|
||||||
shift # fnord
|
|
||||||
shift # $arg
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
"$@" -E \
|
|
||||||
| sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
|
|
||||||
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
|
|
||||||
| sed '$ s: \\$::' > "$tmpdepfile"
|
|
||||||
rm -f "$depfile"
|
|
||||||
echo "$object : \\" > "$depfile"
|
|
||||||
cat < "$tmpdepfile" >> "$depfile"
|
|
||||||
sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
msvisualcpp)
|
|
||||||
# Important note: in order to support this mode, a compiler *must*
|
|
||||||
# always write the preprocessed file to stdout.
|
|
||||||
"$@" || exit $?
|
|
||||||
|
|
||||||
# Remove the call to Libtool.
|
|
||||||
if test "$libtool" = yes; then
|
|
||||||
while test "X$1" != 'X--mode=compile'; do
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
IFS=" "
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
case "$arg" in
|
|
||||||
-o)
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
$object)
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
|
|
||||||
set fnord "$@"
|
|
||||||
shift
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
set fnord "$@" "$arg"
|
|
||||||
shift
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
"$@" -E 2>/dev/null |
|
|
||||||
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
|
|
||||||
rm -f "$depfile"
|
|
||||||
echo "$object : \\" > "$depfile"
|
|
||||||
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
|
|
||||||
echo "$tab" >> "$depfile"
|
|
||||||
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
|
|
||||||
rm -f "$tmpdepfile"
|
|
||||||
;;
|
|
||||||
|
|
||||||
msvcmsys)
|
|
||||||
# This case exists only to let depend.m4 do its work. It works by
|
|
||||||
# looking at the text of this script. This case will never be run,
|
|
||||||
# since it is checked for above.
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
|
|
||||||
none)
|
|
||||||
exec "$@"
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "Unknown depmode $depmode" 1>&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
# Local Variables:
|
|
||||||
# mode: shell-script
|
|
||||||
# sh-indentation: 2
|
|
||||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
|
||||||
# time-stamp-start: "scriptversion="
|
|
||||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
|
||||||
# time-stamp-time-zone: "UTC"
|
|
||||||
# time-stamp-end: "; # UTC"
|
|
||||||
# End:
|
|
508
auto/install-sh
508
auto/install-sh
@ -1,508 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# install - install a program, script, or datafile
|
|
||||||
|
|
||||||
scriptversion=2014-09-12.12; # UTC
|
|
||||||
|
|
||||||
# This originates from X11R5 (mit/util/scripts/install.sh), which was
|
|
||||||
# later released in X11R6 (xc/config/util/install.sh) with the
|
|
||||||
# following copyright and license.
|
|
||||||
#
|
|
||||||
# Copyright (C) 1994 X Consortium
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to
|
|
||||||
# deal in the Software without restriction, including without limitation the
|
|
||||||
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
||||||
# sell copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
|
|
||||||
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
|
|
||||||
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
||||||
#
|
|
||||||
# Except as contained in this notice, the name of the X Consortium shall not
|
|
||||||
# be used in advertising or otherwise to promote the sale, use or other deal-
|
|
||||||
# ings in this Software without prior written authorization from the X Consor-
|
|
||||||
# tium.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# FSF changes to this file are in the public domain.
|
|
||||||
#
|
|
||||||
# Calling this script install-sh is preferred over install.sh, to prevent
|
|
||||||
# 'make' implicit rules from creating a file called install from it
|
|
||||||
# when there is no Makefile.
|
|
||||||
#
|
|
||||||
# This script is compatible with the BSD install script, but was written
|
|
||||||
# from scratch.
|
|
||||||
|
|
||||||
tab=' '
|
|
||||||
nl='
|
|
||||||
'
|
|
||||||
IFS=" $tab$nl"
|
|
||||||
|
|
||||||
# Set DOITPROG to "echo" to test this script.
|
|
||||||
|
|
||||||
doit=${DOITPROG-}
|
|
||||||
doit_exec=${doit:-exec}
|
|
||||||
|
|
||||||
# Put in absolute file names if you don't have them in your path;
|
|
||||||
# or use environment vars.
|
|
||||||
|
|
||||||
chgrpprog=${CHGRPPROG-chgrp}
|
|
||||||
chmodprog=${CHMODPROG-chmod}
|
|
||||||
chownprog=${CHOWNPROG-chown}
|
|
||||||
cmpprog=${CMPPROG-cmp}
|
|
||||||
cpprog=${CPPROG-cp}
|
|
||||||
mkdirprog=${MKDIRPROG-mkdir}
|
|
||||||
mvprog=${MVPROG-mv}
|
|
||||||
rmprog=${RMPROG-rm}
|
|
||||||
stripprog=${STRIPPROG-strip}
|
|
||||||
|
|
||||||
posix_mkdir=
|
|
||||||
|
|
||||||
# Desired mode of installed file.
|
|
||||||
mode=0755
|
|
||||||
|
|
||||||
chgrpcmd=
|
|
||||||
chmodcmd=$chmodprog
|
|
||||||
chowncmd=
|
|
||||||
mvcmd=$mvprog
|
|
||||||
rmcmd="$rmprog -f"
|
|
||||||
stripcmd=
|
|
||||||
|
|
||||||
src=
|
|
||||||
dst=
|
|
||||||
dir_arg=
|
|
||||||
dst_arg=
|
|
||||||
|
|
||||||
copy_on_change=false
|
|
||||||
is_target_a_directory=possibly
|
|
||||||
|
|
||||||
usage="\
|
|
||||||
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
|
|
||||||
or: $0 [OPTION]... SRCFILES... DIRECTORY
|
|
||||||
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
|
|
||||||
or: $0 [OPTION]... -d DIRECTORIES...
|
|
||||||
|
|
||||||
In the 1st form, copy SRCFILE to DSTFILE.
|
|
||||||
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
|
|
||||||
In the 4th, create DIRECTORIES.
|
|
||||||
|
|
||||||
Options:
|
|
||||||
--help display this help and exit.
|
|
||||||
--version display version info and exit.
|
|
||||||
|
|
||||||
-c (ignored)
|
|
||||||
-C install only if different (preserve the last data modification time)
|
|
||||||
-d create directories instead of installing files.
|
|
||||||
-g GROUP $chgrpprog installed files to GROUP.
|
|
||||||
-m MODE $chmodprog installed files to MODE.
|
|
||||||
-o USER $chownprog installed files to USER.
|
|
||||||
-s $stripprog installed files.
|
|
||||||
-t DIRECTORY install into DIRECTORY.
|
|
||||||
-T report an error if DSTFILE is a directory.
|
|
||||||
|
|
||||||
Environment variables override the default commands:
|
|
||||||
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
|
|
||||||
RMPROG STRIPPROG
|
|
||||||
"
|
|
||||||
|
|
||||||
while test $# -ne 0; do
|
|
||||||
case $1 in
|
|
||||||
-c) ;;
|
|
||||||
|
|
||||||
-C) copy_on_change=true;;
|
|
||||||
|
|
||||||
-d) dir_arg=true;;
|
|
||||||
|
|
||||||
-g) chgrpcmd="$chgrpprog $2"
|
|
||||||
shift;;
|
|
||||||
|
|
||||||
--help) echo "$usage"; exit $?;;
|
|
||||||
|
|
||||||
-m) mode=$2
|
|
||||||
case $mode in
|
|
||||||
*' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
|
|
||||||
echo "$0: invalid mode: $mode" >&2
|
|
||||||
exit 1;;
|
|
||||||
esac
|
|
||||||
shift;;
|
|
||||||
|
|
||||||
-o) chowncmd="$chownprog $2"
|
|
||||||
shift;;
|
|
||||||
|
|
||||||
-s) stripcmd=$stripprog;;
|
|
||||||
|
|
||||||
-t)
|
|
||||||
is_target_a_directory=always
|
|
||||||
dst_arg=$2
|
|
||||||
# Protect names problematic for 'test' and other utilities.
|
|
||||||
case $dst_arg in
|
|
||||||
-* | [=\(\)!]) dst_arg=./$dst_arg;;
|
|
||||||
esac
|
|
||||||
shift;;
|
|
||||||
|
|
||||||
-T) is_target_a_directory=never;;
|
|
||||||
|
|
||||||
--version) echo "$0 $scriptversion"; exit $?;;
|
|
||||||
|
|
||||||
--) shift
|
|
||||||
break;;
|
|
||||||
|
|
||||||
-*) echo "$0: invalid option: $1" >&2
|
|
||||||
exit 1;;
|
|
||||||
|
|
||||||
*) break;;
|
|
||||||
esac
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
|
|
||||||
# We allow the use of options -d and -T together, by making -d
|
|
||||||
# take the precedence; this is for compatibility with GNU install.
|
|
||||||
|
|
||||||
if test -n "$dir_arg"; then
|
|
||||||
if test -n "$dst_arg"; then
|
|
||||||
echo "$0: target directory not allowed when installing a directory." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
|
|
||||||
# When -d is used, all remaining arguments are directories to create.
|
|
||||||
# When -t is used, the destination is already specified.
|
|
||||||
# Otherwise, the last argument is the destination. Remove it from $@.
|
|
||||||
for arg
|
|
||||||
do
|
|
||||||
if test -n "$dst_arg"; then
|
|
||||||
# $@ is not empty: it contains at least $arg.
|
|
||||||
set fnord "$@" "$dst_arg"
|
|
||||||
shift # fnord
|
|
||||||
fi
|
|
||||||
shift # arg
|
|
||||||
dst_arg=$arg
|
|
||||||
# Protect names problematic for 'test' and other utilities.
|
|
||||||
case $dst_arg in
|
|
||||||
-* | [=\(\)!]) dst_arg=./$dst_arg;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test $# -eq 0; then
|
|
||||||
if test -z "$dir_arg"; then
|
|
||||||
echo "$0: no input file specified." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# It's OK to call 'install-sh -d' without argument.
|
|
||||||
# This can happen when creating conditional directories.
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -z "$dir_arg"; then
|
|
||||||
if test $# -gt 1 || test "$is_target_a_directory" = always; then
|
|
||||||
if test ! -d "$dst_arg"; then
|
|
||||||
echo "$0: $dst_arg: Is not a directory." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -z "$dir_arg"; then
|
|
||||||
do_exit='(exit $ret); exit $ret'
|
|
||||||
trap "ret=129; $do_exit" 1
|
|
||||||
trap "ret=130; $do_exit" 2
|
|
||||||
trap "ret=141; $do_exit" 13
|
|
||||||
trap "ret=143; $do_exit" 15
|
|
||||||
|
|
||||||
# Set umask so as not to create temps with too-generous modes.
|
|
||||||
# However, 'strip' requires both read and write access to temps.
|
|
||||||
case $mode in
|
|
||||||
# Optimize common cases.
|
|
||||||
*644) cp_umask=133;;
|
|
||||||
*755) cp_umask=22;;
|
|
||||||
|
|
||||||
*[0-7])
|
|
||||||
if test -z "$stripcmd"; then
|
|
||||||
u_plus_rw=
|
|
||||||
else
|
|
||||||
u_plus_rw='% 200'
|
|
||||||
fi
|
|
||||||
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
|
|
||||||
*)
|
|
||||||
if test -z "$stripcmd"; then
|
|
||||||
u_plus_rw=
|
|
||||||
else
|
|
||||||
u_plus_rw=,u+rw
|
|
||||||
fi
|
|
||||||
cp_umask=$mode$u_plus_rw;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
for src
|
|
||||||
do
|
|
||||||
# Protect names problematic for 'test' and other utilities.
|
|
||||||
case $src in
|
|
||||||
-* | [=\(\)!]) src=./$src;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if test -n "$dir_arg"; then
|
|
||||||
dst=$src
|
|
||||||
dstdir=$dst
|
|
||||||
test -d "$dstdir"
|
|
||||||
dstdir_status=$?
|
|
||||||
else
|
|
||||||
|
|
||||||
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
|
|
||||||
# might cause directories to be created, which would be especially bad
|
|
||||||
# if $src (and thus $dsttmp) contains '*'.
|
|
||||||
if test ! -f "$src" && test ! -d "$src"; then
|
|
||||||
echo "$0: $src does not exist." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -z "$dst_arg"; then
|
|
||||||
echo "$0: no destination specified." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
dst=$dst_arg
|
|
||||||
|
|
||||||
# If destination is a directory, append the input filename; won't work
|
|
||||||
# if double slashes aren't ignored.
|
|
||||||
if test -d "$dst"; then
|
|
||||||
if test "$is_target_a_directory" = never; then
|
|
||||||
echo "$0: $dst_arg: Is a directory" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
dstdir=$dst
|
|
||||||
dst=$dstdir/`basename "$src"`
|
|
||||||
dstdir_status=0
|
|
||||||
else
|
|
||||||
dstdir=`dirname "$dst"`
|
|
||||||
test -d "$dstdir"
|
|
||||||
dstdir_status=$?
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
obsolete_mkdir_used=false
|
|
||||||
|
|
||||||
if test $dstdir_status != 0; then
|
|
||||||
case $posix_mkdir in
|
|
||||||
'')
|
|
||||||
# Create intermediate dirs using mode 755 as modified by the umask.
|
|
||||||
# This is like FreeBSD 'install' as of 1997-10-28.
|
|
||||||
umask=`umask`
|
|
||||||
case $stripcmd.$umask in
|
|
||||||
# Optimize common cases.
|
|
||||||
*[2367][2367]) mkdir_umask=$umask;;
|
|
||||||
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
|
|
||||||
|
|
||||||
*[0-7])
|
|
||||||
mkdir_umask=`expr $umask + 22 \
|
|
||||||
- $umask % 100 % 40 + $umask % 20 \
|
|
||||||
- $umask % 10 % 4 + $umask % 2
|
|
||||||
`;;
|
|
||||||
*) mkdir_umask=$umask,go-w;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# With -d, create the new directory with the user-specified mode.
|
|
||||||
# Otherwise, rely on $mkdir_umask.
|
|
||||||
if test -n "$dir_arg"; then
|
|
||||||
mkdir_mode=-m$mode
|
|
||||||
else
|
|
||||||
mkdir_mode=
|
|
||||||
fi
|
|
||||||
|
|
||||||
posix_mkdir=false
|
|
||||||
case $umask in
|
|
||||||
*[123567][0-7][0-7])
|
|
||||||
# POSIX mkdir -p sets u+wx bits regardless of umask, which
|
|
||||||
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# $RANDOM is not portable (e.g. dash); use it when possible to
|
|
||||||
# lower collision chance
|
|
||||||
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
|
|
||||||
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
|
|
||||||
|
|
||||||
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
|
|
||||||
# create the $tmpdir first (and fail if unsuccessful) to make sure
|
|
||||||
# that nobody tries to guess the $tmpdir name.
|
|
||||||
if (umask $mkdir_umask &&
|
|
||||||
$mkdirprog $mkdir_mode "$tmpdir" &&
|
|
||||||
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
|
|
||||||
then
|
|
||||||
if test -z "$dir_arg" || {
|
|
||||||
# Check for POSIX incompatibilities with -m.
|
|
||||||
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
|
|
||||||
# other-writable bit of parent directory when it shouldn't.
|
|
||||||
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
|
|
||||||
test_tmpdir="$tmpdir/a"
|
|
||||||
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
|
|
||||||
case $ls_ld_tmpdir in
|
|
||||||
d????-?r-*) different_mode=700;;
|
|
||||||
d????-?--*) different_mode=755;;
|
|
||||||
*) false;;
|
|
||||||
esac &&
|
|
||||||
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
|
|
||||||
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
|
|
||||||
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
then posix_mkdir=:
|
|
||||||
fi
|
|
||||||
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
|
|
||||||
else
|
|
||||||
# Remove any dirs left behind by ancient mkdir implementations.
|
|
||||||
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
|
|
||||||
fi
|
|
||||||
trap '' 0;;
|
|
||||||
esac;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if
|
|
||||||
$posix_mkdir && (
|
|
||||||
umask $mkdir_umask &&
|
|
||||||
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
|
|
||||||
)
|
|
||||||
then :
|
|
||||||
else
|
|
||||||
|
|
||||||
# The umask is ridiculous, or mkdir does not conform to POSIX,
|
|
||||||
# or it failed possibly due to a race condition. Create the
|
|
||||||
# directory the slow way, step by step, checking for races as we go.
|
|
||||||
|
|
||||||
case $dstdir in
|
|
||||||
/*) prefix='/';;
|
|
||||||
[-=\(\)!]*) prefix='./';;
|
|
||||||
*) prefix='';;
|
|
||||||
esac
|
|
||||||
|
|
||||||
oIFS=$IFS
|
|
||||||
IFS=/
|
|
||||||
set -f
|
|
||||||
set fnord $dstdir
|
|
||||||
shift
|
|
||||||
set +f
|
|
||||||
IFS=$oIFS
|
|
||||||
|
|
||||||
prefixes=
|
|
||||||
|
|
||||||
for d
|
|
||||||
do
|
|
||||||
test X"$d" = X && continue
|
|
||||||
|
|
||||||
prefix=$prefix$d
|
|
||||||
if test -d "$prefix"; then
|
|
||||||
prefixes=
|
|
||||||
else
|
|
||||||
if $posix_mkdir; then
|
|
||||||
(umask=$mkdir_umask &&
|
|
||||||
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
|
|
||||||
# Don't fail if two instances are running concurrently.
|
|
||||||
test -d "$prefix" || exit 1
|
|
||||||
else
|
|
||||||
case $prefix in
|
|
||||||
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
|
|
||||||
*) qprefix=$prefix;;
|
|
||||||
esac
|
|
||||||
prefixes="$prefixes '$qprefix'"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
prefix=$prefix/
|
|
||||||
done
|
|
||||||
|
|
||||||
if test -n "$prefixes"; then
|
|
||||||
# Don't fail if two instances are running concurrently.
|
|
||||||
(umask $mkdir_umask &&
|
|
||||||
eval "\$doit_exec \$mkdirprog $prefixes") ||
|
|
||||||
test -d "$dstdir" || exit 1
|
|
||||||
obsolete_mkdir_used=true
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test -n "$dir_arg"; then
|
|
||||||
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
|
|
||||||
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
|
|
||||||
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
|
|
||||||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
|
|
||||||
else
|
|
||||||
|
|
||||||
# Make a couple of temp file names in the proper directory.
|
|
||||||
dsttmp=$dstdir/_inst.$$_
|
|
||||||
rmtmp=$dstdir/_rm.$$_
|
|
||||||
|
|
||||||
# Trap to clean up those temp files at exit.
|
|
||||||
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
|
|
||||||
|
|
||||||
# Copy the file name to the temp name.
|
|
||||||
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
|
|
||||||
|
|
||||||
# and set any options; do chmod last to preserve setuid bits.
|
|
||||||
#
|
|
||||||
# If any of these fail, we abort the whole thing. If we want to
|
|
||||||
# ignore errors from any of these, just make sure not to ignore
|
|
||||||
# errors from the above "$doit $cpprog $src $dsttmp" command.
|
|
||||||
#
|
|
||||||
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
|
|
||||||
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
|
|
||||||
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
|
|
||||||
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
|
|
||||||
|
|
||||||
# If -C, don't bother to copy if it wouldn't change the file.
|
|
||||||
if $copy_on_change &&
|
|
||||||
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
|
|
||||||
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
|
|
||||||
set -f &&
|
|
||||||
set X $old && old=:$2:$4:$5:$6 &&
|
|
||||||
set X $new && new=:$2:$4:$5:$6 &&
|
|
||||||
set +f &&
|
|
||||||
test "$old" = "$new" &&
|
|
||||||
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
|
|
||||||
then
|
|
||||||
rm -f "$dsttmp"
|
|
||||||
else
|
|
||||||
# Rename the file to the real destination.
|
|
||||||
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
|
|
||||||
|
|
||||||
# The rename failed, perhaps because mv can't rename something else
|
|
||||||
# to itself, or perhaps because mv is so ancient that it does not
|
|
||||||
# support -f.
|
|
||||||
{
|
|
||||||
# Now remove or move aside any old file at destination location.
|
|
||||||
# We try this two ways since rm can't unlink itself on some
|
|
||||||
# systems and the destination file might be busy for other
|
|
||||||
# reasons. In this case, the final cleanup might fail but the new
|
|
||||||
# file should still install successfully.
|
|
||||||
{
|
|
||||||
test ! -f "$dst" ||
|
|
||||||
$doit $rmcmd -f "$dst" 2>/dev/null ||
|
|
||||||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
|
|
||||||
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
|
|
||||||
} ||
|
|
||||||
{ echo "$0: cannot unlink or rename $dst" >&2
|
|
||||||
(exit 1); exit 1
|
|
||||||
}
|
|
||||||
} &&
|
|
||||||
|
|
||||||
# Now rename the file to the real destination.
|
|
||||||
$doit $mvcmd "$dsttmp" "$dst"
|
|
||||||
}
|
|
||||||
fi || exit 1
|
|
||||||
|
|
||||||
trap '' 0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Local variables:
|
|
||||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
|
||||||
# time-stamp-start: "scriptversion="
|
|
||||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
|
||||||
# time-stamp-time-zone: "UTC"
|
|
||||||
# time-stamp-end: "; # UTC"
|
|
||||||
# End:
|
|
11156
auto/ltmain.sh
11156
auto/ltmain.sh
File diff suppressed because it is too large
Load Diff
215
auto/missing
215
auto/missing
@ -1,215 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
# Common wrapper for a few potentially missing GNU programs.
|
|
||||||
|
|
||||||
scriptversion=2013-10-28.13; # UTC
|
|
||||||
|
|
||||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
|
||||||
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
|
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2, or (at your option)
|
|
||||||
# any later version.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# As a special exception to the GNU General Public License, if you
|
|
||||||
# distribute this file as part of a program that contains a
|
|
||||||
# configuration script generated by Autoconf, you may include it under
|
|
||||||
# the same distribution terms that you use for the rest of that program.
|
|
||||||
|
|
||||||
if test $# -eq 0; then
|
|
||||||
echo 1>&2 "Try '$0 --help' for more information"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
|
|
||||||
--is-lightweight)
|
|
||||||
# Used by our autoconf macros to check whether the available missing
|
|
||||||
# script is modern enough.
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
|
|
||||||
--run)
|
|
||||||
# Back-compat with the calling convention used by older automake.
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
|
|
||||||
-h|--h|--he|--hel|--help)
|
|
||||||
echo "\
|
|
||||||
$0 [OPTION]... PROGRAM [ARGUMENT]...
|
|
||||||
|
|
||||||
Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
|
|
||||||
to PROGRAM being missing or too old.
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-h, --help display this help and exit
|
|
||||||
-v, --version output version information and exit
|
|
||||||
|
|
||||||
Supported PROGRAM values:
|
|
||||||
aclocal autoconf autoheader autom4te automake makeinfo
|
|
||||||
bison yacc flex lex help2man
|
|
||||||
|
|
||||||
Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
|
|
||||||
'g' are ignored when checking the name.
|
|
||||||
|
|
||||||
Send bug reports to <bug-automake@gnu.org>."
|
|
||||||
exit $?
|
|
||||||
;;
|
|
||||||
|
|
||||||
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
|
|
||||||
echo "missing $scriptversion (GNU Automake)"
|
|
||||||
exit $?
|
|
||||||
;;
|
|
||||||
|
|
||||||
-*)
|
|
||||||
echo 1>&2 "$0: unknown '$1' option"
|
|
||||||
echo 1>&2 "Try '$0 --help' for more information"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Run the given program, remember its exit status.
|
|
||||||
"$@"; st=$?
|
|
||||||
|
|
||||||
# If it succeeded, we are done.
|
|
||||||
test $st -eq 0 && exit 0
|
|
||||||
|
|
||||||
# Also exit now if we it failed (or wasn't found), and '--version' was
|
|
||||||
# passed; such an option is passed most likely to detect whether the
|
|
||||||
# program is present and works.
|
|
||||||
case $2 in --version|--help) exit $st;; esac
|
|
||||||
|
|
||||||
# Exit code 63 means version mismatch. This often happens when the user
|
|
||||||
# tries to use an ancient version of a tool on a file that requires a
|
|
||||||
# minimum version.
|
|
||||||
if test $st -eq 63; then
|
|
||||||
msg="probably too old"
|
|
||||||
elif test $st -eq 127; then
|
|
||||||
# Program was missing.
|
|
||||||
msg="missing on your system"
|
|
||||||
else
|
|
||||||
# Program was found and executed, but failed. Give up.
|
|
||||||
exit $st
|
|
||||||
fi
|
|
||||||
|
|
||||||
perl_URL=http://www.perl.org/
|
|
||||||
flex_URL=http://flex.sourceforge.net/
|
|
||||||
gnu_software_URL=http://www.gnu.org/software
|
|
||||||
|
|
||||||
program_details ()
|
|
||||||
{
|
|
||||||
case $1 in
|
|
||||||
aclocal|automake)
|
|
||||||
echo "The '$1' program is part of the GNU Automake package:"
|
|
||||||
echo "<$gnu_software_URL/automake>"
|
|
||||||
echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
|
|
||||||
echo "<$gnu_software_URL/autoconf>"
|
|
||||||
echo "<$gnu_software_URL/m4/>"
|
|
||||||
echo "<$perl_URL>"
|
|
||||||
;;
|
|
||||||
autoconf|autom4te|autoheader)
|
|
||||||
echo "The '$1' program is part of the GNU Autoconf package:"
|
|
||||||
echo "<$gnu_software_URL/autoconf/>"
|
|
||||||
echo "It also requires GNU m4 and Perl in order to run:"
|
|
||||||
echo "<$gnu_software_URL/m4/>"
|
|
||||||
echo "<$perl_URL>"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
give_advice ()
|
|
||||||
{
|
|
||||||
# Normalize program name to check for.
|
|
||||||
normalized_program=`echo "$1" | sed '
|
|
||||||
s/^gnu-//; t
|
|
||||||
s/^gnu//; t
|
|
||||||
s/^g//; t'`
|
|
||||||
|
|
||||||
printf '%s\n' "'$1' is $msg."
|
|
||||||
|
|
||||||
configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
|
|
||||||
case $normalized_program in
|
|
||||||
autoconf*)
|
|
||||||
echo "You should only need it if you modified 'configure.ac',"
|
|
||||||
echo "or m4 files included by it."
|
|
||||||
program_details 'autoconf'
|
|
||||||
;;
|
|
||||||
autoheader*)
|
|
||||||
echo "You should only need it if you modified 'acconfig.h' or"
|
|
||||||
echo "$configure_deps."
|
|
||||||
program_details 'autoheader'
|
|
||||||
;;
|
|
||||||
automake*)
|
|
||||||
echo "You should only need it if you modified 'Makefile.am' or"
|
|
||||||
echo "$configure_deps."
|
|
||||||
program_details 'automake'
|
|
||||||
;;
|
|
||||||
aclocal*)
|
|
||||||
echo "You should only need it if you modified 'acinclude.m4' or"
|
|
||||||
echo "$configure_deps."
|
|
||||||
program_details 'aclocal'
|
|
||||||
;;
|
|
||||||
autom4te*)
|
|
||||||
echo "You might have modified some maintainer files that require"
|
|
||||||
echo "the 'autom4te' program to be rebuilt."
|
|
||||||
program_details 'autom4te'
|
|
||||||
;;
|
|
||||||
bison*|yacc*)
|
|
||||||
echo "You should only need it if you modified a '.y' file."
|
|
||||||
echo "You may want to install the GNU Bison package:"
|
|
||||||
echo "<$gnu_software_URL/bison/>"
|
|
||||||
;;
|
|
||||||
lex*|flex*)
|
|
||||||
echo "You should only need it if you modified a '.l' file."
|
|
||||||
echo "You may want to install the Fast Lexical Analyzer package:"
|
|
||||||
echo "<$flex_URL>"
|
|
||||||
;;
|
|
||||||
help2man*)
|
|
||||||
echo "You should only need it if you modified a dependency" \
|
|
||||||
"of a man page."
|
|
||||||
echo "You may want to install the GNU Help2man package:"
|
|
||||||
echo "<$gnu_software_URL/help2man/>"
|
|
||||||
;;
|
|
||||||
makeinfo*)
|
|
||||||
echo "You should only need it if you modified a '.texi' file, or"
|
|
||||||
echo "any other file indirectly affecting the aspect of the manual."
|
|
||||||
echo "You might want to install the Texinfo package:"
|
|
||||||
echo "<$gnu_software_URL/texinfo/>"
|
|
||||||
echo "The spurious makeinfo call might also be the consequence of"
|
|
||||||
echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
|
|
||||||
echo "want to install GNU make:"
|
|
||||||
echo "<$gnu_software_URL/make/>"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "You might have modified some files without having the proper"
|
|
||||||
echo "tools for further handling them. Check the 'README' file, it"
|
|
||||||
echo "often tells you about the needed prerequisites for installing"
|
|
||||||
echo "this package. You may also peek at any GNU archive site, in"
|
|
||||||
echo "case some other package contains this missing '$1' program."
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
give_advice "$1" | sed -e '1s/^/WARNING: /' \
|
|
||||||
-e '2,$s/^/ /' >&2
|
|
||||||
|
|
||||||
# Propagate the correct exit status (expected to be 127 for a program
|
|
||||||
# not found, 63 for a program that failed due to version mismatch).
|
|
||||||
exit $st
|
|
||||||
|
|
||||||
# Local variables:
|
|
||||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
|
||||||
# time-stamp-start: "scriptversion="
|
|
||||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
|
||||||
# time-stamp-time-zone: "UTC"
|
|
||||||
# time-stamp-end: "; # UTC"
|
|
||||||
# End:
|
|
@ -1,25 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
set -ev
|
|
||||||
VERSION=5.44
|
|
||||||
DST=stunnel-$VERSION-android
|
|
||||||
|
|
||||||
# to build OpenSSL:
|
|
||||||
# ./Configure threads no-shared no-dso --cross-compile-prefix=arm-linux-androideabi- --prefix=/opt/androideabi/sysroot linux-armv4
|
|
||||||
# make install
|
|
||||||
|
|
||||||
test -f Makefile && make distclean
|
|
||||||
mkdir -p bin/android
|
|
||||||
cd bin/android
|
|
||||||
../../configure --with-sysroot --build=i686-pc-linux-gnu --host=arm-linux-androideabi --prefix=/data/local
|
|
||||||
make clean
|
|
||||||
make
|
|
||||||
cd ../..
|
|
||||||
mkdir $DST
|
|
||||||
cp bin/android/src/stunnel $DST
|
|
||||||
# arm-linux-androideabi-strip $DST/stunnel $DST/openssl
|
|
||||||
# cp /opt/androideabi/sysroot/bin/openssl $DST
|
|
||||||
# arm-linux-androideabi-strip $DST/openssl
|
|
||||||
zip -r $DST.zip $DST
|
|
||||||
rm -rf $DST
|
|
||||||
# sha256sum $DST.zip
|
|
||||||
# mv $DST.zip ../dist/
|
|
469
configure.ac
469
configure.ac
@ -1,469 +0,0 @@
|
|||||||
# Process this file with autoconf to produce a configure script.
|
|
||||||
|
|
||||||
AC_INIT([stunnel],[5.44])
|
|
||||||
AC_MSG_NOTICE([**************************************** initialization])
|
|
||||||
AC_CONFIG_AUX_DIR(auto)
|
|
||||||
AC_CONFIG_MACRO_DIR([m4])
|
|
||||||
AC_CONFIG_HEADERS([src/config.h])
|
|
||||||
AC_CONFIG_SRCDIR([src/stunnel.c])
|
|
||||||
AM_INIT_AUTOMAKE
|
|
||||||
|
|
||||||
AM_CONDITIONAL([AUTHOR_TESTS], [test -d ".git"])
|
|
||||||
AC_CANONICAL_HOST
|
|
||||||
AC_SUBST([host])
|
|
||||||
AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description])
|
|
||||||
define([esc], [`echo ]$1[ | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_`])
|
|
||||||
AC_DEFINE_UNQUOTED(esc(CPU_$host_cpu))
|
|
||||||
AC_DEFINE_UNQUOTED(esc(VENDOR_$host_vendor))
|
|
||||||
AC_DEFINE_UNQUOTED(esc(OS_$host_os))
|
|
||||||
|
|
||||||
case "$host_os" in
|
|
||||||
*darwin*)
|
|
||||||
# OSX does not declare ucontext without _XOPEN_SOURCE
|
|
||||||
AC_DEFINE([_XOPEN_SOURCE], [500], [Use X/Open 5 with POSIX 1995])
|
|
||||||
# OSX does not declare chroot() without _DARWIN_C_SOURCE
|
|
||||||
AC_DEFINE([_DARWIN_C_SOURCE], [1], [Use Darwin source])
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
AC_DEFINE([_GNU_SOURCE], [1], [Use GNU source])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
AC_PROG_CC
|
|
||||||
AM_PROG_CC_C_O
|
|
||||||
AC_PROG_INSTALL
|
|
||||||
AC_PROG_MAKE_SET
|
|
||||||
# silent build by default
|
|
||||||
ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** thread model])
|
|
||||||
# thread detection should be done first, as it may change the CC variable
|
|
||||||
|
|
||||||
AC_ARG_WITH(threads,
|
|
||||||
[ --with-threads=model select threading model (ucontext/pthread/fork)],
|
|
||||||
[
|
|
||||||
case "$withval" in
|
|
||||||
ucontext)
|
|
||||||
AC_MSG_NOTICE([UCONTEXT mode selected])
|
|
||||||
AC_DEFINE([USE_UCONTEXT], [1], [Define to 1 to select UCONTEXT mode])
|
|
||||||
;;
|
|
||||||
pthread)
|
|
||||||
AC_MSG_NOTICE([PTHREAD mode selected])
|
|
||||||
AX_PTHREAD()
|
|
||||||
LIBS="$PTHREAD_LIBS $LIBS"
|
|
||||||
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
|
|
||||||
CC="$PTHREAD_CC"
|
|
||||||
AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode])
|
|
||||||
;;
|
|
||||||
fork)
|
|
||||||
AC_MSG_NOTICE([FORK mode selected])
|
|
||||||
AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode])
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
AC_MSG_ERROR([Unknown thread model \"${withval}\"])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
], [
|
|
||||||
# do not attempt to autodetect UCONTEXT threading
|
|
||||||
AX_PTHREAD([
|
|
||||||
AC_MSG_NOTICE([PTHREAD thread model detected])
|
|
||||||
LIBS="$PTHREAD_LIBS $LIBS"
|
|
||||||
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
|
|
||||||
CC="$PTHREAD_CC"
|
|
||||||
AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode])
|
|
||||||
], [
|
|
||||||
AC_MSG_NOTICE([FORK thread model detected])
|
|
||||||
AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode])
|
|
||||||
])
|
|
||||||
])
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** compiler/linker flags])
|
|
||||||
if test "$GCC" = yes; then
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wall])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wextra])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wpedantic])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wformat=2])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wconversion])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-fPIE])
|
|
||||||
case "${host}" in
|
|
||||||
avr-*.* | powerpc-*-aix* | rl78-*.* | visium-*.*)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-fstack-protector])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
AX_APPEND_LINK_FLAGS([-fPIE -pie])
|
|
||||||
AX_APPEND_LINK_FLAGS([-Wl,-z,relro])
|
|
||||||
AX_APPEND_LINK_FLAGS([-Wl,-z,now])
|
|
||||||
AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack])
|
|
||||||
fi
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** libtool])
|
|
||||||
LT_INIT([disable-static])
|
|
||||||
AC_SUBST([LIBTOOL_DEPS])
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** types])
|
|
||||||
AC_TYPE_INT8_T
|
|
||||||
AC_TYPE_INT16_T
|
|
||||||
AC_TYPE_INT32_T
|
|
||||||
AC_TYPE_INT64_T
|
|
||||||
AC_TYPE_UINT8_T
|
|
||||||
AC_TYPE_UINT16_T
|
|
||||||
AC_TYPE_UINT32_T
|
|
||||||
AC_TYPE_UINT64_T
|
|
||||||
AC_TYPE_SIZE_T
|
|
||||||
AC_TYPE_SSIZE_T
|
|
||||||
AC_TYPE_UID_T
|
|
||||||
AC_MSG_CHECKING([for socklen_t])
|
|
||||||
AC_EGREP_HEADER(socklen_t, sys/socket.h,
|
|
||||||
AC_MSG_RESULT([yes]),
|
|
||||||
AC_MSG_RESULT([no (defined as int)])
|
|
||||||
AC_DEFINE([socklen_t], [int], [Type of socklen_t]))
|
|
||||||
AC_CHECK_TYPES([struct sockaddr_un], [], [], [#include <sys/un.h>])
|
|
||||||
AC_CHECK_TYPES([struct addrinfo], [], [], [#include <netdb.h>])
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** PTY device files])
|
|
||||||
if test "x$cross_compiling" = "xno"; then
|
|
||||||
AC_CHECK_FILE("/dev/ptmx", AC_DEFINE([HAVE_DEV_PTMX], [1],
|
|
||||||
[Define to 1 if you have '/dev/ptmx' device.]))
|
|
||||||
AC_CHECK_FILE("/dev/ptc", AC_DEFINE([HAVE_DEV_PTS_AND_PTC], [1],
|
|
||||||
[Define to 1 if you have '/dev/ptc' device.]))
|
|
||||||
else
|
|
||||||
AC_MSG_WARN([cross-compilation: assuming /dev/ptmx and /dev/ptc are not available])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** entropy sources])
|
|
||||||
|
|
||||||
if test "x$cross_compiling" = "xno"; then
|
|
||||||
AC_ARG_WITH(egd-socket,
|
|
||||||
[ --with-egd-socket=FILE Entropy Gathering Daemon socket path],
|
|
||||||
[EGD_SOCKET="$withval"]
|
|
||||||
)
|
|
||||||
if test -n "$EGD_SOCKET"; then
|
|
||||||
AC_DEFINE_UNQUOTED([EGD_SOCKET], ["$EGD_SOCKET"],
|
|
||||||
[Entropy Gathering Daemon socket path])
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check for user-specified random device
|
|
||||||
AC_ARG_WITH(random,
|
|
||||||
[ --with-random=FILE read randomness from file (default=/dev/urandom)],
|
|
||||||
[RANDOM_FILE="$withval"],
|
|
||||||
[
|
|
||||||
# Check for random device
|
|
||||||
AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom")
|
|
||||||
]
|
|
||||||
)
|
|
||||||
if test -n "$RANDOM_FILE"; then
|
|
||||||
AC_SUBST([RANDOM_FILE])
|
|
||||||
AC_DEFINE_UNQUOTED([RANDOM_FILE], ["$RANDOM_FILE"], [Random file path])
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
AC_MSG_WARN([cross-compilation: assuming entropy sources are not available])
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** default group])
|
|
||||||
DEFAULT_GROUP=nobody
|
|
||||||
if test "x$cross_compiling" = "xno"; then
|
|
||||||
grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup
|
|
||||||
else
|
|
||||||
AC_MSG_WARN([cross-compilation: assuming nogroup is not available])
|
|
||||||
fi
|
|
||||||
AC_MSG_CHECKING([for default group])
|
|
||||||
AC_MSG_RESULT([$DEFAULT_GROUP])
|
|
||||||
AC_SUBST([DEFAULT_GROUP])
|
|
||||||
|
|
||||||
AC_SYS_LARGEFILE
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** header files])
|
|
||||||
# AC_HEADER_DIRENT
|
|
||||||
# AC_HEADER_STDC
|
|
||||||
# AC_HEADER_SYS_WAIT
|
|
||||||
AC_CHECK_HEADERS([stdint.h inttypes.h malloc.h ucontext.h pthread.h poll.h \
|
|
||||||
tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h limits.h])
|
|
||||||
AC_CHECK_HEADERS([sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h \
|
|
||||||
sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h])
|
|
||||||
AC_CHECK_HEADERS([linux/sched.h])
|
|
||||||
AC_CHECK_MEMBERS([struct msghdr.msg_control],
|
|
||||||
[AC_DEFINE([HAVE_MSGHDR_MSG_CONTROL], [1],
|
|
||||||
[Define to 1 if you have 'msghdr.msg_control' structure.])], [], [
|
|
||||||
AC_INCLUDES_DEFAULT
|
|
||||||
#include <sys/socket.h>
|
|
||||||
])
|
|
||||||
AC_CHECK_HEADERS([linux/netfilter_ipv4.h], , ,
|
|
||||||
[
|
|
||||||
#include <limits.h>
|
|
||||||
#include <linux/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
])
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** libraries])
|
|
||||||
# Checks for standard libraries
|
|
||||||
AC_SEARCH_LIBS([gethostbyname], [nsl])
|
|
||||||
AC_SEARCH_LIBS([yp_get_default_domain], [nsl])
|
|
||||||
AC_SEARCH_LIBS([socket], [socket])
|
|
||||||
AC_SEARCH_LIBS([openpty], [util])
|
|
||||||
# Checks for dynamic loader needed by OpenSSL
|
|
||||||
AC_SEARCH_LIBS([dlopen], [dl])
|
|
||||||
AC_SEARCH_LIBS([shl_load], [dld])
|
|
||||||
|
|
||||||
# Add BeOS libraries
|
|
||||||
if test "x$host_os" = "xbeos"; then
|
|
||||||
LIBS="$LIBS -lbe -lroot -lbind"
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** library functions])
|
|
||||||
# safe string operations
|
|
||||||
AC_CHECK_FUNCS(snprintf vsnprintf)
|
|
||||||
# pseudoterminal
|
|
||||||
AC_CHECK_FUNCS(openpty _getpty)
|
|
||||||
# Unix
|
|
||||||
AC_CHECK_FUNCS(daemon waitpid wait4 setsid setgroups chroot realpath)
|
|
||||||
# limits
|
|
||||||
AC_CHECK_FUNCS(sysconf getrlimit)
|
|
||||||
# threads/reentrant functions
|
|
||||||
AC_CHECK_FUNCS(pthread_sigmask localtime_r)
|
|
||||||
# threads
|
|
||||||
AC_CHECK_FUNCS(getcontext __makecontext_v2)
|
|
||||||
# sockets
|
|
||||||
AC_CHECK_FUNCS(poll gethostbyname2 endhostent getnameinfo)
|
|
||||||
AC_MSG_CHECKING([for getaddrinfo])
|
|
||||||
case "$host_os" in
|
|
||||||
*androideabi*)
|
|
||||||
# http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo
|
|
||||||
AC_MSG_RESULT([no (buggy Android implementation)])
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# Tru64 UNIX has getaddrinfo() but has it renamed in libc as
|
|
||||||
# something else so we must include <netdb.h> to get the
|
|
||||||
# redefinition.
|
|
||||||
AC_LINK_IFELSE(
|
|
||||||
[AC_LANG_PROGRAM(
|
|
||||||
[
|
|
||||||
AC_INCLUDES_DEFAULT
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
],
|
|
||||||
[
|
|
||||||
getaddrinfo(NULL, NULL, NULL, NULL);
|
|
||||||
],)],
|
|
||||||
[AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_GETADDRINFO], [1], [Define to 1 if you have 'getaddrinfo' function.])],
|
|
||||||
[AC_MSG_RESULT([no])])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
# poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4
|
|
||||||
AC_MSG_CHECKING([for broken poll() implementation])
|
|
||||||
case "$host_os" in
|
|
||||||
darwin[0-8].*)
|
|
||||||
AC_MSG_RESULT([yes (poll() disabled)])
|
|
||||||
AC_DEFINE([BROKEN_POLL], [1], [Define to 1 if you have a broken 'poll' implementation.])
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
# GNU extensions
|
|
||||||
AC_CHECK_FUNCS(pipe2 accept4)
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** optional features])
|
|
||||||
# Use IPv6?
|
|
||||||
AC_MSG_CHECKING([whether to enable IPv6 support])
|
|
||||||
AC_ARG_ENABLE(ipv6,
|
|
||||||
[ --disable-ipv6 disable IPv6 support],
|
|
||||||
[
|
|
||||||
case "$enableval" in
|
|
||||||
yes) AC_MSG_RESULT([yes])
|
|
||||||
AC_DEFINE([USE_IPv6], [1],
|
|
||||||
[Define to 1 to enable IPv6 support])
|
|
||||||
;;
|
|
||||||
no) AC_MSG_RESULT([no])
|
|
||||||
;;
|
|
||||||
*) AC_MSG_RESULT([error])
|
|
||||||
AC_MSG_ERROR([bad value \"${enableval}\"])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
], [
|
|
||||||
AC_MSG_RESULT([yes (default)])
|
|
||||||
AC_DEFINE([USE_IPv6], [1], [Define to 1 to enable IPv6 support])
|
|
||||||
], [
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
]
|
|
||||||
)
|
|
||||||
|
|
||||||
# FIPS Mode
|
|
||||||
AC_MSG_CHECKING([whether to enable FIPS support])
|
|
||||||
AC_ARG_ENABLE(fips,
|
|
||||||
[ --disable-fips disable OpenSSL FIPS support],
|
|
||||||
[
|
|
||||||
case "$enableval" in
|
|
||||||
yes) AC_MSG_RESULT([no])
|
|
||||||
use_fips="yes"
|
|
||||||
AC_DEFINE([USE_FIPS], [1],
|
|
||||||
[Define to 1 to enable OpenSSL FIPS support])
|
|
||||||
;;
|
|
||||||
no) AC_MSG_RESULT([no])
|
|
||||||
use_fips="no"
|
|
||||||
;;
|
|
||||||
*) AC_MSG_RESULT([error])
|
|
||||||
AC_MSG_ERROR([bad value \"${enableval}\"])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
],
|
|
||||||
[
|
|
||||||
use_fips="auto"
|
|
||||||
AC_MSG_RESULT([autodetecting])
|
|
||||||
]
|
|
||||||
)
|
|
||||||
|
|
||||||
# Disable systemd socket activation support
|
|
||||||
AC_MSG_CHECKING([whether to enable systemd socket activation support])
|
|
||||||
AC_ARG_ENABLE(systemd,
|
|
||||||
[ --disable-systemd disable systemd socket activation support],
|
|
||||||
[
|
|
||||||
case "$enableval" in
|
|
||||||
yes) AC_MSG_RESULT([yes])
|
|
||||||
AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon])
|
|
||||||
AC_DEFINE([USE_SYSTEMD], [1],
|
|
||||||
[Define to 1 to enable systemd socket activation])
|
|
||||||
;;
|
|
||||||
no) AC_MSG_RESULT([no])
|
|
||||||
;;
|
|
||||||
*) AC_MSG_RESULT([error])
|
|
||||||
AC_MSG_ERROR([Bad value \"${enableval}\"])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
],
|
|
||||||
[
|
|
||||||
AC_MSG_RESULT([autodetecting])
|
|
||||||
# the library name has changed to -lsystemd in systemd 209
|
|
||||||
AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon],
|
|
||||||
[ AC_CHECK_HEADERS([systemd/sd-daemon.h], [
|
|
||||||
AC_DEFINE([USE_SYSTEMD], [1],
|
|
||||||
[Define to 1 to enable systemd socket activation])
|
|
||||||
AC_MSG_NOTICE([systemd support enabled])
|
|
||||||
], [
|
|
||||||
AC_MSG_NOTICE([systemd header not found])
|
|
||||||
]) ], [
|
|
||||||
AC_MSG_NOTICE([systemd library not found])
|
|
||||||
])
|
|
||||||
]
|
|
||||||
)
|
|
||||||
|
|
||||||
# Disable use of libwrap (TCP wrappers)
|
|
||||||
# it should be the last check!
|
|
||||||
AC_MSG_CHECKING([whether to enable TCP wrappers support])
|
|
||||||
AC_ARG_ENABLE(libwrap,
|
|
||||||
[ --disable-libwrap disable TCP wrappers support],
|
|
||||||
[
|
|
||||||
case "$enableval" in
|
|
||||||
yes) AC_MSG_RESULT([yes])
|
|
||||||
AC_DEFINE([USE_LIBWRAP], [1],
|
|
||||||
[Define to 1 to enable TCP wrappers support])
|
|
||||||
LIBS="$LIBS -lwrap"
|
|
||||||
;;
|
|
||||||
no) AC_MSG_RESULT([no])
|
|
||||||
;;
|
|
||||||
*) AC_MSG_RESULT([error])
|
|
||||||
AC_MSG_ERROR([Bad value \"${enableval}\"])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
],
|
|
||||||
[
|
|
||||||
AC_MSG_RESULT([autodetecting])
|
|
||||||
AC_MSG_CHECKING([for hosts_access in -lwrap])
|
|
||||||
valid_LIBS="$LIBS"
|
|
||||||
LIBS="$valid_LIBS -lwrap"
|
|
||||||
AC_LINK_IFELSE(
|
|
||||||
[
|
|
||||||
AC_LANG_PROGRAM(
|
|
||||||
[int hosts_access(); int allow_severity, deny_severity;],
|
|
||||||
[hosts_access()])
|
|
||||||
], [
|
|
||||||
AC_MSG_RESULT([yes]);
|
|
||||||
AC_DEFINE([USE_LIBWRAP], [1],
|
|
||||||
[Define to 1 to enable TCP wrappers support])
|
|
||||||
AC_MSG_NOTICE([libwrap support enabled])
|
|
||||||
], [
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
LIBS="$valid_LIBS"
|
|
||||||
AC_MSG_NOTICE([libwrap library not found])
|
|
||||||
]
|
|
||||||
)
|
|
||||||
]
|
|
||||||
)
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** TLS])
|
|
||||||
|
|
||||||
AC_MSG_CHECKING([for compiler sysroot])
|
|
||||||
if test "x$GCC" = "xyes"; then
|
|
||||||
sysroot=`$CC --print-sysroot 2>/dev/null`
|
|
||||||
fi
|
|
||||||
if test -z "$sysroot" -o "x$sysroot" = "x/"; then
|
|
||||||
sysroot=""
|
|
||||||
AC_MSG_RESULT([/])
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([$sysroot])
|
|
||||||
fi
|
|
||||||
|
|
||||||
check_ssl_dir() { :
|
|
||||||
test -n "$1" -a -f "$1/include/openssl/ssl.h" && SSLDIR="$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
find_ssl_dir() { :
|
|
||||||
stunnel_prefix="$prefix"
|
|
||||||
test "x$stunnel_prefix" = "xNONE" && stunnel_prefix=$ac_default_prefix
|
|
||||||
for main_dir in "$stunnel_prefix" "/usr/local" "/usr/lib" "/usr/pkg" "/opt/local" "/opt" "/opt/csw" "/usr" ""; do
|
|
||||||
for sub_dir in "/ssl" "/openssl" "/ossl" ""; do
|
|
||||||
check_ssl_dir "$sysroot$main_dir$sub_dir" && return
|
|
||||||
done
|
|
||||||
done
|
|
||||||
if test -x "/usr/bin/xcrun"; then
|
|
||||||
sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path`
|
|
||||||
check_ssl_dir "$sdk_path/usr" && return
|
|
||||||
fi
|
|
||||||
check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr"
|
|
||||||
}
|
|
||||||
|
|
||||||
SSLDIR=""
|
|
||||||
AC_MSG_CHECKING([for TLS directory])
|
|
||||||
AC_ARG_WITH(ssl,
|
|
||||||
[ --with-ssl=DIR location of installed TLS libraries/include files],
|
|
||||||
[check_ssl_dir "$withval"],
|
|
||||||
[find_ssl_dir]
|
|
||||||
)
|
|
||||||
if test -z "$SSLDIR"; then
|
|
||||||
AC_MSG_RESULT([not found])
|
|
||||||
AC_MSG_ERROR([
|
|
||||||
Could not find your TLS library installation dir
|
|
||||||
Use --with-ssl option to fix this problem
|
|
||||||
])
|
|
||||||
fi
|
|
||||||
AC_MSG_RESULT([$SSLDIR])
|
|
||||||
AC_SUBST([SSLDIR])
|
|
||||||
AC_DEFINE_UNQUOTED([SSLDIR], ["$SSLDIR"], [TLS directory])
|
|
||||||
|
|
||||||
valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include"
|
|
||||||
valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto"
|
|
||||||
|
|
||||||
if test "x$use_fips" = "xauto"; then
|
|
||||||
AC_CHECK_FUNCS(FIPS_mode_set, [
|
|
||||||
AC_DEFINE([USE_FIPS], [1], [Define to 1 to enable OpenSSL FIPS support])
|
|
||||||
AC_MSG_NOTICE([FIPS support enabled])
|
|
||||||
], [
|
|
||||||
AC_MSG_NOTICE([FIPS support not found])
|
|
||||||
])
|
|
||||||
fi
|
|
||||||
|
|
||||||
CPPFLAGS="$valid_CPPFLAGS"
|
|
||||||
LIBS="$valid_LIBS"
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** write the results])
|
|
||||||
AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile])
|
|
||||||
AC_OUTPUT
|
|
||||||
|
|
||||||
AC_MSG_NOTICE([**************************************** success])
|
|
||||||
# vim:ft=automake
|
|
||||||
# End of configure.ac
|
|
84
debian/README.Debian
vendored
84
debian/README.Debian
vendored
@ -1,84 +0,0 @@
|
|||||||
This is the Stunnel 4.x package for Debian.
|
|
||||||
|
|
||||||
* Upgrading from stunnel to stunnel4
|
|
||||||
|
|
||||||
Stunnel 3 has been deprecated from Debian. The new stunnel4 has a
|
|
||||||
different command line syntax and configuration. You will need to
|
|
||||||
update your scripts.
|
|
||||||
|
|
||||||
The wrapper script /usr/bin/stunnel3 understands stunnel3 command line
|
|
||||||
syntax and calls stunnel4 with appropriate options. It appears to
|
|
||||||
support every stunnel3 option *except* -S (which controls the defaults
|
|
||||||
used for certificate sources).
|
|
||||||
|
|
||||||
* Basic configuration
|
|
||||||
|
|
||||||
After installation, you should :
|
|
||||||
|
|
||||||
- edit /etc/stunnel/stunnel.conf
|
|
||||||
|
|
||||||
- edit /etc/default/stunnel and set ENABLE=1, if you want your
|
|
||||||
configured tunnels to start automatically on boot.
|
|
||||||
|
|
||||||
- generate a certificate for use with stunnel if you want to use server mode
|
|
||||||
|
|
||||||
Sergio Rua <srua@debian.org> made a perl front-end for the stunnel
|
|
||||||
configuration. It is very simple and only includes a couple of configuration
|
|
||||||
options. This script is located in
|
|
||||||
/usr/share/doc/stunnel4/contrib/StunnelConf-0.1.pl
|
|
||||||
|
|
||||||
It requires libgnome2-perl and libgtk2-perl.
|
|
||||||
|
|
||||||
* How to create SSL keys for stunnel
|
|
||||||
|
|
||||||
The certificates default directory is /etc/ssl/certs, so cd into that dir
|
|
||||||
and issue the command:
|
|
||||||
|
|
||||||
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
|
|
||||||
|
|
||||||
Fill in the info requested.
|
|
||||||
|
|
||||||
Change 'stunnel.pem' to the name of the certificate you need to
|
|
||||||
create. stunnel.pem will be used by default by stunnel, but you want
|
|
||||||
to create different certificates for different services you run with
|
|
||||||
stunnel. Make sure only root can read the file (or only the user that
|
|
||||||
needs to read it, if stunnel is run as that user):
|
|
||||||
|
|
||||||
chmod 600 stunnel.pem
|
|
||||||
|
|
||||||
Now you need to append the DH parameters to the certificate.
|
|
||||||
|
|
||||||
First you need to generate some amount of random data:
|
|
||||||
|
|
||||||
dd if=/dev/urandom of=temp_file count=2
|
|
||||||
|
|
||||||
Use /dev/random if you want a more secure source of data, but make
|
|
||||||
sure you have enough entropy on you system (the output file should be
|
|
||||||
at least 512 bytes long).
|
|
||||||
|
|
||||||
And now make openssl generate the DH parameters and append them to the
|
|
||||||
certificate file:
|
|
||||||
|
|
||||||
openssl dhparam -rand temp_file 512 >> stunnel.pem
|
|
||||||
|
|
||||||
You also want to link the certificate to its hash name so that openssl
|
|
||||||
can find it also by that means:
|
|
||||||
|
|
||||||
ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
|
|
||||||
|
|
||||||
Read the manual page for openssl for more info on the various options.
|
|
||||||
|
|
||||||
* FIPS
|
|
||||||
|
|
||||||
Since version 4.21 stunnel includes support for OpenSSL's FIPS mode. However,
|
|
||||||
using it requires stunnel to be compiled statically against OpenSSL and all
|
|
||||||
supporting libraries. Thus, this option is disabled in the Debian package.
|
|
||||||
|
|
||||||
See the OpenSSL FIPS User Guide at
|
|
||||||
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
|
|
||||||
and the OpenSSL notes about FIPS 140-2 at
|
|
||||||
https://www.openssl.org/docs/fips/fipsnotes.html
|
|
||||||
|
|
||||||
- Julien LEMOINE <speedblue@debian.org>, Sun, 19 Feb 2006 17:31:24 +0100
|
|
||||||
|
|
||||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com>, Sat, 30 Oct 2007 14:50:54 z
|
|
477
debian/StunnelConf-0.1.pl
vendored
477
debian/StunnelConf-0.1.pl
vendored
@ -1,477 +0,0 @@
|
|||||||
#!/usr/bin/perl
|
|
||||||
|
|
||||||
# Copyright (C) 2004 Sergio Rua <srua@debian.org>
|
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 2, or (at your option)
|
|
||||||
# any later version.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program; if not, write to the Free Software
|
|
||||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
||||||
# 02111-1307, USA.
|
|
||||||
#
|
|
||||||
# On Debian GNU/Linux systems, the complete text of the GNU General
|
|
||||||
# Public License can be found in `/usr/share/common-licenses/GPL'.
|
|
||||||
|
|
||||||
use strict;
|
|
||||||
use Gtk2;
|
|
||||||
use Gnome2;
|
|
||||||
use Gtk2::SimpleList;
|
|
||||||
|
|
||||||
use constant TRUE => 1;
|
|
||||||
use constant FALSE => 0;
|
|
||||||
# Please configure if necessary!
|
|
||||||
my $cfgfile = "/etc/stunnel/stunnel.conf";
|
|
||||||
my $backup_cfg = 1;
|
|
||||||
my $base_cfg_dir = $cfgfile;$base_cfg_dir=~s/\/stunnel\.conf//g;
|
|
||||||
|
|
||||||
# global variables
|
|
||||||
my $ekey;
|
|
||||||
my $ecert;
|
|
||||||
my $verify;
|
|
||||||
my $app;
|
|
||||||
my $elog;
|
|
||||||
my $clientmode;
|
|
||||||
my $debuglevel;
|
|
||||||
my $capath;
|
|
||||||
my $list;
|
|
||||||
|
|
||||||
|
|
||||||
sub mydie
|
|
||||||
{
|
|
||||||
my ($msg)=@_;
|
|
||||||
|
|
||||||
print "$msg\n";
|
|
||||||
Gtk2->main_quit;
|
|
||||||
exit (-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub sel_file
|
|
||||||
{
|
|
||||||
my ($title,$entry,$isfile)=@_;
|
|
||||||
|
|
||||||
my $fsel=Gtk2::FileSelection->new($title);
|
|
||||||
$fsel->ok_button->signal_connect("clicked",sub {
|
|
||||||
print "OK: ". $fsel->get_filename."\n";
|
|
||||||
$entry->set_text($fsel->get_filename);
|
|
||||||
$fsel->destroy;
|
|
||||||
});
|
|
||||||
$fsel->cancel_button->signal_connect("clicked",sub { $fsel->destroy; });
|
|
||||||
|
|
||||||
$fsel->show;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub add_connection
|
|
||||||
{
|
|
||||||
my $win = new Gtk2::Window("toplevel");
|
|
||||||
$win->set_position("center");
|
|
||||||
|
|
||||||
my $vbox = new Gtk2::VBox( 0, 2 );
|
|
||||||
$win->add($vbox);
|
|
||||||
$vbox->show;
|
|
||||||
my $druid = new Gnome2::Druid;
|
|
||||||
$druid->signal_connect("cancel", sub { $win->destroy; } );
|
|
||||||
$vbox->pack_start($druid,0,0,0);
|
|
||||||
my $druid_start = new Gnome2::DruidPageEdge("GNOME_EDGE_START");
|
|
||||||
$druid_start->set_title("Connections setup");
|
|
||||||
$druid_start->set_text("Please follow this configuration wizard to ".
|
|
||||||
"configure your connections\n");
|
|
||||||
# $druid_start->set_watermark($logo);
|
|
||||||
$druid_start->show;
|
|
||||||
$druid->append_page($druid_start);
|
|
||||||
|
|
||||||
# Second Step: accepting connections
|
|
||||||
my $druid_name = new Gnome2::DruidPageStandard();
|
|
||||||
$druid_name->set_title("Connection name");
|
|
||||||
my $dvbox=new Gtk2::VBox(2,2);
|
|
||||||
my $dtable=new Gtk2::Table(2,2,FALSE);
|
|
||||||
$dvbox->pack_start($dtable,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
my $label=new Gtk2::Label("Enter this connection name");
|
|
||||||
$dtable->attach($label,0,1,0,1,["fill"],["fill"],0,0);
|
|
||||||
my $ename=new Gtk2::Entry();
|
|
||||||
$dtable->attach($ename,1,2,0,1,["fill"],["fill"],0,0);
|
|
||||||
$druid_name->append_item("",$dvbox,"");
|
|
||||||
$druid_name->show_all;
|
|
||||||
# add page to the druid
|
|
||||||
$druid->append_page($druid_name);
|
|
||||||
|
|
||||||
|
|
||||||
# Second Step: accepting connections
|
|
||||||
my $druid_accept = new Gnome2::DruidPageStandard();
|
|
||||||
$druid_accept->set_title("Accepting connections");
|
|
||||||
my $dvbox=new Gtk2::VBox(2,2);
|
|
||||||
my $dtable=new Gtk2::Table(2,2,FALSE);
|
|
||||||
$dvbox->pack_start($dtable,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
my $accept_error=new Gtk2::Label("");
|
|
||||||
$dtable->attach($accept_error,0,1,0,1,["fill"],["fill"],0,0);
|
|
||||||
my $label=new Gtk2::Label("IP or hostname");
|
|
||||||
$dtable->attach($label,0,1,1,2,["fill"],["fill"],0,0);
|
|
||||||
my $eip=new Gtk2::Entry();
|
|
||||||
$dtable->attach($eip,1,2,1,2,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
my $label=new Gtk2::Label("Port number");
|
|
||||||
$dtable->attach($label,0,1,2,3,["fill"],["fill"],0,0);
|
|
||||||
my $eport=new Gtk2::Entry();
|
|
||||||
$dtable->attach($eport,1,2,2,3,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
$druid_accept->append_item("",$dvbox,"");
|
|
||||||
$druid_accept->show_all;
|
|
||||||
# add page to the druid
|
|
||||||
$druid->append_page($druid_accept);
|
|
||||||
|
|
||||||
# Third Step: connecting to...
|
|
||||||
my $druid_connect = new Gnome2::DruidPageStandard();
|
|
||||||
$druid_connect->set_title("Connection To...");
|
|
||||||
my $dvbox=new Gtk2::VBox(2,2);
|
|
||||||
my $dtable=new Gtk2::Table(2,2,FALSE);
|
|
||||||
$dvbox->pack_start($dtable,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
my $label=new Gtk2::Label("IP or hostname");
|
|
||||||
$dtable->attach($label,0,1,0,1,["fill"],["fill"],0,0);
|
|
||||||
my $etoip=new Gtk2::Entry();
|
|
||||||
$dtable->attach($etoip,1,2,0,1,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
my $label=new Gtk2::Label("Port number");
|
|
||||||
$dtable->attach($label,0,1,1,2,["fill"],["fill"],0,0);
|
|
||||||
my $etoport=new Gtk2::Entry();
|
|
||||||
$dtable->attach($etoport,1,2,1,2,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
$druid_connect->append_item("",$dvbox,"");
|
|
||||||
$druid_connect->show_all;
|
|
||||||
# add page to the druid
|
|
||||||
$druid->append_page($druid_connect);
|
|
||||||
|
|
||||||
|
|
||||||
# Finishing and adding connection
|
|
||||||
my $druid_finish = new Gnome2::DruidPageEdge("GNOME_EDGE_FINISH");
|
|
||||||
$druid_finish->set_title("Configuration Finished.");
|
|
||||||
$druid_finish->set_text("The configuration has been finished. Click to either save or cancel");
|
|
||||||
# $druid_finish->set_logo($logo2);
|
|
||||||
$druid_finish->signal_connect("finish", sub {
|
|
||||||
my $acip=$eip->get_text();
|
|
||||||
my $acport=$eport->get_text();
|
|
||||||
my $coip=$etoip->get_text();
|
|
||||||
my $coport=$etoport->get_text();
|
|
||||||
|
|
||||||
my $dslist = $list->{data};
|
|
||||||
push @$dslist, [ $ename->get_text(), $acip.":".$acport, $coip.":".$coport ];
|
|
||||||
|
|
||||||
|
|
||||||
$win->destroy;
|
|
||||||
});
|
|
||||||
$druid_finish->show;
|
|
||||||
$druid->append_page($druid_finish);
|
|
||||||
$druid->show;
|
|
||||||
$win->show;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub load_config_file
|
|
||||||
{
|
|
||||||
my $con=$list->{data};
|
|
||||||
my $name="";
|
|
||||||
my $accept="";
|
|
||||||
my $connect="";
|
|
||||||
|
|
||||||
if (! -s $cfgfile) {
|
|
||||||
print "Config file not found. Starting from scratch!\n";
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
|
|
||||||
open F, "<$cfgfile" or die "$cfgfile: $!\n";
|
|
||||||
|
|
||||||
while (<F>) {
|
|
||||||
$_=~s/\n//g;
|
|
||||||
if ($_=~/^cert.*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
$ecert->set_text($value);
|
|
||||||
} elsif ($_=~/^key.*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
$ekey->set_text($value);
|
|
||||||
} elsif ($_=~/^verify.*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
if ($value==1) {
|
|
||||||
$verify->entry->set_text("verify peer certificate if present");
|
|
||||||
} elsif ($value==2) {
|
|
||||||
$verify->entry->set_text("verify peer certificate");
|
|
||||||
} elsif ($value==3) {
|
|
||||||
$verify->entry->set_text("verify peer with locally installed certificate");
|
|
||||||
} else {
|
|
||||||
$verify->entry->set_text("no verify");
|
|
||||||
}
|
|
||||||
} elsif ($_=~/^client.*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
$clientmode->entry->set_text($value);
|
|
||||||
} elsif ($_=~/^(capath|CApath).*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
$capath->set_text($value);
|
|
||||||
} elsif ($_=~/^debug.*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
$debuglevel->entry->set_text($value);
|
|
||||||
} elsif ($_=~/^output.*=.*/) {
|
|
||||||
(undef,my $value) = split "=",$_;
|
|
||||||
$value=~s/(\ |\t)//g;
|
|
||||||
$elog->set_text($value);
|
|
||||||
} elsif ($_=~/^\[.*/) {
|
|
||||||
$_=~s/\[//g;
|
|
||||||
$_=~s/\]//g;
|
|
||||||
$name=$_;
|
|
||||||
} elsif ($_=~/^accept.*=.*/) {
|
|
||||||
(undef,$accept) = split "=",$_;
|
|
||||||
$accept=~s/(\ |\t)//g;
|
|
||||||
} elsif ($_=~/^connect.*=.*/) {
|
|
||||||
(undef,$connect) = split "=",$_;
|
|
||||||
$connect=~s/(\ |\t)//g;
|
|
||||||
}
|
|
||||||
|
|
||||||
# load connection
|
|
||||||
if (($accept) && ($name) && ($connect)) {
|
|
||||||
push @$con, [ $name, $accept, $connect ];
|
|
||||||
$name=$connect=$accept="";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close F;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
sub save_config_file
|
|
||||||
{
|
|
||||||
if ($backup_cfg) {
|
|
||||||
chdir ($base_cfg_dir);
|
|
||||||
rename($cfgfile,$cfgfile.".$$") or
|
|
||||||
print "Error at \n$cfgfile: $!\nNo backup made!\n";
|
|
||||||
}
|
|
||||||
open O, ">$cfgfile" or
|
|
||||||
mydie "Cannot open config file: $!\n";
|
|
||||||
|
|
||||||
print "Saving $cfgfile\n\n\n";
|
|
||||||
print O "# Configuration file created by \"stunnelconf\" by ".
|
|
||||||
"Sergio Rua <srua\@debian.org>\n\n";
|
|
||||||
if ($ekey->get_text()) {
|
|
||||||
print O "key = ".$ekey->get_text()."\n";
|
|
||||||
}
|
|
||||||
if ($ecert->get_text()) {
|
|
||||||
print O "cert = ".$ecert->get_text()."\n";
|
|
||||||
}
|
|
||||||
print O "verify = ".$verify->entry->get_text()."\n";
|
|
||||||
print O "output = ".$elog->get_text()."\n";
|
|
||||||
print O "client = ".$clientmode->entry->get_text()."\n";
|
|
||||||
print O "debug = ".$debuglevel->entry->get_text()."\n";
|
|
||||||
print O "CApath = ".$capath->get_text()."\n";
|
|
||||||
print O "\n\n"; # just some spaces
|
|
||||||
|
|
||||||
my @rowref = @{$list->{data}};
|
|
||||||
my $i=0;
|
|
||||||
|
|
||||||
for $i (0 .. $#rowref) {
|
|
||||||
print O "[".$rowref[$i][0] . "]\n";
|
|
||||||
# if no hostname, ugly ":" to be removed
|
|
||||||
$rowref[$i][1]=~s/^://g;
|
|
||||||
$rowref[$i][2]=~s/^://g;
|
|
||||||
print O "accept = ".$rowref[$i][1] . "\n";
|
|
||||||
print O "connect = ".$rowref[$i][2] . "\n";
|
|
||||||
print O "\n"; # just some spaces
|
|
||||||
}
|
|
||||||
|
|
||||||
close O;
|
|
||||||
Gtk2->main_quit;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub create_main_win
|
|
||||||
{
|
|
||||||
$app = Gnome2::App->new ("stunnel-conf");
|
|
||||||
$app->set_default_size(470,410);
|
|
||||||
$app->signal_connect( 'destroy' => sub { Gtk2->main_quit; } );
|
|
||||||
$app->set_title("Stunnel Configuration");
|
|
||||||
|
|
||||||
my $vbox=Gtk2::VBox->new(FALSE,0);
|
|
||||||
my $frame=Gtk2::Frame->new("Common options");
|
|
||||||
$vbox->pack_start($frame,TRUE, TRUE, 0);
|
|
||||||
|
|
||||||
my $table=Gtk2::Table->new(6, 2, FALSE);
|
|
||||||
$frame->add($table);
|
|
||||||
|
|
||||||
my $label0=Gtk2::Label->new("Private Key");
|
|
||||||
$table->attach($label0,0,1,0,1,["fill"],["fill"],0,0);
|
|
||||||
my $label1=Gtk2::Label->new("Certificate");
|
|
||||||
$table->attach($label1,0,1,1,2,["fill"],["fill"],0,0);
|
|
||||||
my $label2=Gtk2::Label->new("Verify level");
|
|
||||||
$table->attach($label2,0,1,2,3,["fill"],["fill"],0,0);
|
|
||||||
my $label3=Gtk2::Label->new("Log output");
|
|
||||||
$table->attach($label3,0,1,3,4,["fill"],["fill"],0,0);
|
|
||||||
my $label4=Gtk2::Label->new("Client mode");
|
|
||||||
$table->attach($label4,0,1,4,5,["fill"],["fill"],0,0);
|
|
||||||
my $label5=Gtk2::Label->new("Debug level");
|
|
||||||
$table->attach($label5,0,1,5,6,["fill"],["fill"],0,0);
|
|
||||||
my $label6=Gtk2::Label->new("Certificates path");
|
|
||||||
$table->attach($label6,0,1,6,7,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
# Private Key
|
|
||||||
my $hbox0=Gtk2::HBox->new(FALSE,0);
|
|
||||||
$table->attach($hbox0,1,2,0,1,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
$ekey=Gtk2::Entry->new();
|
|
||||||
$hbox0->pack_start($ekey,TRUE,TRUE,0);
|
|
||||||
|
|
||||||
my $bkey=Gtk2::Button->new_from_stock("gtk-open");
|
|
||||||
$bkey->signal_connect("clicked",sub {
|
|
||||||
sel_file("Select private key",$ekey);
|
|
||||||
});
|
|
||||||
$hbox0->pack_start($bkey,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
# Certificate
|
|
||||||
my $hbox1=Gtk2::HBox->new(FALSE,0);
|
|
||||||
$table->attach($hbox1,1,2,1,2,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
$ecert=Gtk2::Entry->new();
|
|
||||||
$hbox1->pack_start($ecert,TRUE,TRUE,0);
|
|
||||||
|
|
||||||
my $bcert=Gtk2::Button->new_from_stock("gtk-open");
|
|
||||||
$bcert->signal_connect("clicked",sub {
|
|
||||||
sel_file("Select certificate",$ecert);
|
|
||||||
});
|
|
||||||
$hbox1->pack_start($bcert,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
# Auth level - verify
|
|
||||||
$verify = Gtk2::Combo->new();
|
|
||||||
$verify->entry->set_text("no verify");
|
|
||||||
$verify->set_popdown_strings(("no verify",
|
|
||||||
"verify peer certificate if present",
|
|
||||||
"verify peer certificate",
|
|
||||||
"verify peer with locally installed certificate"));
|
|
||||||
$table->attach($verify,1,2,2,3,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
# Log output
|
|
||||||
my $hbox2=Gtk2::HBox->new(FALSE,0);
|
|
||||||
$table->attach($hbox2,1,2,3,4,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
$elog=Gtk2::Entry->new();
|
|
||||||
$hbox2->pack_start($elog,TRUE,TRUE,0);
|
|
||||||
|
|
||||||
my $blog=Gtk2::Button->new_from_stock("gtk-open");
|
|
||||||
$blog->signal_connect("clicked",sub {
|
|
||||||
sel_file("Select log file",$elog);
|
|
||||||
});
|
|
||||||
$hbox2->pack_start($blog,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
# Client mode
|
|
||||||
$clientmode = Gtk2::Combo->new();
|
|
||||||
$clientmode->entry->set_text("no verify");
|
|
||||||
$clientmode->set_popdown_strings(("yes","no"));
|
|
||||||
$table->attach($clientmode,1,2,4,5,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
# Debug level
|
|
||||||
$debuglevel = Gtk2::Combo->new();
|
|
||||||
$debuglevel->entry->set_text("no verify");
|
|
||||||
$debuglevel->set_popdown_strings(("0","1","5","7"));
|
|
||||||
$table->attach($debuglevel,1,2,5,6,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
# CA path
|
|
||||||
my $hbox3=Gtk2::HBox->new(FALSE,0);
|
|
||||||
$table->attach($hbox3,1,2,6,7,["fill"],["fill"],0,0);
|
|
||||||
|
|
||||||
$capath=Gtk2::Entry->new();
|
|
||||||
$hbox3->pack_start($capath,TRUE,TRUE,0);
|
|
||||||
|
|
||||||
# my $bcapath=Gtk2::Button->new_from_stock("gtk-open");
|
|
||||||
# $bcapath->signal_connect("clicked",sub {
|
|
||||||
# sel_file("Select Certificates Path",$capath);
|
|
||||||
# });
|
|
||||||
# $hbox3->pack_start($bcapath,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
# connections section
|
|
||||||
my $frame2=Gtk2::Frame->new("Connections");
|
|
||||||
$vbox->pack_start($frame2,TRUE, TRUE, 0);
|
|
||||||
|
|
||||||
my $hbox4=Gtk2::HBox->new(FALSE,0);
|
|
||||||
$list=Gtk2::SimpleList->new (
|
|
||||||
'Name' => 'text',
|
|
||||||
'Accept' => 'text',
|
|
||||||
'Connect' => 'text',
|
|
||||||
);
|
|
||||||
# $list->get_selection->set_mode ('multiple');
|
|
||||||
my $scwin = Gtk2::ScrolledWindow->new;
|
|
||||||
$scwin->set_policy (qw/automatic automatic/);
|
|
||||||
$scwin->add($list);
|
|
||||||
|
|
||||||
$hbox4->pack_start($scwin,TRUE,TRUE,0);
|
|
||||||
|
|
||||||
# list buttons
|
|
||||||
my $vbbox=Gtk2::VButtonBox->new();
|
|
||||||
$vbbox->set_layout('spread');
|
|
||||||
my $badd = Gtk2::Button->new_from_stock('gtk-add');
|
|
||||||
$badd->signal_connect( 'clicked' => sub { add_connection; } );
|
|
||||||
$vbbox->add($badd);
|
|
||||||
|
|
||||||
|
|
||||||
# my $bedit = Gtk2::Button->new_from_stock('gtk-properties');
|
|
||||||
# $bedit->signal_connect( 'clicked' => sub {
|
|
||||||
# print "Edit\n";
|
|
||||||
# } );
|
|
||||||
# $vbbox->add($bedit);
|
|
||||||
|
|
||||||
|
|
||||||
my $brem = Gtk2::Button->new_from_stock('gtk-remove');
|
|
||||||
$brem->signal_connect( 'clicked' => sub {
|
|
||||||
my @sel = $list->get_selected_indices;
|
|
||||||
print @sel;
|
|
||||||
foreach my $i (@sel) {
|
|
||||||
delete $list->{data}[$i];
|
|
||||||
}
|
|
||||||
} );
|
|
||||||
$vbbox->add($brem);
|
|
||||||
|
|
||||||
$hbox4->pack_start($vbbox,FALSE,FALSE,0);
|
|
||||||
|
|
||||||
# main buttons!!!
|
|
||||||
my $bbox=Gtk2::HButtonBox->new();
|
|
||||||
$bbox->set_layout('spread');
|
|
||||||
|
|
||||||
my $bok = Gtk2::Button->new_from_stock('gtk-ok');
|
|
||||||
$bok->signal_connect( 'clicked' => sub { save_config_file; } );
|
|
||||||
$bbox->add($bok);
|
|
||||||
|
|
||||||
my $bcancel = Gtk2::Button->new_from_stock('gtk-cancel');
|
|
||||||
$bcancel->signal_connect( 'clicked' => sub { Gtk2->main_quit;} );
|
|
||||||
$bbox->add($bcancel);
|
|
||||||
|
|
||||||
$vbox->pack_start($bbox,FALSE,FALSE,0);
|
|
||||||
$frame2->add($hbox4);
|
|
||||||
|
|
||||||
|
|
||||||
# App contents and show them
|
|
||||||
$app->set_contents($vbox);
|
|
||||||
$app->show_all;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# MAIN MAIN MAIN
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
Gnome2::Program->init ("stunnelconf", "0.1");
|
|
||||||
$app=create_main_win;
|
|
||||||
load_config_file;
|
|
||||||
|
|
||||||
Gtk2->main;
|
|
||||||
|
|
||||||
exit 0;
|
|
||||||
|
|
1324
debian/changelog
vendored
1324
debian/changelog
vendored
File diff suppressed because it is too large
Load Diff
6
debian/clean
vendored
6
debian/clean
vendored
@ -1,6 +0,0 @@
|
|||||||
build-stamp
|
|
||||||
debian/stunnel4.init
|
|
||||||
doc/stunnel.8
|
|
||||||
doc/stunnel.html
|
|
||||||
doc/stunnel4.8
|
|
||||||
doc/stunnel4.pl.8
|
|
1
debian/compat
vendored
1
debian/compat
vendored
@ -1 +0,0 @@
|
|||||||
10
|
|
45
debian/control
vendored
45
debian/control
vendored
@ -1,45 +0,0 @@
|
|||||||
Source: stunnel4
|
|
||||||
Section: net
|
|
||||||
Priority: optional
|
|
||||||
Build-Depends:
|
|
||||||
debhelper (>= 10),
|
|
||||||
autoconf-archive,
|
|
||||||
libssl-dev,
|
|
||||||
libsystemd-dev [linux-any],
|
|
||||||
libwrap0-dev,
|
|
||||||
netcat-traditional,
|
|
||||||
openssl,
|
|
||||||
net-tools,
|
|
||||||
procps
|
|
||||||
Maintainer: Peter Pentchev <roam@ringlet.net>
|
|
||||||
Uploaders: Laszlo Boszormenyi (GCS) <gcs@debian.org>
|
|
||||||
Standards-Version: 4.1.1
|
|
||||||
Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/stunnel.git
|
|
||||||
Vcs-Git: https://anonscm.debian.org/git/collab-maint/stunnel.git
|
|
||||||
Homepage: https://www.stunnel.org/
|
|
||||||
Rules-Requires-Root: no
|
|
||||||
|
|
||||||
Package: stunnel4
|
|
||||||
Architecture: any
|
|
||||||
Provides: stunnel
|
|
||||||
Depends:
|
|
||||||
${shlibs:Depends},
|
|
||||||
${misc:Depends},
|
|
||||||
${perl:Depends},
|
|
||||||
lsb-base,
|
|
||||||
netbase,
|
|
||||||
openssl
|
|
||||||
Pre-Depends: adduser
|
|
||||||
Suggests: logcheck-database
|
|
||||||
Description: Universal SSL tunnel for network daemons
|
|
||||||
The stunnel program is designed to work as SSL encryption
|
|
||||||
wrapper between remote client and local (inetd-startable) or
|
|
||||||
remote server. The concept is that having non-SSL aware daemons
|
|
||||||
running on your system you can easily setup them to
|
|
||||||
communicate with clients over secure SSL channel.
|
|
||||||
.
|
|
||||||
stunnel can be used to add SSL functionality to commonly
|
|
||||||
used inetd daemons like POP-2, POP-3 and IMAP servers
|
|
||||||
without any changes in the programs' code.
|
|
||||||
.
|
|
||||||
This package contains a wrapper script for compatibility with stunnel 3.x
|
|
59
debian/copyright
vendored
59
debian/copyright
vendored
@ -1,59 +0,0 @@
|
|||||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
|
||||||
Upstream-Name: stunnel
|
|
||||||
Upstream-Contact: Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
Source: https://www.stunnel.org/downloads.html
|
|
||||||
License: GPL-2+-openssl
|
|
||||||
|
|
||||||
Files: *
|
|
||||||
Copyright:
|
|
||||||
(C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
(c) 2014 Mark Theunissen
|
|
||||||
License: GPL-2+-openssl
|
|
||||||
|
|
||||||
Files: src/stunnel3.in
|
|
||||||
Copyright: (C) 2004-2012 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
License: GPL-2+
|
|
||||||
|
|
||||||
Files: debian/*
|
|
||||||
Copyright:
|
|
||||||
(C) 1998-2001 Paolo Molaro <lupus@debian.org>
|
|
||||||
(C) 2003-2007 Julien Lemoine <speedblue@debian.org>
|
|
||||||
(C) 2007-2012 Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
|
|
||||||
(C) 2013 Salvatore Bonaccorso <carnil@debian.org>
|
|
||||||
(C) 2014-2017 Peter Pentchev <roam@ringlet.net>
|
|
||||||
License: GPL-2+-openssl
|
|
||||||
|
|
||||||
License: GPL-2+-openssl
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
.
|
|
||||||
On Debian systems, the complete text of the GNU General Public License
|
|
||||||
can be found in file "/usr/share/common-licenses/GPL-2".
|
|
||||||
.
|
|
||||||
Linking stunnel statically or dynamically with other modules is making
|
|
||||||
a combined work based on stunnel. Thus, the terms and conditions of the
|
|
||||||
GNU General Public License cover the whole combination.
|
|
||||||
.
|
|
||||||
In addition, as a special exception, the copyright holder of stunnel gives you
|
|
||||||
permission to combine stunnel with free software programs or libraries that
|
|
||||||
are released under the GNU LGPL and with code included in the standard release
|
|
||||||
of OpenSSL under the OpenSSL License (or modified versions of such code, with
|
|
||||||
unchanged license). You may copy and distribute such a system following the
|
|
||||||
terms of the GNU GPL for stunnel and the licenses of the other code concerned.
|
|
||||||
.
|
|
||||||
Note that people who make modified versions of stunnel are not obligated to
|
|
||||||
grant this special exception for their modified versions; it is their choice
|
|
||||||
whether to do so. The GNU General Public License gives permission to release
|
|
||||||
a modified version without this exception; this exception also makes it
|
|
||||||
possible to release a modified version which carries forward this exception.
|
|
||||||
|
|
||||||
License: GPL-2+
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
.
|
|
||||||
On Debian systems, the complete text of the GNU General Public License
|
|
||||||
can be found in file "/usr/share/common-licenses/GPL-2".
|
|
1
debian/dirs
vendored
1
debian/dirs
vendored
@ -1 +0,0 @@
|
|||||||
etc/stunnel
|
|
10
debian/doc-base
vendored
10
debian/doc-base
vendored
@ -1,10 +0,0 @@
|
|||||||
Document: stunnel4
|
|
||||||
Title: Stunnel documentation
|
|
||||||
Author: Michal Trojnara
|
|
||||||
Abstract: This manual documents stunnel, a SSL-enhanced client and
|
|
||||||
server wrapper.
|
|
||||||
Section: System/Security
|
|
||||||
|
|
||||||
Format: HTML
|
|
||||||
Index: /usr/share/doc/stunnel4/stunnel.html
|
|
||||||
Files: /usr/share/doc/stunnel4/stunnel*.html
|
|
4
debian/docs
vendored
4
debian/docs
vendored
@ -1,4 +0,0 @@
|
|||||||
BUGS
|
|
||||||
NEWS
|
|
||||||
README
|
|
||||||
TODO
|
|
38
debian/patches/01-fix-paths.patch
vendored
38
debian/patches/01-fix-paths.patch
vendored
@ -1,38 +0,0 @@
|
|||||||
Description: Update the installation directories.
|
|
||||||
Change @prefix@/... to @localstatedir@ or @sysconfdir@ as appropriate
|
|
||||||
to comply with the FHS
|
|
||||||
Forwarded: not-needed
|
|
||||||
Author: Paolo Molaro <lupus@debian.org>
|
|
||||||
Author: Julien Lemoine <speedblue@debian.org>
|
|
||||||
Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
|
|
||||||
Last-Update: 2016-07-06
|
|
||||||
|
|
||||||
--- a/tools/stunnel.conf-sample.in
|
|
||||||
+++ b/tools/stunnel.conf-sample.in
|
|
||||||
@@ -64,7 +64,7 @@
|
|
||||||
accept = 127.0.0.1:110
|
|
||||||
connect = pop.gmail.com:995
|
|
||||||
verifyChain = yes
|
|
||||||
-CApath = /etc/ssl/certs
|
|
||||||
+CApath = @sysconfdir/ssl/certs
|
|
||||||
checkHost = pop.gmail.com
|
|
||||||
OCSPaia = yes
|
|
||||||
|
|
||||||
@@ -73,7 +73,7 @@
|
|
||||||
accept = 127.0.0.1:143
|
|
||||||
connect = imap.gmail.com:993
|
|
||||||
verifyChain = yes
|
|
||||||
-CApath = /etc/ssl/certs
|
|
||||||
+CApath = @sysconfdir/ssl/certs
|
|
||||||
checkHost = imap.gmail.com
|
|
||||||
OCSPaia = yes
|
|
||||||
|
|
||||||
@@ -82,7 +82,7 @@
|
|
||||||
accept = 127.0.0.1:25
|
|
||||||
connect = smtp.gmail.com:465
|
|
||||||
verifyChain = yes
|
|
||||||
-CApath = /etc/ssl/certs
|
|
||||||
+CApath = @sysconfdir/ssl/certs
|
|
||||||
checkHost = smtp.gmail.com
|
|
||||||
OCSPaia = yes
|
|
||||||
|
|
103
debian/patches/02-rename-binary.patch
vendored
103
debian/patches/02-rename-binary.patch
vendored
@ -1,103 +0,0 @@
|
|||||||
Description: Change references to the binary from stunnel to stunnel4
|
|
||||||
Forwarded: not-needed
|
|
||||||
Author: Julien Lemoine <speedblue@debian.org>
|
|
||||||
Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
|
|
||||||
Last-Update: 2017-09-23
|
|
||||||
|
|
||||||
--- a/src/stunnel3.in
|
|
||||||
+++ b/src/stunnel3.in
|
|
||||||
@@ -22,7 +22,7 @@
|
|
||||||
use Getopt::Std;
|
|
||||||
|
|
||||||
# Configuration - path to stunnel (version >=4.05)
|
|
||||||
-$stunnel_bin='@bindir@/stunnel';
|
|
||||||
+$stunnel_bin='@bindir@/stunnel4';
|
|
||||||
|
|
||||||
# stunnel3 script body begins here
|
|
||||||
($read_fd, $write_fd)=POSIX::pipe();
|
|
||||||
--- a/tools/stunnel.init.in
|
|
||||||
+++ b/tools/stunnel.init.in
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
#! /bin/sh -e
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
-# Provides: stunnel
|
|
||||||
+# Provides: stunnel4
|
|
||||||
# Required-Start: $local_fs $remote_fs
|
|
||||||
# Required-Stop: $local_fs $remote_fs
|
|
||||||
# Should-Start: $syslog
|
|
||||||
@@ -21,8 +21,8 @@
|
|
||||||
|
|
||||||
. /lib/lsb/init-functions
|
|
||||||
|
|
||||||
-DEFAULTPIDFILE="/var/run/stunnel.pid"
|
|
||||||
-DAEMON=@bindir@/stunnel
|
|
||||||
+DEFAULTPIDFILE="/var/run/stunnel4.pid"
|
|
||||||
+DAEMON=@bindir@/stunnel4
|
|
||||||
NAME=stunnel
|
|
||||||
DESC="TLS tunnels"
|
|
||||||
OPTIONS=""
|
|
||||||
@@ -49,9 +49,9 @@
|
|
||||||
startdaemons() {
|
|
||||||
local res file args pidfile warn status
|
|
||||||
|
|
||||||
- if ! [ -d /var/run/stunnel ]; then
|
|
||||||
- rm -rf /var/run/stunnel
|
|
||||||
- install -d -o stunnel -g stunnel /var/run/stunnel
|
|
||||||
+ if ! [ -d /var/run/stunnel4 ]; then
|
|
||||||
+ rm -rf /var/run/stunnel4
|
|
||||||
+ install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
|
|
||||||
fi
|
|
||||||
if [ -n "$RLIMITS" ]; then
|
|
||||||
ulimit $RLIMITS
|
|
||||||
@@ -141,9 +141,9 @@
|
|
||||||
OPTIONS="-- $OPTIONS"
|
|
||||||
fi
|
|
||||||
|
|
||||||
-[ -f @sysconfdir@/default/stunnel ] && . @sysconfdir@/default/stunnel
|
|
||||||
+[ -f @sysconfdir@/default/stunnel4 ] && . @sysconfdir@/default/stunnel4
|
|
||||||
if [ "$ENABLED" = "0" ] ; then
|
|
||||||
- echo "$DESC disabled, see @sysconfdir@/default/stunnel"
|
|
||||||
+ echo "$DESC disabled, see @sysconfdir@/default/stunnel4"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
--- a/tools/script.sh
|
|
||||||
+++ b/tools/script.sh
|
|
||||||
@@ -2,7 +2,7 @@
|
|
||||||
|
|
||||||
REMOTE_HOST="www.mirt.net:443"
|
|
||||||
echo "client script connecting $REMOTE_HOST"
|
|
||||||
-/usr/local/bin/stunnel -fd 10 \
|
|
||||||
+/usr/bin/stunnel4 -fd 10 \
|
|
||||||
11<&0 <<EOT 10<&0 0<&11 11<&-
|
|
||||||
client=yes
|
|
||||||
connect=$REMOTE_HOST
|
|
||||||
--- a/doc/Makefile.am
|
|
||||||
+++ b/doc/Makefile.am
|
|
||||||
@@ -15,11 +15,11 @@
|
|
||||||
|
|
||||||
.pod.in.8.in:
|
|
||||||
pod2man -u -n stunnel -s 8 -r $(VERSION) \
|
|
||||||
- -c "stunnel TLS Proxy" -d `date +%Y.%m.%d` $< $@
|
|
||||||
+ -c "stunnel4 TLS Proxy" -d `date +%Y.%m.%d` $< $@
|
|
||||||
|
|
||||||
.pod.in.html.in:
|
|
||||||
pod2html --index --backlink --header \
|
|
||||||
- --title "stunnel TLS Proxy" --infile=$< --outfile=$@
|
|
||||||
+ --title "stunnel4 TLS Proxy" --infile=$< --outfile=$@
|
|
||||||
rm -f pod2htmd.tmp pod2htmi.tmp
|
|
||||||
|
|
||||||
edit = sed \
|
|
||||||
--- a/doc/stunnel.pl.8.in
|
|
||||||
+++ b/doc/stunnel.pl.8.in
|
|
||||||
@@ -70,8 +70,8 @@
|
|
||||||
.rr rF
|
|
||||||
.\" ========================================================================
|
|
||||||
.\"
|
|
||||||
-.IX Title "stunnel 8"
|
|
||||||
-.TH stunnel 8 "2017.04.01" "5.42" "stunnel TLS Proxy"
|
|
||||||
+.IX Title "stunnel4 8"
|
|
||||||
+.TH stunnel 8 "2017.04.01" "5.42" "stunnel4 TLS Proxy"
|
|
||||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
|
||||||
.\" way too many mistakes in technical documents.
|
|
||||||
.if n .ad l
|
|
19
debian/patches/03-runas-user.patch
vendored
19
debian/patches/03-runas-user.patch
vendored
@ -1,19 +0,0 @@
|
|||||||
Description: Change the default user the binary will run as to stunnel4
|
|
||||||
Forwarded: not-needed
|
|
||||||
Author: Julien Lemoine <speedblue@debian.org>
|
|
||||||
Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
|
|
||||||
Last-Update: 2015-06-13
|
|
||||||
|
|
||||||
--- a/tools/stunnel.conf-sample.in
|
|
||||||
+++ b/tools/stunnel.conf-sample.in
|
|
||||||
@@ -8,8 +8,8 @@
|
|
||||||
; **************************************************************************
|
|
||||||
|
|
||||||
; It is recommended to drop root privileges if stunnel is started by root
|
|
||||||
-;setuid = nobody
|
|
||||||
-;setgid = @DEFAULT_GROUP@
|
|
||||||
+;setuid = stunnel4
|
|
||||||
+;setgid = stunnel4
|
|
||||||
|
|
||||||
; PID file is created inside the chroot jail (if enabled)
|
|
||||||
;pid = @localstatedir@/run/stunnel.pid
|
|
44
debian/patches/04-restore-pidfile-default.patch
vendored
44
debian/patches/04-restore-pidfile-default.patch
vendored
@ -1,44 +0,0 @@
|
|||||||
Description: Temporarily restore the pid file creation by default.
|
|
||||||
The init script will not be able to monitor the automatically-started
|
|
||||||
instances of stunnel if there is no pid file. For the present for the
|
|
||||||
upgrade from 4.53 the "create the pid file by default" behavior is
|
|
||||||
restored and the init script warns about configuration files that have
|
|
||||||
no "pid" setting. The intention is that in a future version the init
|
|
||||||
script will refuse to start stunnel for these configurations.
|
|
||||||
Forwarded: not-needed
|
|
||||||
Author: Peter Pentchev <roam@ringlet.net>
|
|
||||||
Bug-Debian: https://bugs.debian.org/744851
|
|
||||||
Last-Update: 2017-07-03
|
|
||||||
--- a/src/Makefile.am
|
|
||||||
+++ b/src/Makefile.am
|
|
||||||
@@ -44,6 +44,7 @@
|
|
||||||
stunnel_CPPFLAGS += -I$(SSLDIR)/include
|
|
||||||
stunnel_CPPFLAGS += -DLIBDIR='"$(pkglibdir)"'
|
|
||||||
stunnel_CPPFLAGS += -DCONFDIR='"$(sysconfdir)/stunnel"'
|
|
||||||
+stunnel_CPPFLAGS += -DPIDFILE='"$(localstatedir)/run/stunnel4.pid"'
|
|
||||||
|
|
||||||
# TLS library
|
|
||||||
stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto
|
|
||||||
--- a/src/options.c
|
|
||||||
+++ b/src/options.c
|
|
||||||
@@ -917,7 +917,7 @@
|
|
||||||
#ifndef USE_WIN32
|
|
||||||
switch(cmd) {
|
|
||||||
case CMD_BEGIN:
|
|
||||||
- new_global_options.pidfile=NULL; /* do not create a pid file */
|
|
||||||
+ new_global_options.pidfile=PIDFILE;
|
|
||||||
break;
|
|
||||||
case CMD_EXEC:
|
|
||||||
if(strcasecmp(opt, "pid"))
|
|
||||||
@@ -932,9 +932,10 @@
|
|
||||||
case CMD_FREE:
|
|
||||||
break;
|
|
||||||
case CMD_DEFAULT:
|
|
||||||
+ s_log(LOG_NOTICE, "%-22s = %s", "pid", PIDFILE);
|
|
||||||
break;
|
|
||||||
case CMD_HELP:
|
|
||||||
- s_log(LOG_NOTICE, "%-22s = pid file", "pid");
|
|
||||||
+ s_log(LOG_NOTICE, "%-22s = pid file (empty to disable creating)", "pid");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif
|
|
16
debian/patches/05-author-tests.patch
vendored
16
debian/patches/05-author-tests.patch
vendored
@ -1,16 +0,0 @@
|
|||||||
Description: Only build the Win32 executables if requested.
|
|
||||||
Author: Peter Pentchev <roam@ringlet.net>
|
|
||||||
Forwarded: not yet
|
|
||||||
Last-Update: 2015-11-11
|
|
||||||
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -8,7 +8,7 @@
|
|
||||||
AC_CONFIG_SRCDIR([src/stunnel.c])
|
|
||||||
AM_INIT_AUTOMAKE
|
|
||||||
|
|
||||||
-AM_CONDITIONAL([AUTHOR_TESTS], [test -d ".git"])
|
|
||||||
+AM_CONDITIONAL([AUTHOR_TESTS], [test -n "$AUTHOR_TESTS"])
|
|
||||||
AC_CANONICAL_HOST
|
|
||||||
AC_SUBST([host])
|
|
||||||
AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description])
|
|
71
debian/patches/07-path-max.patch
vendored
71
debian/patches/07-path-max.patch
vendored
@ -1,71 +0,0 @@
|
|||||||
Description: Allocate the config filename dynamically.
|
|
||||||
Avoid the use of PATH_MAX which may not be defined.
|
|
||||||
Forwarded: not-yet
|
|
||||||
Author: Peter Pentchev <roam@ringlet.net>
|
|
||||||
Last-Update: 2017-07-03
|
|
||||||
|
|
||||||
--- a/src/common.h
|
|
||||||
+++ b/src/common.h
|
|
||||||
@@ -94,7 +94,6 @@
|
|
||||||
typedef int ssize_t;
|
|
||||||
#endif /* _WIN64 */
|
|
||||||
#endif /* !__MINGW32__ */
|
|
||||||
-#define PATH_MAX MAX_PATH
|
|
||||||
#define USE_IPv6
|
|
||||||
#define _CRT_SECURE_NO_DEPRECATE
|
|
||||||
#define _CRT_NONSTDC_NO_DEPRECATE
|
|
||||||
--- a/src/options.c
|
|
||||||
+++ b/src/options.c
|
|
||||||
@@ -211,7 +211,7 @@
|
|
||||||
NOEXPORT char **argalloc(char *);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-char configuration_file[PATH_MAX];
|
|
||||||
+char *configuration_file;
|
|
||||||
|
|
||||||
GLOBAL_OPTIONS global_options;
|
|
||||||
SERVICE_OPTIONS service_options;
|
|
||||||
@@ -289,17 +289,27 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef HAVE_REALPATH
|
|
||||||
+ char *nconf;
|
|
||||||
if(type==CONF_FILE) {
|
|
||||||
- if(!realpath(name, configuration_file)) {
|
|
||||||
+ nconf = realpath(name, NULL);
|
|
||||||
+ if(nconf == NULL) {
|
|
||||||
s_log(LOG_ERR, "Invalid configuration file name \"%s\"", name);
|
|
||||||
ioerror("realpath");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
- return options_parse(type);
|
|
||||||
- }
|
|
||||||
+ free(configuration_file);
|
|
||||||
+ } else
|
|
||||||
#endif
|
|
||||||
- strncpy(configuration_file, name, PATH_MAX-1);
|
|
||||||
- configuration_file[PATH_MAX-1]='\0';
|
|
||||||
+ {
|
|
||||||
+ size_t sz = strlen(name) + 1;
|
|
||||||
+ nconf = realloc(configuration_file, sz);
|
|
||||||
+ if(nconf == NULL) {
|
|
||||||
+ s_log(LOG_ERR, "Could not allocate memory");
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ snprintf(nconf, sz, "%s", name);
|
|
||||||
+ }
|
|
||||||
+ configuration_file = nconf;
|
|
||||||
return options_parse(type);
|
|
||||||
}
|
|
||||||
|
|
||||||
--- a/src/prototypes.h
|
|
||||||
+++ b/src/prototypes.h
|
|
||||||
@@ -430,7 +430,7 @@
|
|
||||||
|
|
||||||
/**************************************** prototypes for options.c */
|
|
||||||
|
|
||||||
-extern char configuration_file[PATH_MAX];
|
|
||||||
+extern char *configuration_file;
|
|
||||||
extern unsigned number_of_sections;
|
|
||||||
|
|
||||||
int options_cmdline(char *, char *);
|
|
76
debian/patches/09-try-restart.patch
vendored
76
debian/patches/09-try-restart.patch
vendored
@ -1,76 +0,0 @@
|
|||||||
Description: Implement try-restart in the SysV init script.
|
|
||||||
Forwarded: not-yet
|
|
||||||
Author: Peter Pentchev <roam@ringlet.net>
|
|
||||||
Last-Update: 2017-07-03
|
|
||||||
|
|
||||||
--- a/tools/stunnel.init.in
|
|
||||||
+++ b/tools/stunnel.init.in
|
|
||||||
@@ -137,6 +137,47 @@
|
|
||||||
exit "$res"
|
|
||||||
}
|
|
||||||
|
|
||||||
+restartrunningdaemons()
|
|
||||||
+{
|
|
||||||
+ local res file pidfile status args
|
|
||||||
+
|
|
||||||
+ res=0
|
|
||||||
+ for file in $FILES; do
|
|
||||||
+ echo -n " $file: "
|
|
||||||
+ pidfile=`get_pidfile "$file"`
|
|
||||||
+ if [ ! -e "$pidfile" ]; then
|
|
||||||
+ echo -n 'no pid file'
|
|
||||||
+ else
|
|
||||||
+ status=0
|
|
||||||
+ pidofproc -p "$pidfile" "$DAEMON" >/dev/null || status="$?"
|
|
||||||
+ if [ "$status" = 0 ]; then
|
|
||||||
+ echo -n 'stopping'
|
|
||||||
+ killproc -p "$pidfile" "$DAEMON" "$sig" || status="$?"
|
|
||||||
+ if [ "$status" -eq 0 ]; then
|
|
||||||
+ echo -n ' starting'
|
|
||||||
+ args="$file $OPTIONS"
|
|
||||||
+ start_daemon -p "$pidfile" "$DAEMON" $args || status="$?"
|
|
||||||
+ if [ "$status" -eq 0 ]; then
|
|
||||||
+ echo -n ' started'
|
|
||||||
+ else
|
|
||||||
+ echo ' failed'
|
|
||||||
+ res=1
|
|
||||||
+ fi
|
|
||||||
+ else
|
|
||||||
+ echo -n ' failed'
|
|
||||||
+ res=1
|
|
||||||
+ fi
|
|
||||||
+ elif [ "$status" = 4 ]; then
|
|
||||||
+ echo "cannot access the pid file $pidfile"
|
|
||||||
+ else
|
|
||||||
+ echo -n 'stopped'
|
|
||||||
+ fi
|
|
||||||
+ fi
|
|
||||||
+ done
|
|
||||||
+ echo ''
|
|
||||||
+ exit "$res"
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
if [ "x$OPTIONS" != "x" ]; then
|
|
||||||
OPTIONS="-- $OPTIONS"
|
|
||||||
fi
|
|
||||||
@@ -194,6 +235,11 @@
|
|
||||||
killdaemons && startdaemons
|
|
||||||
res=$?
|
|
||||||
;;
|
|
||||||
+ try-restart)
|
|
||||||
+ echo -n "Restarting $DESC if running:"
|
|
||||||
+ restartrunningdaemons
|
|
||||||
+ res=$?
|
|
||||||
+ ;;
|
|
||||||
status)
|
|
||||||
echo -n "$DESC status:"
|
|
||||||
querydaemons
|
|
||||||
@@ -201,7 +247,7 @@
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
N=@sysconfdir@/init.d/$NAME
|
|
||||||
- echo "Usage: $N {start|stop|status|reload|reopen-logs|restart} [<stunnel instance>]" >&2
|
|
||||||
+ echo "Usage: $N {start|stop|status|reload|reopen-logs|restart|try-restart} [<stunnel instance>]" >&2
|
|
||||||
res=1
|
|
||||||
;;
|
|
||||||
esac
|
|
7
debian/patches/series
vendored
7
debian/patches/series
vendored
@ -1,7 +0,0 @@
|
|||||||
01-fix-paths.patch
|
|
||||||
02-rename-binary.patch
|
|
||||||
03-runas-user.patch
|
|
||||||
04-restore-pidfile-default.patch
|
|
||||||
05-author-tests.patch
|
|
||||||
07-path-max.patch
|
|
||||||
09-try-restart.patch
|
|
67
debian/postinst
vendored
67
debian/postinst
vendored
@ -1,67 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
USER="stunnel4"
|
|
||||||
CHOWN="/bin/chown"
|
|
||||||
#USERDEL="/usr/sbin/userdel"
|
|
||||||
ADDUSER="/usr/sbin/adduser"
|
|
||||||
ID="/usr/bin/id"
|
|
||||||
GROUPMOD="/usr/sbin/groupmod"
|
|
||||||
#GROUPDEL="/usr/sbin/groupdel"
|
|
||||||
|
|
||||||
###
|
|
||||||
# 1. get current stunnel uid and gid if user exists.
|
|
||||||
set -e
|
|
||||||
if $ID $USER > /dev/null 2>&1; then
|
|
||||||
IUID=`$ID --user $USER`
|
|
||||||
IGID=`$ID --group $USER`
|
|
||||||
else
|
|
||||||
IUID="NONE"
|
|
||||||
IGID="NONE"
|
|
||||||
fi
|
|
||||||
|
|
||||||
###
|
|
||||||
# 2. Ensure that no standard account or group will remain before adding the
|
|
||||||
# new user
|
|
||||||
#if [ "$IUID" != "NONE" ]; then # remove existing user
|
|
||||||
# $USERDEL $USER
|
|
||||||
#fi
|
|
||||||
|
|
||||||
#if $GROUPMOD $USER > /dev/null 2>&1; then
|
|
||||||
# $GROUPDEL $USER;
|
|
||||||
#fi
|
|
||||||
|
|
||||||
if [ "$IUID" = "NONE" ]; then
|
|
||||||
$ADDUSER --system --disabled-password --disabled-login \
|
|
||||||
--home /var/run/stunnel4 \
|
|
||||||
--no-create-home --group $USER
|
|
||||||
fi
|
|
||||||
|
|
||||||
# /var/run/stunnel4 is not a directory, create it...
|
|
||||||
if ! test -d /var/run/stunnel4; then
|
|
||||||
rm -rf /var/run/stunnel4;
|
|
||||||
mkdir /var/run/stunnel4
|
|
||||||
fi
|
|
||||||
$CHOWN $USER:$USER /var/run/stunnel4 || true
|
|
||||||
|
|
||||||
# /var/log/stunnel4 is not a directory, create it...
|
|
||||||
if ! test -d /var/log/stunnel4; then
|
|
||||||
rm -rf /var/log/stunnel4;
|
|
||||||
mkdir /var/log/stunnel4
|
|
||||||
fi
|
|
||||||
$CHOWN -R $USER:$USER /var/log/stunnel4
|
|
||||||
|
|
||||||
# /var/lib/stunnel4 is not a directory, create it...
|
|
||||||
if ! test -d /var/lib/stunnel4; then
|
|
||||||
rm -rf /var/lib/stunnel4;
|
|
||||||
mkdir /var/lib/stunnel4
|
|
||||||
fi
|
|
||||||
$CHOWN -R $USER:$USER /var/lib/stunnel4
|
|
||||||
|
|
||||||
if ! test -f /var/log/stunnel4/stunnel.log; then
|
|
||||||
touch /var/log/stunnel4/stunnel.log
|
|
||||||
$CHOWN -R $USER:$USER /var/log/stunnel4/stunnel.log
|
|
||||||
fi
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
17
debian/postrm
vendored
17
debian/postrm
vendored
@ -1,17 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [ x$1 = "xpurge" ]; then
|
|
||||||
echo You may want to delete the generated stunnel.pem file
|
|
||||||
echo in /etc/ssl/certs.
|
|
||||||
|
|
||||||
# Remove chroot dir if present. It may contain logfiles
|
|
||||||
rm -rf /var/lib/stunnel4 || true
|
|
||||||
|
|
||||||
# Log files must be removed on purge (Policy 10.8)
|
|
||||||
rm -f /var/log/stunnel4/stunnel.log* || true
|
|
||||||
rmdir /var/log/stunnel4 || true
|
|
||||||
fi
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
79
debian/rules
vendored
79
debian/rules
vendored
@ -1,79 +0,0 @@
|
|||||||
#!/usr/bin/make -f
|
|
||||||
# -*- makefile -*-
|
|
||||||
|
|
||||||
# Uncomment this to turn on verbose mode.
|
|
||||||
#export DH_VERBOSE=1
|
|
||||||
|
|
||||||
# debian/rules file for the Debian GNU/Linux stunnel package
|
|
||||||
# Copyright 2003 by Julien LEMOINE <speedblue@debian.org>
|
|
||||||
# Copyright 2014 by Peter Pentchev <roam@ringlet.net>
|
|
||||||
|
|
||||||
ifeq (,$(filter nodoc,$(DEB_BUILD_OPTIONS) $(DEB_BUILD_PROFILES)))
|
|
||||||
DEB_NODOC=0
|
|
||||||
else
|
|
||||||
DEB_NODOC=1
|
|
||||||
endif
|
|
||||||
|
|
||||||
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
|
|
||||||
export DEB_CFLAGS_MAINT_APPEND=-Wall
|
|
||||||
|
|
||||||
multiarch_path= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
|
|
||||||
|
|
||||||
override_dh_auto_configure:
|
|
||||||
dh_auto_configure -- \
|
|
||||||
--enable-ipv6 --with-threads=pthread
|
|
||||||
|
|
||||||
override_dh_auto_install:
|
|
||||||
dh_auto_install -- -C src
|
|
||||||
ifeq ($(DEB_NODOC),0)
|
|
||||||
dh_auto_install -- -C doc
|
|
||||||
endif
|
|
||||||
|
|
||||||
# .la file is useless
|
|
||||||
rm $(CURDIR)/debian/stunnel4/usr/lib/$(multiarch_path)/stunnel/libstunnel.la
|
|
||||||
|
|
||||||
# Rename binary
|
|
||||||
mv $(CURDIR)/debian/stunnel4/usr/bin/stunnel \
|
|
||||||
$(CURDIR)/debian/stunnel4/usr/bin/stunnel4
|
|
||||||
|
|
||||||
# Copy sample init script into place for dh_installinit
|
|
||||||
cp $(CURDIR)/tools/stunnel.init $(CURDIR)/debian/stunnel4.init
|
|
||||||
|
|
||||||
ifeq ($(DEB_NODOC),0)
|
|
||||||
ln doc/stunnel.8 doc/stunnel4.8
|
|
||||||
ln doc/stunnel.pl.8 doc/stunnel4.pl.8
|
|
||||||
|
|
||||||
# Manpages will be installed by dh_installman
|
|
||||||
rm -rf $(CURDIR)/debian/stunnel4/usr/share/man
|
|
||||||
|
|
||||||
# Move docs into proper dir
|
|
||||||
mv $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel \
|
|
||||||
$(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4
|
|
||||||
|
|
||||||
# Basic docs for the user on how to create an initial configuration
|
|
||||||
install -p -m 0644 $(CURDIR)/debian/stunnel4.conf.README \
|
|
||||||
$(CURDIR)/debian/stunnel4/etc/stunnel/README
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(DEB_NODOC),1)
|
|
||||||
override_dh_installdocs:
|
|
||||||
mkdir -p $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4
|
|
||||||
install -c -o root -g root -m 644 $(CURDIR)/debian/copyright $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4/
|
|
||||||
|
|
||||||
override_dh_installman:
|
|
||||||
|
|
||||||
override_dh_link:
|
|
||||||
dh_link
|
|
||||||
rm $(CURDIR)/debian/stunnel4/usr/share/man/man8/stunnel.8.gz
|
|
||||||
rmdir $(CURDIR)/debian/stunnel4/usr/share/man/man8
|
|
||||||
rmdir $(CURDIR)/debian/stunnel4/usr/share/man
|
|
||||||
endif
|
|
||||||
|
|
||||||
override_dh_installppp:
|
|
||||||
dh_installppp --name=0stunnel4
|
|
||||||
|
|
||||||
override_dh_compress:
|
|
||||||
dh_compress --exclude=StunnelConf-0.1.pl
|
|
||||||
|
|
||||||
%:
|
|
||||||
dh $@
|
|
1
debian/source/format
vendored
1
debian/source/format
vendored
@ -1 +0,0 @@
|
|||||||
3.0 (quilt)
|
|
510
debian/stunnel3.8
vendored
510
debian/stunnel3.8
vendored
@ -1,510 +0,0 @@
|
|||||||
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
|
|
||||||
.\"
|
|
||||||
.\" Standard preamble:
|
|
||||||
.\" ========================================================================
|
|
||||||
.de Sh \" Subsection heading
|
|
||||||
.br
|
|
||||||
.if t .Sp
|
|
||||||
.ne 5
|
|
||||||
.PP
|
|
||||||
\fB\\$1\fR
|
|
||||||
.PP
|
|
||||||
..
|
|
||||||
.de Sp \" Vertical space (when we can't use .PP)
|
|
||||||
.if t .sp .5v
|
|
||||||
.if n .sp
|
|
||||||
..
|
|
||||||
.de Vb \" Begin verbatim text
|
|
||||||
.ft CW
|
|
||||||
.nf
|
|
||||||
.ne \\$1
|
|
||||||
..
|
|
||||||
.de Ve \" End verbatim text
|
|
||||||
.ft R
|
|
||||||
.fi
|
|
||||||
..
|
|
||||||
.\" Set up some character translations and predefined strings. \*(-- will
|
|
||||||
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
||||||
.\" double quote, and \*(R" will give a right double quote. | will give a
|
|
||||||
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
|
|
||||||
.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
|
|
||||||
.\" expand to `' in nroff, nothing in troff, for use with C<>.
|
|
||||||
.tr \(*W-|\(bv\*(Tr
|
|
||||||
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
||||||
.ie n \{\
|
|
||||||
. ds -- \(*W-
|
|
||||||
. ds PI pi
|
|
||||||
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
||||||
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
||||||
. ds L" ""
|
|
||||||
. ds R" ""
|
|
||||||
. ds C` ""
|
|
||||||
. ds C' ""
|
|
||||||
'br\}
|
|
||||||
.el\{\
|
|
||||||
. ds -- \|\(em\|
|
|
||||||
. ds PI \(*p
|
|
||||||
. ds L" ``
|
|
||||||
. ds R" ''
|
|
||||||
'br\}
|
|
||||||
.\"
|
|
||||||
.\" If the F register is turned on, we'll generate index entries on stderr for
|
|
||||||
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
|
|
||||||
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
|
||||||
.\" output yourself in some meaningful fashion.
|
|
||||||
.if \nF \{\
|
|
||||||
. de IX
|
|
||||||
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
||||||
..
|
|
||||||
. nr % 0
|
|
||||||
. rr F
|
|
||||||
.\}
|
|
||||||
.\"
|
|
||||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
|
||||||
.\" way too many mistakes in technical documents.
|
|
||||||
.hy 0
|
|
||||||
.if n .na
|
|
||||||
.\"
|
|
||||||
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
||||||
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
||||||
. \" fudge factors for nroff and troff
|
|
||||||
.if n \{\
|
|
||||||
. ds #H 0
|
|
||||||
. ds #V .8m
|
|
||||||
. ds #F .3m
|
|
||||||
. ds #[ \f1
|
|
||||||
. ds #] \fP
|
|
||||||
.\}
|
|
||||||
.if t \{\
|
|
||||||
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
||||||
. ds #V .6m
|
|
||||||
. ds #F 0
|
|
||||||
. ds #[ \&
|
|
||||||
. ds #] \&
|
|
||||||
.\}
|
|
||||||
. \" simple accents for nroff and troff
|
|
||||||
.if n \{\
|
|
||||||
. ds ' \&
|
|
||||||
. ds ` \&
|
|
||||||
. ds ^ \&
|
|
||||||
. ds , \&
|
|
||||||
. ds ~ ~
|
|
||||||
. ds /
|
|
||||||
.\}
|
|
||||||
.if t \{\
|
|
||||||
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
||||||
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
||||||
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
||||||
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
||||||
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
||||||
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
||||||
.\}
|
|
||||||
. \" troff and (daisy-wheel) nroff accents
|
|
||||||
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
||||||
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
||||||
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
||||||
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
||||||
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
||||||
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
||||||
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
||||||
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
||||||
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
||||||
. \" corrections for vroff
|
|
||||||
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
||||||
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
||||||
. \" for low resolution devices (crt and lpr)
|
|
||||||
.if \n(.H>23 .if \n(.V>19 \
|
|
||||||
\{\
|
|
||||||
. ds : e
|
|
||||||
. ds 8 ss
|
|
||||||
. ds o a
|
|
||||||
. ds d- d\h'-1'\(ga
|
|
||||||
. ds D- D\h'-1'\(hy
|
|
||||||
. ds th \o'bp'
|
|
||||||
. ds Th \o'LP'
|
|
||||||
. ds ae ae
|
|
||||||
. ds Ae AE
|
|
||||||
.\}
|
|
||||||
.rm #[ #] #H #V #F C
|
|
||||||
.\" ========================================================================
|
|
||||||
.\"
|
|
||||||
.IX Title "STUNNEL 1"
|
|
||||||
.TH STUNNEL 8 "2003-08-01" " " " "
|
|
||||||
.SH "NAME"
|
|
||||||
stunnel \- universal SSL tunnel
|
|
||||||
.SH "SYNOPSIS"
|
|
||||||
.IX Header "SYNOPSIS"
|
|
||||||
\&\fBstunnel\fR [\-c\ |\ \-T] [\-D\ [facility.]level] [\-O\ a|l|r:option=value[:value]] [\-o\ file] [\-C\ cipherlist] [\-p\ pemfile] [\-v\ level] [\-A\ certfile] [\-S\ sources] [\-a\ directory] [\-t\ timeout] [\-u\ ident_username] [\-s\ setuid_user]
|
|
||||||
[\-g\ setgid_group] [\-n\ protocol] [\-P\ {\ filename\ |\ ''\ }\ ] [\-B\ bytes] [\-R\ randfile] [\-W] [\-E\ socket] [\-I\ host]
|
|
||||||
[\-d\ [host:]port\ [\-f]\ ] [\ \-r\ [host:]port\ |\ {\ \-l\ |\ \-L\ }\ program\ [\-\-\ progname\ args]\ ]
|
|
||||||
.SH "DESCRIPTION"
|
|
||||||
.IX Header "DESCRIPTION"
|
|
||||||
The \fBstunnel\fR program is designed to work as \fI\s-1SSL\s0\fR encryption
|
|
||||||
wrapper between remote clients and local (\fIinetd\fR\-startable) or
|
|
||||||
remote servers. The concept is that having non-SSL aware daemons
|
|
||||||
running on your system you can easily set them up to communicate with
|
|
||||||
clients over secure \s-1SSL\s0 channels.
|
|
||||||
.PP
|
|
||||||
\&\fBstunnel\fR can be used to add \s-1SSL\s0 functionality to commonly used
|
|
||||||
\&\fIinetd\fR daemons like \s-1POP\-2\s0, \s-1POP\-3\s0, and \s-1IMAP\s0 servers, to standalone
|
|
||||||
daemons like \s-1NNTP\s0, \s-1SMTP\s0 and \s-1HTTP\s0, and in tunneling \s-1PPP\s0 over network
|
|
||||||
sockets without changes to the source code.
|
|
||||||
.PP
|
|
||||||
This product includes cryptographic software written by Eric Young
|
|
||||||
(eay@cryptsoft.com)
|
|
||||||
.SH "OPTIONS"
|
|
||||||
.IX Header "OPTIONS"
|
|
||||||
.IP "\fB\-h\fR" 4
|
|
||||||
.IX Item "-h"
|
|
||||||
Print stunnel help menu
|
|
||||||
.IP "\fB\-D\fR level" 4
|
|
||||||
.IX Item "-D level"
|
|
||||||
Debugging level
|
|
||||||
.Sp
|
|
||||||
Level is a one of the syslog level names or numbers emerg (0), alert
|
|
||||||
(1), crit (2), err (3), warning (4), notice (5), info (6), or debug
|
|
||||||
(7). All logs for the specified level and all levels numerically less
|
|
||||||
than it will be shown. Use \-D debug or \-D 7 for greatest debugging
|
|
||||||
output. The default is notice (5).
|
|
||||||
.Sp
|
|
||||||
The syslog facility 'daemon' will be used unless a facility name is
|
|
||||||
supplied. (Facilities are not supported on windows.)
|
|
||||||
.Sp
|
|
||||||
Case is ignored for both facilities and levels.
|
|
||||||
.IP "\fB\-O\fR a|l|r:option=value[:value]" 4
|
|
||||||
.IX Item "-O a|l|r:option=value[:value]"
|
|
||||||
Set an option on accept/local/remote socket
|
|
||||||
.Sp
|
|
||||||
The values for linger option are l_onof:l_linger. The values for time
|
|
||||||
are tv_sec:tv_usec.
|
|
||||||
.Sp
|
|
||||||
\&\fBExamples:\fR
|
|
||||||
.Sp
|
|
||||||
\&\fB\-O l:SO_LINGER=1:60\fR \- set one minute timeout for closing local
|
|
||||||
socket
|
|
||||||
.Sp
|
|
||||||
\&\fB\-O r:TCP_NODELAY=1\fR \- turn off the Nagle algorithm for remote
|
|
||||||
sockets
|
|
||||||
.Sp
|
|
||||||
\&\fB\-O r:SO_OOBINLINE=1\fR \- place out-of-band data directly into the
|
|
||||||
receive data stream for remote sockets
|
|
||||||
.Sp
|
|
||||||
\&\fB\-O a:SO_REUSEADDR=0\fR \- disable address reuse (enabled by default)
|
|
||||||
.Sp
|
|
||||||
\&\fB\-O a:SO_BINDTODEVICE=lo\fR \- only accept connections on loopback
|
|
||||||
interface
|
|
||||||
.Sp
|
|
||||||
The available options and their defaults are:
|
|
||||||
Option Accept Local Remote OS default
|
|
||||||
SO_DEBUG -- -- -- 0
|
|
||||||
SO_DONTROUTE -- -- -- 0
|
|
||||||
SO_KEEPALIVE -- -- -- 0
|
|
||||||
SO_LINGER -- -- -- 0:0
|
|
||||||
SO_OOBINLINE -- -- -- 0
|
|
||||||
SO_RCVBUF -- -- -- 87380
|
|
||||||
SO_SNDBUF -- -- -- 16384
|
|
||||||
SO_RCVLOWAT -- -- -- 1
|
|
||||||
SO_SNDLOWAT -- -- -- 1
|
|
||||||
SO_RCVTIMEO -- -- -- 0:0
|
|
||||||
SO_SNDTIMEO -- -- -- 0:0
|
|
||||||
SO_REUSEADDR 1 -- -- 0
|
|
||||||
SO_BINDTODEVICE -- -- -- --
|
|
||||||
IP_TOS -- -- -- 0
|
|
||||||
IP_TTL -- -- -- 64
|
|
||||||
TCP_NODELAY -- -- -- 0
|
|
||||||
.IP "\fB\-o\fR file" 4
|
|
||||||
.IX Item "-o file"
|
|
||||||
Append log messages to a file.
|
|
||||||
.IP "\fB\-C\fR cipherlist" 4
|
|
||||||
.IX Item "-C cipherlist"
|
|
||||||
Select permitted \s-1SSL\s0 ciphers
|
|
||||||
.Sp
|
|
||||||
A colon delimited list of the ciphers to allow in the \s-1SSL\s0 connection.
|
|
||||||
For example \s-1DES\-CBC3\-SHA:IDEA\-CBC\-MD5\s0
|
|
||||||
.IP "\fB\-c\fR" 4
|
|
||||||
.IX Item "-c"
|
|
||||||
client mode (remote service uses \s-1SSL\s0)
|
|
||||||
.Sp
|
|
||||||
default: server mode
|
|
||||||
.IP "\fB\-T\fR" 4
|
|
||||||
.IX Item "-T"
|
|
||||||
transparent proxy mode
|
|
||||||
.Sp
|
|
||||||
Re-write address to appear as if wrapped daemon is connecting from the
|
|
||||||
\&\s-1SSL\s0 client machine instead of the machine running stunnel. Available
|
|
||||||
only on some operating systems (Linux only, we believe) and then only
|
|
||||||
in server mode. Note that this option will not combine with proxy mode
|
|
||||||
(\-r) unless the client's default route to the target machine lies
|
|
||||||
through the host running stunnel, which cannot be localhost.
|
|
||||||
.IP "\fB\-p\fR pemfile" 4
|
|
||||||
.IX Item "-p pemfile"
|
|
||||||
private key and certificate chain \s-1PEM\s0 file name
|
|
||||||
.Sp
|
|
||||||
A \s-1PEM\s0 is always needed in server mode (by default located in
|
|
||||||
\fI/etc/stunnel/stunnel.pem\fR). Specifying this flag in client mode
|
|
||||||
will use this key and certificate chain as a client side certificate
|
|
||||||
chain. Using client side certs is optional. The certificates must be
|
|
||||||
in \s-1PEM\s0 format and must be sorted starting with the certificate
|
|
||||||
to the highest level (root \s-1CA\s0).
|
|
||||||
.IP "\fB\-v\fR level" 4
|
|
||||||
.IX Item "-v level"
|
|
||||||
verify peer certificate
|
|
||||||
.RS 4
|
|
||||||
.IP "\(bu" 8
|
|
||||||
level 1 \- verify peer certificate if present
|
|
||||||
.IP "\(bu" 8
|
|
||||||
level 2 \- verify peer certificate
|
|
||||||
.IP "\(bu" 8
|
|
||||||
level 3 \- verify peer with locally installed certificate
|
|
||||||
.IP "\(bu" 8
|
|
||||||
default \- no verify
|
|
||||||
.RE
|
|
||||||
.RS 4
|
|
||||||
.RE
|
|
||||||
.IP "\fB\-a\fR directory" 4
|
|
||||||
.IX Item "-a directory"
|
|
||||||
client certificate directory
|
|
||||||
.Sp
|
|
||||||
This is the directory in which stunnel will look for certificates when
|
|
||||||
using the \fI\-v\fR options. Note that the certificates in this directory
|
|
||||||
should be named \s-1XXXXXXXX\s0.0 where \s-1XXXXXXXX\s0 is the hash value of the
|
|
||||||
cert.
|
|
||||||
.IP "\fB\-A\fR certfile" 4
|
|
||||||
.IX Item "-A certfile"
|
|
||||||
Certificate Authority file
|
|
||||||
.Sp
|
|
||||||
This file contains multiple \s-1CA\s0 certificates, used with the \fI\-v\fR
|
|
||||||
options.
|
|
||||||
.IP "\fB\-t\fR timeout" 4
|
|
||||||
.IX Item "-t timeout"
|
|
||||||
session cache timeout
|
|
||||||
.Sp
|
|
||||||
default: 300 seconds.
|
|
||||||
.IP "\fB\-N\fR servicename" 4
|
|
||||||
.IX Item "-N servicename"
|
|
||||||
Service name to use for tcpwrappers. If not specified then a
|
|
||||||
tcpwrapper service name will be generated automatically for you. This
|
|
||||||
will also be used when auto-generating pid filenames.
|
|
||||||
.IP "\fB\-u\fR ident_username" 4
|
|
||||||
.IX Item "-u ident_username"
|
|
||||||
Use \s-1IDENT\s0 (\s-1RFC\s0 1413) username checking
|
|
||||||
.IP "\fB\-n\fR proto" 4
|
|
||||||
.IX Item "-n proto"
|
|
||||||
Negotiate \s-1SSL\s0 with specified protocol
|
|
||||||
.Sp
|
|
||||||
currently supported: smtp, pop3, nntp
|
|
||||||
.IP "\fB\-E\fR socket" 4
|
|
||||||
.IX Item "-E socket"
|
|
||||||
Entropy Gathering Daemon socket to use to feed OpenSSL random number
|
|
||||||
generator. (Available only if compiled with OpenSSL 0.9.5a or higher)
|
|
||||||
.IP "\fB\-R\fR filename" 4
|
|
||||||
.IX Item "-R filename"
|
|
||||||
File containing random input. The \s-1SSL\s0 library will use data from this
|
|
||||||
file first to seed the random number generator.
|
|
||||||
.IP "\fB\-W\fR" 4
|
|
||||||
.IX Item "-W"
|
|
||||||
Do not overwrite the random seed files with new random data.
|
|
||||||
.IP "\fB\-B\fR bytes" 4
|
|
||||||
.IX Item "-B bytes"
|
|
||||||
Number of bytes of data read from random seed files. With \s-1SSL\s0
|
|
||||||
versions less than 0.9.5a, also determines how many bytes of data are
|
|
||||||
considered sufficient to seed the \s-1PRNG\s0. More recent OpenSSL versions
|
|
||||||
have a builtin function to determine when sufficient randomness is
|
|
||||||
available.
|
|
||||||
.IP "\fB\-I\fR host" 4
|
|
||||||
.IX Item "-I host"
|
|
||||||
\&\s-1IP\s0 of the outgoing interface is used as source for remote connections.
|
|
||||||
Use this option to bind a static local \s-1IP\s0 address, instead.
|
|
||||||
.IP "\fB\-d\fR [host:]port" 4
|
|
||||||
.IX Item "-d [host:]port"
|
|
||||||
daemon mode
|
|
||||||
.Sp
|
|
||||||
Listen for connections on [host:]port. If no host specified, defaults
|
|
||||||
to all \s-1IP\s0 addresses for the local host.
|
|
||||||
.Sp
|
|
||||||
default: inetd mode
|
|
||||||
.IP "\fB\-f\fR" 4
|
|
||||||
.IX Item "-f"
|
|
||||||
foreground mode
|
|
||||||
.Sp
|
|
||||||
Stay in foreground (don't fork) and log to stderr instead of via
|
|
||||||
syslog (unless \-o is specified).
|
|
||||||
.Sp
|
|
||||||
default: background in daemon mode
|
|
||||||
.IP "\fB\-l\fR program [\-\- programname [arg1 arg2 arg3...] ]" 4
|
|
||||||
.IX Item "-l program [-- programname [arg1 arg2 arg3...] ]"
|
|
||||||
execute local inetd-type program.
|
|
||||||
.IP "\fB\-L\fR program [\-\- programname [arg1 arg2 arg3...] ]" 4
|
|
||||||
.IX Item "-L program [-- programname [arg1 arg2 arg3...] ]"
|
|
||||||
open local pty and execute program.
|
|
||||||
.IP "\fB\-s\fR username" 4
|
|
||||||
.IX Item "-s username"
|
|
||||||
\&\fIsetuid()\fR to username in daemon mode
|
|
||||||
.IP "\fB\-g\fR groupname" 4
|
|
||||||
.IX Item "-g groupname"
|
|
||||||
\&\fIsetgid()\fR to groupname in daemon mode. Clears all other groups.
|
|
||||||
.IP "\fB\-P\fR { file | '' }" 4
|
|
||||||
.IX Item "-P { file | '' }"
|
|
||||||
Pid file location
|
|
||||||
.Sp
|
|
||||||
If the argument is a filename, then that filename will be used for the
|
|
||||||
pid. If the argument is empty ('', not missing), then no pid file will
|
|
||||||
be created.
|
|
||||||
.IP "\fB\-r\fR [host:]port" 4
|
|
||||||
.IX Item "-r [host:]port"
|
|
||||||
connect to remote service
|
|
||||||
.Sp
|
|
||||||
If no host specified, defaults to localhost.
|
|
||||||
.SH "EXAMPLES"
|
|
||||||
.IX Header "EXAMPLES"
|
|
||||||
In order to provide \s-1SSL\s0 encapsulation to your local \fIimapd\fR service,
|
|
||||||
use
|
|
||||||
.PP
|
|
||||||
.Vb 1
|
|
||||||
\& stunnel \-d 993 \-l /usr/sbin/imapd \-\- imapd
|
|
||||||
.Ve
|
|
||||||
.PP
|
|
||||||
In order to let your local e-mail client connect to a \s-1SSL\s0-enabled
|
|
||||||
\fIimapd\fR service on another server, configure the e-mail client to connect to
|
|
||||||
localhost on port 119 and use:
|
|
||||||
.PP
|
|
||||||
.Vb 1
|
|
||||||
\& stunnel \-c \-d 143 \-r servername:993
|
|
||||||
.Ve
|
|
||||||
.PP
|
|
||||||
If you want to provide tunneling to your \fIpppd\fR daemon on port 2020,
|
|
||||||
use something like
|
|
||||||
.PP
|
|
||||||
.Vb 1
|
|
||||||
\& stunnel \-d 2020 \-L /usr/sbin/pppd \-\- pppd local
|
|
||||||
.Ve
|
|
||||||
.SH "ENVIRONMENT"
|
|
||||||
.IX Header "ENVIRONMENT"
|
|
||||||
If Stunnel is used to create local processes using the \fB\-l\fR or \fB\-L\fR
|
|
||||||
options, it will set the following environment variables
|
|
||||||
.IP "\s-1REMOTE_HOST\s0" 4
|
|
||||||
.IX Item "REMOTE_HOST"
|
|
||||||
The \s-1IP\s0 address of the remote end of the connection.
|
|
||||||
.IP "\s-1SSL_CLIENT_DN\s0" 4
|
|
||||||
.IX Item "SSL_CLIENT_DN"
|
|
||||||
The \s-1DN\s0 (Distinguished Name, aka subject name) of the peer certificate,
|
|
||||||
if a certificate was present and verified.
|
|
||||||
.IP "\s-1SSL_CLIENT_I_DN\s0" 4
|
|
||||||
.IX Item "SSL_CLIENT_I_DN"
|
|
||||||
The Issuer's \s-1DN\s0 of the peer's certificate, if a certificate was
|
|
||||||
present and verified.
|
|
||||||
.SH "CERTIFICATES"
|
|
||||||
.IX Header "CERTIFICATES"
|
|
||||||
.IP "\(bu" 4
|
|
||||||
Each \s-1SSL\s0 enabled daemon needs to present a valid X.509 certificate to
|
|
||||||
the peer. It also needs a private key to decrypt the incoming data.
|
|
||||||
The easiest way to obtain a certificate and a key is to generate them
|
|
||||||
with the free \fIopenssl\fR package. You can find more information on
|
|
||||||
certificates generation on pages listed below.
|
|
||||||
.Sp
|
|
||||||
Two things are important when generating certificate-key pairs for
|
|
||||||
\&\fBstunnel\fR. The private key cannot be encrypted, because the server
|
|
||||||
has no way to obtain the password from the user. To produce an
|
|
||||||
unencrypted key add the \fI\-nodes\fR option when running the \fBreq\fR
|
|
||||||
command from the \fIopenssl\fR kit.
|
|
||||||
.Sp
|
|
||||||
The order of contents of the \fI.pem\fR file is also important. It should
|
|
||||||
contain the unencrypted private key first, then a signed certificate
|
|
||||||
(not certificate request). There should be also empty lines after
|
|
||||||
certificate and private key. Plaintext certificate information
|
|
||||||
appended on the top of generated certificate should be discarded. So
|
|
||||||
the file should look like this:
|
|
||||||
.Sp
|
|
||||||
.Vb 8
|
|
||||||
\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
|
|
||||||
\& [encoded key]
|
|
||||||
\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
|
|
||||||
\& [empty line]
|
|
||||||
\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
|
|
||||||
\& [encoded certificate]
|
|
||||||
\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
|
|
||||||
\& [empty line]
|
|
||||||
.Ve
|
|
||||||
.SH "RANDOMNESS"
|
|
||||||
.IX Header "RANDOMNESS"
|
|
||||||
.IP "\(bu" 4
|
|
||||||
\&\fIstunnel\fR needs to seed the \s-1PRNG\s0 (pseudo random number generator) in
|
|
||||||
order for \s-1SSL\s0 to use good randomness. The following sources are
|
|
||||||
loaded in order until sufficient random data has been gathered:
|
|
||||||
.RS 4
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The file specified with the \fI\-R\fR flag.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The file specified by the \s-1RANDFILE\s0 environment variable, if set.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The file .rnd in your home directory, if \s-1RANDFILE\s0 not set.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The file specified with '\-\-with\-random' at compile time.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The contents of the screen if running on Windows.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The egd socket specified with the \fI\-E\fR flag.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The egd socket specified with '\-\-with\-egd\-sock' at compile time.
|
|
||||||
.IP "\(bu" 8
|
|
||||||
The /dev/urandom device.
|
|
||||||
.RE
|
|
||||||
.RS 4
|
|
||||||
.Sp
|
|
||||||
With recent (>=OpenSSL 0.9.5a) version of \s-1SSL\s0 it will stop loading
|
|
||||||
random data automatically when sufficient entropy has been gathered.
|
|
||||||
With previous versions it will continue to gather from all the above
|
|
||||||
sources since no \s-1SSL\s0 function exists to tell when enough data is
|
|
||||||
available.
|
|
||||||
.Sp
|
|
||||||
Note that on Windows machines that do not have console user
|
|
||||||
interaction (mouse movements, creating windows, etc) the screen
|
|
||||||
contents are not variable enough to be sufficient, and you should
|
|
||||||
provide a random file for use with the \fI\-R\fR flag.
|
|
||||||
.Sp
|
|
||||||
Note that the file specified with the \fI\-R\fR flag should contain random
|
|
||||||
data \*(-- that means it should contain different information each time
|
|
||||||
\&\fIstunnel\fR is run. This is handled automatically unless the \fI\-W\fR
|
|
||||||
flag is used. If you wish to update this file manually, the \fIopenssl
|
|
||||||
rand\fR command in recent versions of OpenSSL, would be useful.
|
|
||||||
.Sp
|
|
||||||
One important note \*(-- if /dev/urandom is available, OpenSSL has a
|
|
||||||
habit of seeding the \s-1PRNG\s0 with it even when checking the random state,
|
|
||||||
so on systems with /dev/urandom you're likely to use it even though
|
|
||||||
it's listed at the very bottom of the list above. This isn't
|
|
||||||
stunnel's behaviour, it's OpenSSLs.
|
|
||||||
.RE
|
|
||||||
.SH "LIMITATIONS"
|
|
||||||
.IX Header "LIMITATIONS"
|
|
||||||
.IP "\(bu" 4
|
|
||||||
\&\fIstunnel\fR cannot be used for the \s-1FTP\s0 daemon because of the nature of
|
|
||||||
the \s-1FTP\s0 protocol which utilizes multiple ports for data transfers.
|
|
||||||
There are available \s-1SSL\s0 enabled versions of \s-1FTP\s0 and telnet daemons,
|
|
||||||
however.
|
|
||||||
.SH "SEE ALSO"
|
|
||||||
.IX Header "SEE ALSO"
|
|
||||||
.RS 4
|
|
||||||
.IP "\fItcpd\fR\|(8)" 8
|
|
||||||
.IX Item "tcpd"
|
|
||||||
access control facility for internet services
|
|
||||||
.IP "\fIinetd\fR\|(8)" 8
|
|
||||||
.IX Item "inetd"
|
|
||||||
internet ``super\-server''
|
|
||||||
.IP "\fIhttps://www.stunnel.org/\fR" 8
|
|
||||||
.IX Item "https://www.stunnel.org/"
|
|
||||||
Stunnel homepage
|
|
||||||
.IP "\fIhttps://www.openssl.org/\fR" 8
|
|
||||||
.IX Item "https://www.openssl.org/"
|
|
||||||
OpenSSL project website
|
|
||||||
.RE
|
|
||||||
.RS 4
|
|
||||||
.RE
|
|
||||||
.SH "AUTHOR"
|
|
||||||
.IX Header "AUTHOR"
|
|
||||||
.RS 4
|
|
||||||
.IP "Michal Trojnara" 8
|
|
||||||
.IX Item "Michal Trojnara"
|
|
||||||
<\fIMichal.Trojnara@stunnel.org\fR>
|
|
||||||
.RE
|
|
||||||
.RS 4
|
|
||||||
.RE
|
|
9
debian/stunnel4.0stunnel4.ppp.ip-down
vendored
9
debian/stunnel4.0stunnel4.ppp.ip-down
vendored
@ -1,9 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# if this script gets called, we assume that the machine has lost
|
|
||||||
# IPv4 connectivity -> restart stunnel (do not stop it, it is possible
|
|
||||||
# to have a eth connection)
|
|
||||||
|
|
||||||
test -f /etc/default/stunnel4 && . /etc/default/stunnel4
|
|
||||||
test "$PPP_RESTART" != "0" || exit 0
|
|
||||||
|
|
||||||
invoke-rc.d stunnel4 restart
|
|
7
debian/stunnel4.0stunnel4.ppp.ip-up
vendored
7
debian/stunnel4.0stunnel4.ppp.ip-up
vendored
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
test -f /etc/default/stunnel4 && . /etc/default/stunnel4
|
|
||||||
test "$PPP_RESTART" != "0" || exit 0
|
|
||||||
|
|
||||||
|
|
||||||
invoke-rc.d stunnel4 restart
|
|
96
debian/stunnel4.NEWS
vendored
96
debian/stunnel4.NEWS
vendored
@ -1,96 +0,0 @@
|
|||||||
stunnel4 (3:5.06-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
There are two major changes in this version of stunnel.
|
|
||||||
|
|
||||||
First, the /usr/bin/stunnel symlink has been switched from stunnel3
|
|
||||||
to stunnel4. This should not affect any tools that invoke stunnel
|
|
||||||
using the stunnel4 name, and it should not affect any Debian packages
|
|
||||||
that use stunnel. However, any local tools that invoke stunnel with
|
|
||||||
3.x-style command-line options instead of a 4.x-style configuration
|
|
||||||
file should make sure that they use the stunnel3 executable name and
|
|
||||||
not simply stunnel any more, or they should be converted to use
|
|
||||||
a 4.x-style configuration file (there is no need to create an actual
|
|
||||||
file on the filesystem, the configuration may be passed to stunnel
|
|
||||||
on its standard input using the "-fd 0" command-line option).
|
|
||||||
|
|
||||||
Second, this version DISABLES support for the SSLv2 and SSLv3 protocols!
|
|
||||||
|
|
||||||
If needed, it may be re-enabled by editing the stunnel configuration
|
|
||||||
file and adding "-NO_SSLv2" or "-NO_SSLv3" respectively to
|
|
||||||
the "options" setting; see /etc/stunnel/README for an example.
|
|
||||||
|
|
||||||
-- Peter Pentchev <roam@ringlet.net> Thu, 16 Oct 2014 13:56:35 +0300
|
|
||||||
|
|
||||||
stunnel4 (3:5.01-3) unstable; urgency=medium
|
|
||||||
|
|
||||||
This version temporarily brings back the creation of a default pid
|
|
||||||
file, /var/run/stunnel4.pid, if there is no "pid" setting in
|
|
||||||
the configuration file. The reason for this is that the init script
|
|
||||||
cannot monitor the started stunnel processes if there is no pid file
|
|
||||||
at all.
|
|
||||||
|
|
||||||
The init script now warns about configuration files that have no
|
|
||||||
"pid" setting and will thus use the default pid file location.
|
|
||||||
In the future it will refuse to start with such configurations, so
|
|
||||||
it would be best to add the "pid" setting to all the *.conf files in
|
|
||||||
the /etc/stunnel/ directory.
|
|
||||||
|
|
||||||
-- Peter Pentchev <roam@ringlet.net> Fri, 18 Apr 2014 14:37:42 +0300
|
|
||||||
|
|
||||||
stunnel (3:5.01-2) unstable; urgency=medium
|
|
||||||
|
|
||||||
This version DISABLES the RLE compression method, too. This means
|
|
||||||
that stunnel currently has no compression methods available at all,
|
|
||||||
since the underlying OpenSSL library does not have any, either.
|
|
||||||
Tunnel configurations that explicitly set "compression" will NEED
|
|
||||||
to be modified.
|
|
||||||
|
|
||||||
-- Peter Pentchev <roam@ringlet.net> Mon, 14 Apr 2014 15:04:56 +0300
|
|
||||||
|
|
||||||
stunnel (3:5.01-1) unstable; urgency=medium
|
|
||||||
|
|
||||||
This version DISABLES the creation of the process ID file and
|
|
||||||
the use of TCP wrappers for access control by default!
|
|
||||||
|
|
||||||
Tunnel configurations that use PID files (e.g. for monitoring) or
|
|
||||||
TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) will NEED to be
|
|
||||||
modified to explicitly specify the 'pidfile' global option or
|
|
||||||
the 'libwrap' service-level option respectively.
|
|
||||||
|
|
||||||
This version also DISABLES the "zlib" and "deflate" compression
|
|
||||||
algorithms because they are not supported in the Debian OpenSSL
|
|
||||||
package since version 1.0.1e-5. The only supported compression
|
|
||||||
algorithm is "rle". Tunnel configurations that explicitly set
|
|
||||||
"compression" to something other than "rle" will NEED to be modified.
|
|
||||||
|
|
||||||
-- Peter Pentchev <roam@ringlet.net> Tue, 25 Mar 2014 18:05:11 +0200
|
|
||||||
|
|
||||||
stunnel (3:4.33-1) experimental; urgency=low
|
|
||||||
|
|
||||||
This version introduces support for reloading the configuration file
|
|
||||||
and for closing/reopening log files. The init script has been
|
|
||||||
updated to provide these options, and the default logrotate
|
|
||||||
configuration has been updated to take advantage of them.
|
|
||||||
|
|
||||||
|
|
||||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 04 Feb 2010 19:52:23 -0800
|
|
||||||
|
|
||||||
stunnel (3:4.28-1) unstable; urgency=low
|
|
||||||
|
|
||||||
The default behaviour of the logrotate configuration for stunnel4
|
|
||||||
has been changed. Instead of restarting stunnel after rotating the
|
|
||||||
log files we now use the 'copytruncate' keyword. This avoids the
|
|
||||||
problems associated with the restart, but introduces the possibility
|
|
||||||
of loosing small amounts of log data. Please see Debian bugs
|
|
||||||
#535915, #535924 and #323171 for more info.
|
|
||||||
|
|
||||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 25 Nov 2009 17:12:42 -0800
|
|
||||||
|
|
||||||
stunnel (2:4.140-5) unstable; urgency=low
|
|
||||||
|
|
||||||
stunnel/stunnel4 binaries are located in /usr/bin instead of
|
|
||||||
/usr/sbin in order to be FHS compliant (they can be used by normal
|
|
||||||
user). You need to update your scripts to refer to this new location
|
|
||||||
|
|
||||||
-- Julien Lemoine <speedblue@debian.org> Sun, 19 Feb 2006 17:31:24 +0100
|
|
||||||
|
|
13
debian/stunnel4.conf.README
vendored
13
debian/stunnel4.conf.README
vendored
@ -1,13 +0,0 @@
|
|||||||
Stunnel 4 configuration files.
|
|
||||||
|
|
||||||
Files found under the /etc/stunnel directory that end with .conf are
|
|
||||||
used by the stunnel4 service as configuration files, and each will be
|
|
||||||
used to start a daemon process setting up a tunnel with the given
|
|
||||||
configuration. Note that this directory is initially empty, as the
|
|
||||||
settings you may want for your tunnels are completely system dependent.
|
|
||||||
|
|
||||||
In order to have the tunnels start up automatically on system boot you
|
|
||||||
must *also* set ENABLED to 1 in /etc/default/stunnel4
|
|
||||||
|
|
||||||
A sample configuration file with defaults may be found at
|
|
||||||
/usr/share/doc/stunnel4/examples/stunnel.conf-sample
|
|
18
debian/stunnel4.default
vendored
18
debian/stunnel4.default
vendored
@ -1,18 +0,0 @@
|
|||||||
# /etc/default/stunnel
|
|
||||||
# Julien LEMOINE <speedblue@debian.org>
|
|
||||||
# September 2003
|
|
||||||
|
|
||||||
# Change to one to enable stunnel automatic startup
|
|
||||||
ENABLED=0
|
|
||||||
FILES="/etc/stunnel/*.conf"
|
|
||||||
OPTIONS=""
|
|
||||||
|
|
||||||
# Change to one to enable ppp restart scripts
|
|
||||||
PPP_RESTART=0
|
|
||||||
|
|
||||||
# Change to enable the setting of limits on the stunnel instances
|
|
||||||
# For example, to set a large limit on file descriptors (to enable
|
|
||||||
# more simultaneous client connections), set RLIMITS="-n 4096"
|
|
||||||
# More than one resource limit may be modified at the same time,
|
|
||||||
# e.g. RLIMITS="-n 4096 -d unlimited"
|
|
||||||
RLIMITS=""
|
|
6
debian/stunnel4.examples
vendored
6
debian/stunnel4.examples
vendored
@ -1,6 +0,0 @@
|
|||||||
tools/ca.html
|
|
||||||
tools/ca.pl
|
|
||||||
tools/importCA.html
|
|
||||||
tools/importCA.sh
|
|
||||||
tools/openssl.cnf
|
|
||||||
tools/stunnel.conf-sample
|
|
1
debian/stunnel4.install
vendored
1
debian/stunnel4.install
vendored
@ -1 +0,0 @@
|
|||||||
debian/StunnelConf-0.1.pl usr/share/doc/stunnel4/contrib
|
|
2
debian/stunnel4.links
vendored
2
debian/stunnel4.links
vendored
@ -1,2 +0,0 @@
|
|||||||
/usr/bin/stunnel4 /usr/bin/stunnel
|
|
||||||
/usr/share/man/man8/stunnel4.8.gz /usr/share/man/man8/stunnel.8.gz
|
|
5
debian/stunnel4.lintian-overrides
vendored
5
debian/stunnel4.lintian-overrides
vendored
@ -1,5 +0,0 @@
|
|||||||
# No character arrays anywhere in this .so
|
|
||||||
stunnel4: hardening-no-stackprotector usr/lib/stunnel/libstunnel.so
|
|
||||||
|
|
||||||
# Not a typo at all.
|
|
||||||
stunnel4: spelling-error-in-manpage usr/share/man/man8/stunnel4.8.gz CAs Case
|
|
13
debian/stunnel4.logrotate
vendored
13
debian/stunnel4.logrotate
vendored
@ -1,13 +0,0 @@
|
|||||||
/var/log/stunnel4/*.log {
|
|
||||||
daily
|
|
||||||
missingok
|
|
||||||
rotate 365
|
|
||||||
compress
|
|
||||||
delaycompress
|
|
||||||
notifempty
|
|
||||||
create 640 stunnel4 stunnel4
|
|
||||||
sharedscripts
|
|
||||||
postrotate
|
|
||||||
/etc/init.d/stunnel4 reopen-logs > /dev/null
|
|
||||||
endscript
|
|
||||||
}
|
|
3
debian/stunnel4.manpages
vendored
3
debian/stunnel4.manpages
vendored
@ -1,3 +0,0 @@
|
|||||||
doc/stunnel4.8
|
|
||||||
doc/stunnel4.pl.8
|
|
||||||
debian/stunnel3.8
|
|
21
debian/tests/certs/certificate.pem
vendored
21
debian/tests/certs/certificate.pem
vendored
@ -1,21 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDfDCCAmSgAwIBAgIJAPFcHvXjRYbZMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
|
|
||||||
BAYTAkJHMQ4wDAYDVQQIDAVTb2ZpYTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoM
|
|
||||||
B1JpbmdsZXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzA2MTIyMzAzMjdaFw0y
|
|
||||||
NzA2MTAyMzAzMjdaMFMxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2ZpYTEOMAwG
|
|
||||||
A1UEBwwFU29maWExEDAOBgNVBAoMB1JpbmdsZXQxEjAQBgNVBAMMCWxvY2FsaG9z
|
|
||||||
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp0QYS6IZ1To2h68NcZ
|
|
||||||
zmnAQfzodFcD7Lhp2CcDOBXRrKfPq1NUqUXMGvcHcPbmT84W2OGGfh11MKvksuof
|
|
||||||
4+juU4+1uujPJoOmREi7WjVzEVWUftvFUqeTigFz96EMsVui4UbTUxX6ACIsXXwg
|
|
||||||
v1b/rpyVZJvTucKsyP5ml5OXaPFe5mXUQtdaJsjpV4ikq4O9vcYdMt0Y8IVbxpCO
|
|
||||||
5CryW3KUHzBUS7uqO2nbLXZBOkJHCgxDawAlTeDRW/uJOl7nnSUgo0HiojG4qhY6
|
|
||||||
spYmQ9ijtj1vX5H2tsf97rZCbU5JMFqX8XcJgTWKTYHlxkBYbB6QkPyhiOXDo/M/
|
|
||||||
oJ8CAwEAAaNTMFEwHQYDVR0OBBYEFPwfXq4qd8stmvstPC3QdFL716XRMB8GA1Ud
|
|
||||||
IwQYMBaAFPwfXq4qd8stmvstPC3QdFL716XRMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
|
||||||
KoZIhvcNAQELBQADggEBADkuMAUB2Uyx23oN9ZxZsAWOdJoSUIWs4qxc5eQ/qjj7
|
|
||||||
64zm62ZaVc8F6AyMYxHZvOKxvN/Pg19dSZelvTpgSqXLbirstRgsBCIXO2q6UYo2
|
|
||||||
BUpZovZ4DOll+sAbmrZJRDiVO1XeCqqjr0v0I7NfJ5r31K1tfaZxGovUdC+M3xJ6
|
|
||||||
yRrFWfF+EdlvVRFQt97mZXtcTDFWk7+CT6fgfLnCxTuMcSNtzM60FCBS5wz0MPSA
|
|
||||||
BGje1qXUMzwN2T0aDyxWNRdvFGMHC8Z23EOa3roK+NybS2PVAu7MpxDTBZdHSGtG
|
|
||||||
5wqY6fq5kww8OI9AlPNYVtqXrFrF6Lj5m/jhUHcAIUU=
|
|
||||||
-----END CERTIFICATE-----
|
|
28
debian/tests/certs/key.pem
vendored
28
debian/tests/certs/key.pem
vendored
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKdEGEuiGdU6No
|
|
||||||
evDXGc5pwEH86HRXA+y4adgnAzgV0aynz6tTVKlFzBr3B3D25k/OFtjhhn4ddTCr
|
|
||||||
5LLqH+Po7lOPtbrozyaDpkRIu1o1cxFVlH7bxVKnk4oBc/ehDLFbouFG01MV+gAi
|
|
||||||
LF18IL9W/66clWSb07nCrMj+ZpeTl2jxXuZl1ELXWibI6VeIpKuDvb3GHTLdGPCF
|
|
||||||
W8aQjuQq8ltylB8wVEu7qjtp2y12QTpCRwoMQ2sAJU3g0Vv7iTpe550lIKNB4qIx
|
|
||||||
uKoWOrKWJkPYo7Y9b1+R9rbH/e62Qm1OSTBal/F3CYE1ik2B5cZAWGwekJD8oYjl
|
|
||||||
w6PzP6CfAgMBAAECggEAf+TrUuamv5WLoEAyDyCdVg7/YL6UaDfxfhpXU2XkM1xu
|
|
||||||
vuAg8haEjLRAwJdx1HdwKNgkEGx/FSroIV7ra53Tw11zalC6j8H1KauKbYv1k9hq
|
|
||||||
Ne8GKN3Btl0tDHfvEk1LaYE+4Rg036g8F1qBgB3L4jDJZN+3W/1n10SCALxcuv4G
|
|
||||||
XMJOcrhW3KBlEJpIBhz+ROPeiZX8VwB2iK7jg0Bebh7XuNFCFOiFqq6UfFRNeGBi
|
|
||||||
Ca9rZdUP0YmxNPEXzGu1TEv1edX0Nf3jRKERQrZ3Sg6ogPcqQSQ1VP052Hc0Tqpl
|
|
||||||
akrRrVMfbbQQIMc9JrxJmXb7/OHeS1R50Ci5x7weoQKBgQDwYSGSypJl6lWpgrm6
|
|
||||||
5HuIem0AK9gmOAyiR0UdjMwVybeHhcldK8ABFcsdUt7v84+kCKkRhEX//QWjowMF
|
|
||||||
0OJ2i7Y1VbdyNd7exPW5zmYAiBX+oR3JKMekjPRCUamg5P2fSrVqDHvz7WU7hoQb
|
|
||||||
0jcIu8kwtPjw5uz13OWWbmEjTwKBgQDXnDZ0nQoXUO8VkNYaWQzukIcKdB71v2DZ
|
|
||||||
KiaJvPFjTGPUwwd/kEcU7/wMet4UKff4XjOaX+f2tFZm+vrYs6RfqnLlRFlkhKJZ
|
|
||||||
HColltm8KV6w+LnwkPUuY4HnDJepU6eBC2wtGPU1n1YXCwgDL+MTIpLFuveQ9w/N
|
|
||||||
wTRP3USZsQKBgDy9Tm55IWT/QYYDskq3UT+7L6/LZGLD5u1adOxyl18qCWYFOEyC
|
|
||||||
sZGUoC5YslyPfsxEI/R5J/b3SGWA21Ks5Yxu4Su47RG+6wH/YtgAf2XC/UvKCmy6
|
|
||||||
EThTJaVcXTB6rFuD1TNm1Cte4SWZZ+hfxeg/CydzkzPMJjQ6DQll+sWhAoGBAKJj
|
|
||||||
tV//JyqIeonznE4b4/GKSStGaksM6RSm+n+jHut7DXWhrnQVZnQOi/eaUsk9Etat
|
|
||||||
nJAYy8yz5p+JSIUOSC8FYaPr5qgefWhAHj5Rb4yYXAlOTD0z8HYP3Db49QFDUFWR
|
|
||||||
FNiig4zvhRe150L/PjebQpBKUUuNyQlfCtdb/98BAoGARMZNl+0FEzw714ataoWk
|
|
||||||
1IPoe7oIzaoYTqPcpQT0AGOdfYRS3ffJFe2Foa0K7MVyxNA/OjyheYVtD2IgmoTv
|
|
||||||
WkRr6xM4nphza595yB5q+psKwOdQvP5XsyiJOXDixzn+yFIqrdQlmBNZHT1z/jwr
|
|
||||||
oBRWtTVO2aX5pBUjvBu3eQ0=
|
|
||||||
-----END PRIVATE KEY-----
|
|
6
debian/tests/control
vendored
6
debian/tests/control
vendored
@ -1,6 +0,0 @@
|
|||||||
Test-Command: env TEST_STUNNEL=/usr/bin/stunnel4 debian/tests/runtime
|
|
||||||
Depends: @, perl, libanyevent-perl, libnet-ssleay-perl, libpath-tiny-perl
|
|
||||||
Restrictions: allow-stderr
|
|
||||||
|
|
||||||
Test-Command: debian/tests/upstream
|
|
||||||
Depends: @, netcat-traditional
|
|
647
debian/tests/runtime
vendored
647
debian/tests/runtime
vendored
@ -1,647 +0,0 @@
|
|||||||
#!/usr/bin/perl
|
|
||||||
|
|
||||||
use v5.14;
|
|
||||||
use strict;
|
|
||||||
use warnings;
|
|
||||||
|
|
||||||
use AnyEvent;
|
|
||||||
use AnyEvent::Handle;
|
|
||||||
use AnyEvent::Socket qw(tcp_connect tcp_server);
|
|
||||||
use AnyEvent::Util qw(portable_socketpair);
|
|
||||||
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
|
|
||||||
use IO::Handle;
|
|
||||||
use Path::Tiny 0.097;
|
|
||||||
use POSIX qw(WNOHANG);
|
|
||||||
use Socket;
|
|
||||||
|
|
||||||
# AnyEvent's TLS support seems to require this...
|
|
||||||
use threads;
|
|
||||||
|
|
||||||
my %children;
|
|
||||||
my $child_reaper_w;
|
|
||||||
|
|
||||||
my $greeting = 'Well hello there!';
|
|
||||||
|
|
||||||
sub reap_leftover_children();
|
|
||||||
sub child_reaper();
|
|
||||||
|
|
||||||
sub register_child_reaper()
|
|
||||||
{
|
|
||||||
$child_reaper_w = AnyEvent->signal(
|
|
||||||
signal => 'CHLD',
|
|
||||||
cb => \&child_reaper,
|
|
||||||
);
|
|
||||||
$SIG{__DIE__} = sub {
|
|
||||||
my ($msg) = @_;
|
|
||||||
warn "__DIE__ handler invoked: ".($msg =~ s/[\r\n]*$//sr)."\n";
|
|
||||||
reap_leftover_children;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
sub unregister_child_reaper()
|
|
||||||
{
|
|
||||||
undef $child_reaper_w;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub child_reaper()
|
|
||||||
{
|
|
||||||
while (1) {
|
|
||||||
my $pid = waitpid -1, WNOHANG;
|
|
||||||
my $status = $?;
|
|
||||||
|
|
||||||
if (!defined $pid) {
|
|
||||||
die "Could not waitpid() in a SIGCHLD handler: $!\n";
|
|
||||||
} elsif ($pid == 0 || $pid == -1) {
|
|
||||||
last;
|
|
||||||
} else {
|
|
||||||
$children{$pid}{cv} //= AnyEvent->condvar;
|
|
||||||
$children{$pid}{cv}->send($status);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub register_child($ $)
|
|
||||||
{
|
|
||||||
my ($pid, $desc) = @_;
|
|
||||||
|
|
||||||
# Weird, but we want it to be at least reasonably atomic-like
|
|
||||||
$children{$pid}{cv} //= AnyEvent->condvar;
|
|
||||||
|
|
||||||
my $ch = $children{$pid};
|
|
||||||
$ch->{pid} = $pid;
|
|
||||||
$ch->{desc} = $desc;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub dump_children()
|
|
||||||
{
|
|
||||||
join '', map {
|
|
||||||
my $ch = $children{$_};
|
|
||||||
|
|
||||||
"\t$ch->{pid}\t".
|
|
||||||
($ch->{cv}->ready
|
|
||||||
? $ch->{cv}->recv
|
|
||||||
: '(none)'
|
|
||||||
).
|
|
||||||
"\t$ch->{desc}\n"
|
|
||||||
} sort { $a <=> $b } keys %children
|
|
||||||
}
|
|
||||||
|
|
||||||
sub wait_for_child($)
|
|
||||||
{
|
|
||||||
my ($pid) = @_;
|
|
||||||
|
|
||||||
if (!defined $children{$pid}) {
|
|
||||||
die "Internal error: wait_for_child() invoked for ".
|
|
||||||
"unregistered pid $pid\n".dump_children;
|
|
||||||
}
|
|
||||||
my $status = $children{$pid}{cv}->recv;
|
|
||||||
delete $children{$pid};
|
|
||||||
return $status;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub reap_leftover_children()
|
|
||||||
{
|
|
||||||
say 'Oof, let us see if there are any children left';
|
|
||||||
if (!%children) {
|
|
||||||
say 'Everyone has been accounted for; great!';
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
for my $pid (keys %children) {
|
|
||||||
my $ch = $children{$pid};
|
|
||||||
if ($ch->{cv}->ready) {
|
|
||||||
my $status = wait_for_child $pid;
|
|
||||||
say "Hm, child $pid seems to have finished already, status $status";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!%children) {
|
|
||||||
say 'Everyone has actually been accounted for; great!';
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
for my $pid (keys %children) {
|
|
||||||
say "Pffth, sending a SIGKILL to $pid";
|
|
||||||
kill 'KILL', $pid;
|
|
||||||
}
|
|
||||||
for my $pid (keys %children) {
|
|
||||||
my $ch = $children{$pid};
|
|
||||||
if ($ch->{cv}->ready) {
|
|
||||||
wait_for_child $pid;
|
|
||||||
say "OK, $pid done";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# Bah, figure out some way to let the loop run even if we're within the loop...
|
|
||||||
if (%children) {
|
|
||||||
say 'Some children remaining, laying low for a second...';
|
|
||||||
sleep 1;
|
|
||||||
for my $pid (keys %children) {
|
|
||||||
say "- waiting for $pid ($children{$pid}{desc})";
|
|
||||||
wait_for_child $pid;
|
|
||||||
say "- OK, $pid done";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (%children) {
|
|
||||||
say 'Something really weird happened, why are there still children around?';
|
|
||||||
say dump_children;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub close_on_exec($ $)
|
|
||||||
{
|
|
||||||
my ($fh, $close) = @_;
|
|
||||||
|
|
||||||
my $flags = fcntl $fh, F_GETFD, 0 or
|
|
||||||
die "Could not obtain a file descriptor's flags: $!\n";
|
|
||||||
my $nflags = $close
|
|
||||||
? ($flags | FD_CLOEXEC)
|
|
||||||
: ($flags & ~FD_CLOEXEC);
|
|
||||||
fcntl $fh, F_SETFD, $nflags or
|
|
||||||
die "Could not set a file descriptor's flags: $!\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
sub anyevent_socketpair($)
|
|
||||||
{
|
|
||||||
my ($name) = @_;
|
|
||||||
my ($fh1, $fh2) = portable_socketpair;
|
|
||||||
if (!defined $fh1) {
|
|
||||||
die "Could not create the $name socketpair: $!\n";
|
|
||||||
}
|
|
||||||
$fh1->autoflush(1);
|
|
||||||
$fh2->autoflush(1);
|
|
||||||
return (AnyEvent::Handle->new(fh => $fh1), AnyEvent::Handle->new(fh => $fh2));
|
|
||||||
}
|
|
||||||
|
|
||||||
sub find_listening_port($ $ $ $ $)
|
|
||||||
{
|
|
||||||
my ($address, $port_start, $step, $count, $cb) = @_;
|
|
||||||
|
|
||||||
my $res;
|
|
||||||
my $port = $port_start;
|
|
||||||
for (1..$count) {
|
|
||||||
eval {
|
|
||||||
$res = tcp_server $address, $port, $cb;
|
|
||||||
};
|
|
||||||
last if $res;
|
|
||||||
say "Could not listen on $address:$port: $@";
|
|
||||||
$port += $step;
|
|
||||||
}
|
|
||||||
if (!defined $res) {
|
|
||||||
die "Could not find a listening port on $address\n";
|
|
||||||
}
|
|
||||||
return ($port, $res);
|
|
||||||
}
|
|
||||||
|
|
||||||
my %conns;
|
|
||||||
|
|
||||||
sub register_client_connection($)
|
|
||||||
{
|
|
||||||
my ($fh) = @_;
|
|
||||||
|
|
||||||
my $sockaddr = getsockname $fh;
|
|
||||||
if (!defined $sockaddr) {
|
|
||||||
die "Could not obtain the local address of the just-connected socket: $!\n";
|
|
||||||
}
|
|
||||||
my ($port, $addr_num) = sockaddr_in $sockaddr;
|
|
||||||
if (!defined $port || !defined $addr_num) {
|
|
||||||
die "Could not decode the address and port from a sockaddr_in structure: $!\n";
|
|
||||||
}
|
|
||||||
my $addr = inet_ntoa $addr_num;
|
|
||||||
if (!defined $addr) {
|
|
||||||
die "Could not decode a numeric address: $!\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
my $id = "$addr:$port";
|
|
||||||
$conns{$id}{cv} //= AnyEvent->condvar;
|
|
||||||
$conns{$id}{fh} //= $fh;
|
|
||||||
return $id;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub await_client_connection($ $; $)
|
|
||||||
{
|
|
||||||
my ($lis_main, $cv, $skip_register) = @_;
|
|
||||||
|
|
||||||
my $die = sub {
|
|
||||||
warn "@_";
|
|
||||||
$cv->send(undef);
|
|
||||||
};
|
|
||||||
|
|
||||||
$lis_main->rtimeout(10);
|
|
||||||
$lis_main->on_rtimeout(sub { $die->("The listener's accept message timed out\n") });
|
|
||||||
$lis_main->push_read(line => sub {
|
|
||||||
my ($handle, $line) = @_;
|
|
||||||
|
|
||||||
if ($line !~ m{^ accept \s+ (?<id> \S+ ) $}x) {
|
|
||||||
return $die->("The accept server did not send an 'accept' message: $line\n");
|
|
||||||
}
|
|
||||||
my ($id) = $+{id};
|
|
||||||
$conns{$id}{cv} //= AnyEvent->condvar unless $skip_register;
|
|
||||||
|
|
||||||
$lis_main->rtimeout(10);
|
|
||||||
$lis_main->on_rtimeout(sub { $die->("The listener's close message timed out\n") });
|
|
||||||
$lis_main->push_read(line => sub {
|
|
||||||
my ($handle, $line) = @_;
|
|
||||||
|
|
||||||
if ($line !~ m{^ close \s+ (?<id> \S+ ) $}x) {
|
|
||||||
return $die->("The accept server did not send an 'close' message: $line\n");
|
|
||||||
}
|
|
||||||
my ($cid) = $+{id};
|
|
||||||
if ($cid ne $id) {
|
|
||||||
return $die->("The accept server's 'close' message had id '$cid' instead of the accepted one '$id'\n");
|
|
||||||
}
|
|
||||||
$lis_main->rtimeout(0);
|
|
||||||
$cv->send($id);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
sub adopt_client_connection($ $)
|
|
||||||
{
|
|
||||||
my ($id, $opts) = @_;
|
|
||||||
|
|
||||||
my $w;
|
|
||||||
my $do_close = sub {
|
|
||||||
my ($err) = @_;
|
|
||||||
$w->push_shutdown;
|
|
||||||
$w->destroy;
|
|
||||||
undef $w;
|
|
||||||
undef $conns{$id}{handle};
|
|
||||||
#close $conns{$id}{fh};
|
|
||||||
if (defined $err) {
|
|
||||||
warn "$err\n";
|
|
||||||
$conns{$id}{cv}->send(undef);
|
|
||||||
} else {
|
|
||||||
$conns{$id}{cv}->send(1);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
$w = AnyEvent::Handle->new(
|
|
||||||
fh => $conns{$id}{fh},
|
|
||||||
|
|
||||||
%{$opts}, # TLS or something?
|
|
||||||
|
|
||||||
on_error => sub {
|
|
||||||
my ($handle, $fatal, $message) = @_;
|
|
||||||
|
|
||||||
if (!$fatal) {
|
|
||||||
warn "A non-fatal error occurred reading from the $id connection: $message\n";
|
|
||||||
} else {
|
|
||||||
$do_close->("A fatal error occurred reading from the $id connection: $message");
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
rtimeout => 10,
|
|
||||||
on_rtimeout => sub {
|
|
||||||
$do_close->("Reading from the $id connection timed out");
|
|
||||||
},
|
|
||||||
);
|
|
||||||
|
|
||||||
$w->push_read(line => sub {
|
|
||||||
my ($handle, $line) = @_;
|
|
||||||
$w->rtimeout(0);
|
|
||||||
if ($line ne $greeting) {
|
|
||||||
$do_close->("The $id connection sent us a line that was not the greeting: expected '$greeting', got '$line'");
|
|
||||||
} else {
|
|
||||||
$do_close->(undef);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
$conns{$id}{handle} = $w;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub client_connect($ $ $)
|
|
||||||
{
|
|
||||||
my ($address, $port, $cv) = @_;
|
|
||||||
|
|
||||||
return tcp_connect $address, $port, sub {
|
|
||||||
my ($fh) = @_;
|
|
||||||
if (!defined $fh) {
|
|
||||||
die "Could not connect to the cleartext listening socket on $address:$port: $!\n";
|
|
||||||
}
|
|
||||||
my $id = register_client_connection $fh;
|
|
||||||
say "Connected to $address:$port, local $id";
|
|
||||||
$cv->send($id);
|
|
||||||
|
|
||||||
adopt_client_connection($id, {});
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
MAIN:
|
|
||||||
{
|
|
||||||
my $stunnel = $ENV{TEST_STUNNEL} // 'stunnel4';
|
|
||||||
my $test_done = AnyEvent->condvar;
|
|
||||||
|
|
||||||
my ($certsdir, $certfile, $keyfile);
|
|
||||||
for my $name (qw(certs debian/tests/certs)) {
|
|
||||||
my $dir = path($name);
|
|
||||||
if (-d $dir) {
|
|
||||||
$certfile = $dir->child('certificate.pem');
|
|
||||||
$keyfile = $dir->child('key.pem');
|
|
||||||
if (-f $certfile && -f $keyfile) {
|
|
||||||
$certsdir = path($dir);
|
|
||||||
last;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
die "Could not locate the test certificates directory\n" unless defined $certsdir;
|
|
||||||
say "Found the certificate at $certfile and the private key at $keyfile";
|
|
||||||
|
|
||||||
my $tempdir = Path::Tiny->tempdir;
|
|
||||||
say "Using the $tempdir temporary directory";
|
|
||||||
|
|
||||||
register_child_reaper;
|
|
||||||
|
|
||||||
{
|
|
||||||
say 'About to get the stunnel version information';
|
|
||||||
pipe my $s_in, my $s_out or die "Could not create an fd pair: $!\n";
|
|
||||||
close_on_exec $s_in, 0;
|
|
||||||
close_on_exec $s_out, 0;
|
|
||||||
|
|
||||||
my $pid = fork;
|
|
||||||
if (!defined $pid) {
|
|
||||||
die "Could not fork for stunnel: $!\n";
|
|
||||||
} elsif ($pid == 0) {
|
|
||||||
open STDERR, '>&', $s_out or
|
|
||||||
die "Could not reopen stderr in the child process: $!\n";
|
|
||||||
close STDIN or
|
|
||||||
die "Could not close stdin in the child process: $!\n";
|
|
||||||
close STDOUT or
|
|
||||||
die "Could not close stdout in the child process: $!\n";
|
|
||||||
close $s_in or
|
|
||||||
die "Could not close the reader fd in the child process: $!\n";
|
|
||||||
|
|
||||||
exec $stunnel, '-version';
|
|
||||||
die "Could not execute '$stunnel': $!\n";
|
|
||||||
}
|
|
||||||
register_child $pid, "$stunnel -version";
|
|
||||||
close $s_out or
|
|
||||||
die "Could not close the writer fd in the parent process: $!\n";
|
|
||||||
|
|
||||||
my ($got_version, $before_version) = (undef, '');
|
|
||||||
my $eof = AnyEvent->condvar;
|
|
||||||
my $f_out = AnyEvent->io(
|
|
||||||
fh => $s_in,
|
|
||||||
poll => 'r',
|
|
||||||
cb => sub {
|
|
||||||
my $line = <$s_in>;
|
|
||||||
|
|
||||||
if (!defined $line) {
|
|
||||||
$eof->send($got_version);
|
|
||||||
} elsif (!$got_version) {
|
|
||||||
if ($line =~ m{^
|
|
||||||
stunnel \s+
|
|
||||||
(?<version> \d+ \. \S+)
|
|
||||||
\s+ on \s+
|
|
||||||
}x) {
|
|
||||||
$got_version = $+{version};
|
|
||||||
} else {
|
|
||||||
$before_version .= $line;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
$eof->recv;
|
|
||||||
|
|
||||||
if ($before_version ne '') {
|
|
||||||
warn "stunnel produced output before the version number:\n$before_version\n";
|
|
||||||
}
|
|
||||||
if (!defined $got_version) {
|
|
||||||
die "Could not get the stunnel version number\n";
|
|
||||||
}
|
|
||||||
say "Got stunnel version $got_version";
|
|
||||||
|
|
||||||
my $status = wait_for_child $pid;
|
|
||||||
if ($status != 0) {
|
|
||||||
die "stunnel -version did not exit successfully, status $status\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
my ($lis_listener, $lis_main) = anyevent_socketpair 'listener';
|
|
||||||
my $listen_address = '127.0.0.1';
|
|
||||||
my %listen_clear_conns;
|
|
||||||
my ($listen_clear_port, $listen_clear) = find_listening_port $listen_address, 6502, 200, 100, sub {
|
|
||||||
my ($fh, $host, $port) = @_;
|
|
||||||
my $id = "$host:$port";
|
|
||||||
|
|
||||||
say "Accepted a connection from $id";
|
|
||||||
$lis_listener->push_write("accept $id\n");
|
|
||||||
my $w;
|
|
||||||
my $do_close = sub {
|
|
||||||
$w->destroy;
|
|
||||||
delete $listen_clear_conns{$id};
|
|
||||||
};
|
|
||||||
$w = AnyEvent::Handle->new(
|
|
||||||
fh => $fh,
|
|
||||||
|
|
||||||
on_error => sub {
|
|
||||||
my ($handle, $fatal, $message) = @_;
|
|
||||||
|
|
||||||
warn "A ".($fatal ? 'fatal' : 'non-fatal').
|
|
||||||
"error occurred writing to the $id connection: $message\n";
|
|
||||||
$do_close->();
|
|
||||||
},
|
|
||||||
|
|
||||||
timeout => 10,
|
|
||||||
on_timeout => sub {
|
|
||||||
my ($handle) = @_;
|
|
||||||
|
|
||||||
warn "Writing to the $id connection timed out\n";
|
|
||||||
$do_close->();
|
|
||||||
},
|
|
||||||
|
|
||||||
on_read => sub {
|
|
||||||
my ($handle) = @_;
|
|
||||||
|
|
||||||
warn "The $id connection sent data to the server?!\n";
|
|
||||||
$do_close->();
|
|
||||||
},
|
|
||||||
|
|
||||||
on_eof => sub {
|
|
||||||
my ($handle) = @_;
|
|
||||||
|
|
||||||
say "Got an eof from $id, all seems well";
|
|
||||||
$do_close->();
|
|
||||||
$lis_listener->push_write("close $id\n");
|
|
||||||
},
|
|
||||||
);
|
|
||||||
$w->push_write("$greeting\n");
|
|
||||||
$w->push_shutdown;
|
|
||||||
$listen_clear_conns{$id} = $w;
|
|
||||||
};
|
|
||||||
say "Listening for cleartext connections on $listen_address:$listen_clear_port";
|
|
||||||
|
|
||||||
{
|
|
||||||
my $listener_test_id_cv = AnyEvent->condvar;
|
|
||||||
my $check_listen_clear = client_connect $listen_address, $listen_clear_port, $listener_test_id_cv;
|
|
||||||
my $id = $listener_test_id_cv->recv;
|
|
||||||
if (!defined $id) {
|
|
||||||
die "Could not connect to the cleartext server\n";
|
|
||||||
}
|
|
||||||
say "Got a local connection id $id";
|
|
||||||
my $listener_test_done = AnyEvent->condvar;
|
|
||||||
await_client_connection $lis_main, $listener_test_done;
|
|
||||||
say 'Waiting for the server to acknowledge a completed client connection';
|
|
||||||
my $sid = $listener_test_done->recv;
|
|
||||||
if (!defined $sid) {
|
|
||||||
die "The listener did not acknowledge the connection\n";
|
|
||||||
} elsif ($sid ne $id) {
|
|
||||||
die "The listener did not acknowledge the same connection: expected '$id', got '$sid'\n";
|
|
||||||
}
|
|
||||||
say 'Waiting for the client connection itself to report completion';
|
|
||||||
my $res = $conns{$id}{cv}->recv;
|
|
||||||
if (!defined $res) {
|
|
||||||
die "The client connection did not complete the chat with the cleartext server\n";
|
|
||||||
}
|
|
||||||
say 'Looks like we are done with the test cleartext connection!';
|
|
||||||
}
|
|
||||||
|
|
||||||
my $st_server_port;
|
|
||||||
{
|
|
||||||
my $dummy;
|
|
||||||
($st_server_port, $dummy) = find_listening_port $listen_address, 8086, 200, 100, sub {
|
|
||||||
my ($fh) = @_;
|
|
||||||
say "Eh, we really didn't expect a connection here, did we now...";
|
|
||||||
$fh->close;
|
|
||||||
};
|
|
||||||
say "Got listening port $st_server_port for the stunnel server";
|
|
||||||
undef $dummy;
|
|
||||||
say 'Let us hope this was enough to get stunnel to listen there...';
|
|
||||||
}
|
|
||||||
|
|
||||||
my ($st_pid, $st_logfile);
|
|
||||||
{
|
|
||||||
my $st_config = $tempdir->child('stunnel.conf');
|
|
||||||
$st_logfile = $tempdir->child('stunnel.log');
|
|
||||||
my $st_pidfile = $tempdir->child('stunnel.pid');
|
|
||||||
$st_config->spew_utf8(<<"EOCONF") or die "Could not create the $st_config stunnel config file: $!\n";
|
|
||||||
pid = $st_pidfile
|
|
||||||
foreground = yes
|
|
||||||
output = $st_logfile
|
|
||||||
|
|
||||||
cert = $certfile
|
|
||||||
key = $keyfile
|
|
||||||
|
|
||||||
[test]
|
|
||||||
accept = $listen_address:$st_server_port
|
|
||||||
connect = $listen_address:$listen_clear_port
|
|
||||||
EOCONF
|
|
||||||
say "Created the stunnel config file $st_config:\n======\n".$st_config->slurp_utf8.'======';
|
|
||||||
|
|
||||||
$st_pid = fork;
|
|
||||||
if (!defined $st_pid) {
|
|
||||||
die "Could not fork for the stunnel server: $!\n";
|
|
||||||
} elsif ($st_pid == 0) {
|
|
||||||
my @cmd = ($stunnel, $st_config);
|
|
||||||
exec { $cmd[0] } @cmd;
|
|
||||||
die "Could not execute '@cmd': $!\n";
|
|
||||||
}
|
|
||||||
say "Started the stunnel server, pid $st_pid";
|
|
||||||
register_child $st_pid, "stunnel server ($listen_address:$st_server_port)";
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
for my $iter (1..10) {
|
|
||||||
say "Trying a connection through stunnel, iteration $iter";
|
|
||||||
|
|
||||||
my $st_conn_cv = AnyEvent->condvar;
|
|
||||||
my $st_conn;
|
|
||||||
{
|
|
||||||
my $st_conn_attempts = 10;
|
|
||||||
my $st_conn_timer;
|
|
||||||
$st_conn_timer = AnyEvent->timer(after => 0.1, interval => 1, cb => sub {
|
|
||||||
say "Trying to connect to the stunnel server at $listen_address:$st_server_port";
|
|
||||||
$st_conn = tcp_connect $listen_address, $st_server_port, sub {
|
|
||||||
my ($fh) = @_;
|
|
||||||
if (!defined $fh) {
|
|
||||||
# FIXME: Eh, well, reschedule, right?
|
|
||||||
say "Could not connect to $listen_address:$st_server_port: $!";
|
|
||||||
if ($children{$st_pid}{cv}->ready) {
|
|
||||||
say 'Err, the stunnel process seems to have terminated';
|
|
||||||
undef $st_conn_timer;
|
|
||||||
$st_conn_cv->send(undef);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
$st_conn_attempts--;
|
|
||||||
if ($st_conn_attempts == 0) {
|
|
||||||
say 'Time after time...';
|
|
||||||
undef $st_conn_timer;
|
|
||||||
$st_conn_cv->send(undef);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
say 'Will retry in a little while';
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
say '...connected!';
|
|
||||||
$st_conn_timer = undef;
|
|
||||||
$st_conn_cv->send($fh);
|
|
||||||
};
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
my $st_conn_fh = $st_conn_cv->recv;
|
|
||||||
if (!defined $st_conn_fh) {
|
|
||||||
my $log_text = (-f $st_logfile)
|
|
||||||
? "$st_logfile contents:\n".$st_logfile->slurp_utf8
|
|
||||||
: "(no log information)";
|
|
||||||
$log_text .= "\n" unless $log_text =~ /\n\Z/ms;
|
|
||||||
die "Could not connect to the stunnel service:\n$log_text";
|
|
||||||
}
|
|
||||||
my $id = register_client_connection $st_conn_fh;
|
|
||||||
say "Registered a client connection as $id";
|
|
||||||
adopt_client_connection $id, { tls => 'connect', };
|
|
||||||
say 'Waiting for the cleartext listener to receive this connection';
|
|
||||||
my $stunnel_test_done = AnyEvent->condvar;
|
|
||||||
await_client_connection $lis_main, $stunnel_test_done, 1;
|
|
||||||
my $sid = $stunnel_test_done->recv;
|
|
||||||
if (!defined $sid) {
|
|
||||||
die "The listener did not acknowledge the connection\n";
|
|
||||||
} elsif ($sid eq $id) {
|
|
||||||
die "The listener reported the same connection ID '$id'?!\n";
|
|
||||||
}
|
|
||||||
say "The server reported a completed connection: $sid";
|
|
||||||
my $res = $conns{$id}{cv}->recv;
|
|
||||||
if (!defined $res) {
|
|
||||||
die "The connection to stunnel did not report a successful chat\n";
|
|
||||||
}
|
|
||||||
say "The stunnel connection seems to have gone through for iteration $iter";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
say "Trying to stop stunnel at pid $st_pid";
|
|
||||||
kill 'TERM', $st_pid or
|
|
||||||
die "Could not send a terminate signal to the stunnel at pid $st_pid: $!\n";
|
|
||||||
my $status = wait_for_child $st_pid;
|
|
||||||
if ($status != 0) {
|
|
||||||
die "The stunnel process terminated with exit status $status\n";
|
|
||||||
} else {
|
|
||||||
say 'The stunnel process terminated successfully';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
say 'Checking for leftover children';
|
|
||||||
|
|
||||||
if (%children) {
|
|
||||||
# Our 'die' handler will kill and reap them.
|
|
||||||
die "Child processes left over:\n".
|
|
||||||
dump_children;
|
|
||||||
} else {
|
|
||||||
say 'No child processes left over';
|
|
||||||
}
|
|
||||||
|
|
||||||
unregister_child_reaper;
|
|
||||||
};
|
|
||||||
|
|
||||||
{
|
|
||||||
say 'Making sure the AnyEvent loop is still sane';
|
|
||||||
|
|
||||||
if ($test_done->ready) {
|
|
||||||
die "The AnyEvent loop raised the flag prematurely\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
$test_done->send(42);
|
|
||||||
my $res = $test_done->recv;
|
|
||||||
if ($res != 42) {
|
|
||||||
die "The AnyEvent loop does not seem to be quite alive and sane, got a result of '$res' instead of 42\n";
|
|
||||||
}
|
|
||||||
say 'Fine!';
|
|
||||||
};
|
|
||||||
}
|
|
15
debian/tests/upstream
vendored
15
debian/tests/upstream
vendored
@ -1,15 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
ln -s /usr/bin/stunnel4 src/stunnel
|
|
||||||
|
|
||||||
cd tests
|
|
||||||
if ! ./make_test; then
|
|
||||||
printf '\n\n=== Some tests failed; here are all the logs...\n\n' 1>&2
|
|
||||||
for fname in logs/*.log; do
|
|
||||||
printf -- '\n\n=== %s\n\n' "$fname" 1>&2
|
|
||||||
cat -- "$fname" 1>&2
|
|
||||||
done
|
|
||||||
false
|
|
||||||
fi
|
|
5
debian/upstream/metadata
vendored
5
debian/upstream/metadata
vendored
@ -1,5 +0,0 @@
|
|||||||
Name: stunnel
|
|
||||||
Bug-Submit: https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
|
|
||||||
Contact: https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
|
|
||||||
FAQ: https://www.stunnel.org/faq.html
|
|
||||||
Security-Contact: Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
111
debian/upstream/signing-key.asc
vendored
111
debian/upstream/signing-key.asc
vendored
@ -1,111 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0
|
|
||||||
hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf
|
|
||||||
ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S
|
|
||||||
fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY
|
|
||||||
kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX
|
|
||||||
1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8
|
|
||||||
rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn
|
|
||||||
RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN
|
|
||||||
Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E
|
|
||||||
sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk
|
|
||||||
4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB
|
|
||||||
tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+
|
|
||||||
iQI4BBMBAgAiBQJU1Q1lAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCx
|
|
||||||
BIky3Tqqo71TEACWO31ZIOrknCsgmE90Q0yBPYD8CA8aM9OLO9qVYRR+SKQ6VAFn
|
|
||||||
/qWCoG/z3aMOUJJFDMmBDTSiGZ43jReQVc1PvoNUKFXkD13vrDNGg+IMr+jefjy/
|
|
||||||
RkFC5rdIAOzl6nMRFH5D/KDtvuXUGfjaN9NorCyv5acOa6GinTFANHYW79DSvt0d
|
|
||||||
aTG0RFimVTKtAh8oxxBGGUvZ/60SJT5I3pwKKX5t6t+LaUgUz/55p5j36dyhZTmk
|
|
||||||
X6jVyczkfjBwy9i2jD8kZ1w+EQOPGy1hHCHaaN5ku3Bh4hiZrlh8ncpipOMeOJ5Y
|
|
||||||
71Cze/JROyu3jkR/59LuPJLbUkwNPZXuMM+D4EY19NWKqWFgcsjaF5juS36xgblQ
|
|
||||||
odAOXBZcnzH14bxlRElWNLhMib+piIL0BaK2cpplwJ+bzQRkyWzqrl5xu/AeE/fQ
|
|
||||||
BdeRxL1jg4e9Ozei4Pkz0acoxIg2mdR6b36UpOWKvBQYZ8m4TbsWBRrDjcxKeul7
|
|
||||||
ObsodFoGTteRxqN9glhNd+n5bJAesGzUN86e3NmCoxCUQMaKlrMEVUMwaaSOVWYN
|
|
||||||
CfwXSe42dK2ZrV4psIYIwfktTkF60N3KeBbTs7/HhS/R229+lQCL90bcKRiv2Szc
|
|
||||||
vqR6v78xnbnANm0SX/b6M7xNBf8lWXwS9TlR9AzA4XC7FqNLYTMGV56TmLQrTWlj
|
|
||||||
aGHFgiBUcm9qbmFyYSA8TWljaGFsLlRyb2puYXJhQG1pcnQubmV0PokCOAQTAQIA
|
|
||||||
IgUCVNTpjAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQsQSJMt06qqOP
|
|
||||||
9Q/+MNv7sHcx1y4xH4iysPmjL+ABTonZeUIW/j1Mlgve8jxta7ApuDm0WIgMQd/p
|
|
||||||
WgjG88g/2hSs1DRmuo67pP+v3l+HgmhQaqQe9XoaQHyygfrDwGEKAjA5++6hg88X
|
|
||||||
F5GNuchUoY2wHCLByuxdaaT9wDSUGHzj+VlQYcaVqry/u8+wRhuxr89avh7nebj2
|
|
||||||
Dw1qkIuR6+wuaYAU19mazzmdnDLh/3rYHT7vVJt751JHyx4fnJtKI7eDWxpSGfhc
|
|
||||||
K63SWtHToJKg4jbdIZMORVVvOetpRbPvF8qoR32LZSfF/rPJtNhWgcsLUCpZn6Ey
|
|
||||||
G6jigx8mhY2WupRNHutSES+qKNffCMi7fbpQfl4wJqzlNxJJK1zGu2ox255l+fXJ
|
|
||||||
eQJh7fvvcNieuQApKhOL+mOz1fyRnUhx/GjGncOmCgZldTLEF8DeHuuluXgFlDXJ
|
|
||||||
cX6poh7vyt3uJ14SCyiV1cLnXmCoxXRmQNlb4zTGoAvfOw/DFH3EzQ44dK/Z1HOI
|
|
||||||
fJeYILxe+JP2E8TNXUvr/wck12yQ8kaqFzHSQBcV+0S49+pIpoK475LVrOs6S9Jj
|
|
||||||
hMt4WVfX4PY+IE8wGnZyJw1gvPXdk1P98lHR/Fv0WG/kWiemrDXPM1tjnIas6EGm
|
|
||||||
zxT/iywGF4tdsVHviETVgRGpKHgEtB/hwsCeGUTAmHDbXQS0L01pY2hhxYIgVHJv
|
|
||||||
am5hcmEgPE1pY2hhbC5Ucm9qbmFyYUBtb2JpLWNvbS5uZXQ+iQI4BBMBAgAiBQJU
|
|
||||||
1Q03AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCxBIky3TqqoyVkEACt
|
|
||||||
MHa7x5PQ0ZNJ8TrvVd/VrT5USuHwwFwnnsYUNzSc95gSwSEaPC3xwgs9cX3VRmOw
|
|
||||||
b3IiCQQ7R0EamH/ydmZnlesbCsnamLl6dEmzS284lnnMd5X0wep2qq3SlS1z+5wW
|
|
||||||
4ZnoodX98E7RyecjMYPLH+uAqGqg3nHG8eOpoSDMvIOJtOIvDc9Y6tbNsBbeKbOC
|
|
||||||
yB7A08TMzVqayQvXzm6QShHTicra69oqIzhmu2zII3ZWVwkfEGweuN0vdocoXiqr
|
|
||||||
entcyF3KLUX/LooDzdCAxuoJdovg41E69rXEWF//IP5XBT0LUDTzqwmBe7nOfoJF
|
|
||||||
2RAHn3ySogdL6WNSGaH5B5NK1jGflj/Hr/HBHIYYx820P4aEXSyxbLQW1F0HWlAA
|
|
||||||
Q9+EmjJssbv7cIq2DV2Ls3AOeY0GAWhTdvUVdVpOG+TuWRUi61XwjWPfvrJDH8ME
|
|
||||||
oLRb2MhNRffle8hSdF8TP4CO1TCxtSFs0NXT1I/HazvacHzvbXspFDJvbYJsy+pR
|
|
||||||
vOsf2QCcY5xb633duU60+IHJ9GMOV/ZqQR744wAxu+e/ZHpa2+mpI9VpTMuBTMFC
|
|
||||||
OQKbiLacsDJtFqsenZAyhcTU4DPFa0bkMO67Gwl0skuk2x8/0R3EgJ9JvNlsEz6v
|
|
||||||
BaHpWhEddU1m6FMKKZkfo0xnyFr/WPT6zti9iKTnIbkCDQRU1OvDARAA8gIC641d
|
|
||||||
K6ap9W1K3EkqRn0z6zizdVGr/jvf8xFXeUq+auxixZ0tEY6NM5CBSya5BCK9IGVW
|
|
||||||
mJNbazyWUa4llA6EvmUxcTeGE7ppQA4Kl1bzvUq5upo+8+0VuqvLC/bVz0DUnFSW
|
|
||||||
JYHAZrPZ+yO0yMq8vaGTo5kwKixQ4Ni+N+1EiALKZex1g6UW9d0HAcYEa/lTWhz3
|
|
||||||
J0V1yyY4Vov30gtoo67KkSC/SswZzIR00CQGrz3twlGuB73Sm1YfqDqbY8dQLJey
|
|
||||||
U0ovIeU95VI5cQF6D1H8YdaMWQm6MtVAfIX5WMoH+eq4Ank9hilReGANkIWNSqM2
|
|
||||||
1Drdu3crbGIYiZPEadKfGxwquwvRDTEgD4gjqMvEdxA2W6s4WR36SwMkeOtESj21
|
|
||||||
MiR2YDcbIzIbUh9p0P8DZGvQcVh45jCgdOcL5th9R076npXHn8FIe2IfAZnX1Onp
|
|
||||||
sKn/YqJ0wNFhGYWxV/yZA10NbFKFXhD1FGqrOz6lSqmqDz00tXofF432ae+7PzTP
|
|
||||||
9n4cij4k0SYG1l/LThnOYL3SNUCG3rCASeWoXmhxCYRGi0Xw3IJrcpVNmNQD+SLL
|
|
||||||
TjVB94AlDjSlx1q0V+9ymhGHi51wsBSajMwDexaSI/WM1y9lROwl7eeAD41fPArz
|
|
||||||
TleAqT89akWLevTBLWvj59mku9vZAW26/1UAEQEAAYkCHwQYAQIACQUCVNTrwwIb
|
|
||||||
DAAKCRCxBIky3Tqqo2NCEACHJ7e0l8NhS4slfzej1AAXOwL1wDexn6thpgexAyqZ
|
|
||||||
LIaibqhIybhSo1LOL1NY/55ytscbOQL7NliRAXVN6F9lcer+qzxL5JgxzUU6drya
|
|
||||||
pNZYs06u3wfr8ZtSbvIAON/w89tm9tHxoNUIYZZUZROFBW6fn8RkhboQs0hJFxWf
|
|
||||||
WghOxhS0TXJ8/MZ4YcfDy+Ew6LIAym3A1XY+++2VMEHqKcyhU95W5sqAsfO5MkRW
|
|
||||||
a0E9JTS2dWTteNTWPonywJGX/mSVVMZgOZF6o32Vb9LTnB676YQaPiMlu2qg+vRk
|
|
||||||
RM/zyGjvPx7hilf68CWxZcIHslfp5gJV6RvtlK+muEvIkSmNYyi8hQp1Y5C6uWb9
|
|
||||||
JWt/9ISJ+Xz+n+5nAHEUzW/LeEDyhjVlS9vOoAAy18r47mQybzJ2q2zOHo9zl3fK
|
|
||||||
OJ2S4SFBKGHuIhPOxG2CruhxN9U5+RwTDqKECeuCZROMYQLzlmIP2vM/NuFVhQm8
|
|
||||||
iNhbTvEenh4mWD4IuOHJkqvzKKzAXllosuUK4B0kblh4GaOVmEjaXGw8789rOlQz
|
|
||||||
D5566SgKPDNUtom5/eIcy6/UYBoFd7lLltIVSSCA1VUMU4MWJgjwa9gk6MxoNe8d
|
|
||||||
cJ197oQMfhZNjJ80S5C+a2al4wrR2vL/3hXhy2M2kG73RLSzxEiVoJsG+hbzNtfI
|
|
||||||
a7kCDQRU1O5ZARAA1pGrQ1V3YMXF3DzwvA/uWb912pwqUvMAAKvYCDiELIOP07c3
|
|
||||||
2+z04N/bOXjiZ2Jb8AuICj4v92tXAygtf18zxwoU8AOXiuScP3wy1ZprBw8k71dN
|
|
||||||
y0XmEXbiX7tkLoe0OzWlCaNTajSXTELT+nYHTOkBsrC4T+y7AwYueQJYUaRkJR/5
|
|
||||||
Tc68UnRSO295pgJd7EoWWAky3bdH+TKN0MsagCJwa+RrXFGtIKjU0XAKsddTxQKx
|
|
||||||
2SUGF0QVdNZ/14Duo73btoXtHgB0oxewnsiJp5XKWYm57RSNLv1LKr26iSUtUM1C
|
|
||||||
AIZALuGMAyQXVEo7OmzuZmN0yRYM7FSnpG4rIDnDxYhDTaa+xWb738V8uLQDZAVn
|
|
||||||
AuBEhq1RQEDrRM/XLbibvVBzpd+JI9WneNEp0ehq5sEC6FbKYz0HqVk2SH1Dpb0t
|
|
||||||
grtxz3c7rPs7vRdmFMxTuYctSzuqNHpKX+C6rgyAW2sxEKD0ys8OYEa3hvrQFSAz
|
|
||||||
nM/j3X8dge1DriHIQd/Dt4+LMdPcsQk3vty7pYxZIDRa9hl7ngaesQSZ/7PV/cj7
|
|
||||||
U7qieTr1ulO1Gc5GcyS2Hu4P9109HX1tBEQvGHpbqe9Lc2d0VKgHVjG9vDLrE1h/
|
|
||||||
qXKbmn0LF1YR4djaM+sYCfYOO+WzZKUACPdMq3Lid/3oQ71p6eNgu6lQcgEAEQEA
|
|
||||||
AYkEPgQYAQIACQUCVNTuWQIbAgIpCRCxBIky3Tqqo8FdIAQZAQIABgUCVNTuWQAK
|
|
||||||
CRAu/H/w1BbgFNx6EACR7CKB3Mv2lNaRRraVRwjNrumyODqsnX/oe3lad04iCBb9
|
|
||||||
JxGyNyTGF0s6teoaocXxIeZ50bF7GuYcnepMGpniMCkE2ymlM6ruFNNTUYC02Fsr
|
|
||||||
owKQboC7S5DN2l7lb4nlgyDX7nOlOMmhTc3D/QsduMyS9H5kjFFKtzLYOwREV/RH
|
|
||||||
I/wQUyTyze8qs/BxpT3/HsSJuGZybLSd/fmeM43xghcdfDgKTaGkFkhhW7UWgtOh
|
|
||||||
QtYxr0VD4HEw4C+nMyksqKAIFMBjJAqtsuWeSgavVrbU8KrzlcJFHSrovZ7Pi0mK
|
|
||||||
MYHGomPstZcZxwr15t3BhDvogMSRscU1mLUigLEGiWxPVxtQlmHTZfMns4Cy04S7
|
|
||||||
jK4Gix0PN4Xi/9rOcLFCb5zddcLVrqiuT+dt/O/TPKUKHTvLL1gF4Dlypbu8TQWt
|
|
||||||
O7xDSPy7wSdPWUN5GBjsxbZfVlWpvvVMmGUuygIl0LkrJLKGxk36AnNpEPqsQ9e9
|
|
||||||
Rsgu5dP9lGPz3igxE3p+UlhWo5eqJqZwAfEFb+0PQzKSQ6zIFQAf50eSI/pWf+Xp
|
|
||||||
9XOT47d4y8aWzHA7T/ja9tbyd+eg71ZOqOFtVP8zFWvmPnoosxrBR7qK/RBY5/PX
|
|
||||||
KhfG10yEYXSjTap4dmsy430l8Mcuqo55iixgT5vxZfTeyFjTjHmjuHD1rTTfpXk4
|
|
||||||
D/9GI9cIfrWczhrbWN8BoP66ImMXpVhZzDt6S5u9dHSNJdqivDzCkktb/psXILvv
|
|
||||||
u3qLmb1nJbsNzN9GJm6LoduzCJ4SqaodjhMkNi/Tc95dx0n2cCP2Rh/jvzo7zrqQ
|
|
||||||
O09c8at/pFEiF8LgUlc5QaB/GNhXBqJog2yOzUPGKq0OMy/wttW42TCe7V+J8fnn
|
|
||||||
16xfGhnVwmiWRQaqdCiFDY2IiOHhnRwfJVANrddfuU/AJ8vY8XXzrxI7YZL43V53
|
|
||||||
0Wich1VB00XLFU8aj08FsjdFvR77AAxFU+Cd6sH6yq6jsRXppQ0BOO15aR+wopEv
|
|
||||||
tKwDdRu3TaweC1XMLLQ4XuN9Ql0bMH0d626uMG2zUfZGO1jNTOS4sUhEqJsImbsL
|
|
||||||
/hgNDKYvfo0wSHPWmQo9njw7aG8Mey77I3fL1ELj/Tfa86njPpJ/tmFMLV9ntWAC
|
|
||||||
cW/c3tojdcP278rTw/4zk+Sr2Zv+3bP1yjJd0z4B3gYYz2BUYTU7dyiA41Kgk4Zf
|
|
||||||
V1n2NUAxQJYzvEIAZcMEWA3rOTb+AjcBVXX89Gk0BEykVmA9G808tbmI+4DUd2c/
|
|
||||||
+d1xeufb43TGOiwKqwY+Os9iey3FbsnoYuzKPsd5LByJFEudbMB152h95u/NysaM
|
|
||||||
0AjC+yPtlpSLUIaDUW75VAlQKPWj1Ag5uVpc2ScMEjevQQ==
|
|
||||||
=muMw
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
8
debian/watch
vendored
8
debian/watch
vendored
@ -1,8 +0,0 @@
|
|||||||
version=4
|
|
||||||
|
|
||||||
# Latest version is directly at /stunnel
|
|
||||||
opts=pgpsigurlmangle=s/$/.asc/ \
|
|
||||||
https://www.stunnel.org/downloads.html downloads/stunnel-([\d.]+)@ARCHIVE_EXT@ debian
|
|
||||||
|
|
||||||
opts=pgpsigurlmangle=s/$/.asc/,pasv \
|
|
||||||
ftp://ftp.stunnel.org/stunnel/archive/5.x/stunnel-([\d.]+)@ARCHIVE_EXT@
|
|
@ -1,35 +0,0 @@
|
|||||||
## Process this file with automake to produce Makefile.in
|
|
||||||
# by Michal Trojnara 2015-2017
|
|
||||||
|
|
||||||
EXTRA_DIST = stunnel.pod.in stunnel.8.in stunnel.html.in en
|
|
||||||
EXTRA_DIST += stunnel.pl.pod.in stunnel.pl.8.in stunnel.pl.html.in pl
|
|
||||||
|
|
||||||
man_MANS = stunnel.8 stunnel.pl.8
|
|
||||||
|
|
||||||
docdir = $(datadir)/doc/stunnel
|
|
||||||
doc_DATA = stunnel.html stunnel.pl.html
|
|
||||||
|
|
||||||
CLEANFILES = $(man_MANS) $(doc_DATA)
|
|
||||||
|
|
||||||
SUFFIXES = .pod.in .8.in .html.in
|
|
||||||
|
|
||||||
.pod.in.8.in:
|
|
||||||
pod2man -u -n stunnel -s 8 -r $(VERSION) \
|
|
||||||
-c "stunnel TLS Proxy" -d `date +%Y.%m.%d` $< $@
|
|
||||||
|
|
||||||
.pod.in.html.in:
|
|
||||||
pod2html --index --backlink --header \
|
|
||||||
--title "stunnel TLS Proxy" --infile=$< --outfile=$@
|
|
||||||
rm -f pod2htmd.tmp pod2htmi.tmp
|
|
||||||
|
|
||||||
edit = sed \
|
|
||||||
-e 's|@bindir[@]|$(bindir)|g' \
|
|
||||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g'
|
|
||||||
|
|
||||||
$(man_MANS) $(doc_DATA): Makefile
|
|
||||||
$(edit) '$(srcdir)/$@.in' >$@
|
|
||||||
|
|
||||||
stunnel.8: $(srcdir)/stunnel.8.in
|
|
||||||
stunnel.html: $(srcdir)/stunnel.html.in
|
|
||||||
stunnel.pl.8: $(srcdir)/stunnel.pl.8.in
|
|
||||||
stunnel.pl.html: $(srcdir)/stunnel.pl.html.in
|
|
577
doc/Makefile.in
577
doc/Makefile.in
@ -1,577 +0,0 @@
|
|||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
|
||||||
# @configure_input@
|
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
|
||||||
# with or without modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
|
||||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
||||||
# PARTICULAR PURPOSE.
|
|
||||||
|
|
||||||
@SET_MAKE@
|
|
||||||
|
|
||||||
# by Michal Trojnara 2015-2017
|
|
||||||
|
|
||||||
VPATH = @srcdir@
|
|
||||||
am__is_gnu_make = { \
|
|
||||||
if test -z '$(MAKELEVEL)'; then \
|
|
||||||
false; \
|
|
||||||
elif test -n '$(MAKE_HOST)'; then \
|
|
||||||
true; \
|
|
||||||
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
|
|
||||||
true; \
|
|
||||||
else \
|
|
||||||
false; \
|
|
||||||
fi; \
|
|
||||||
}
|
|
||||||
am__make_running_with_option = \
|
|
||||||
case $${target_option-} in \
|
|
||||||
?) ;; \
|
|
||||||
*) echo "am__make_running_with_option: internal error: invalid" \
|
|
||||||
"target option '$${target_option-}' specified" >&2; \
|
|
||||||
exit 1;; \
|
|
||||||
esac; \
|
|
||||||
has_opt=no; \
|
|
||||||
sane_makeflags=$$MAKEFLAGS; \
|
|
||||||
if $(am__is_gnu_make); then \
|
|
||||||
sane_makeflags=$$MFLAGS; \
|
|
||||||
else \
|
|
||||||
case $$MAKEFLAGS in \
|
|
||||||
*\\[\ \ ]*) \
|
|
||||||
bs=\\; \
|
|
||||||
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
|
|
||||||
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
|
|
||||||
esac; \
|
|
||||||
fi; \
|
|
||||||
skip_next=no; \
|
|
||||||
strip_trailopt () \
|
|
||||||
{ \
|
|
||||||
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
|
|
||||||
}; \
|
|
||||||
for flg in $$sane_makeflags; do \
|
|
||||||
test $$skip_next = yes && { skip_next=no; continue; }; \
|
|
||||||
case $$flg in \
|
|
||||||
*=*|--*) continue;; \
|
|
||||||
-*I) strip_trailopt 'I'; skip_next=yes;; \
|
|
||||||
-*I?*) strip_trailopt 'I';; \
|
|
||||||
-*O) strip_trailopt 'O'; skip_next=yes;; \
|
|
||||||
-*O?*) strip_trailopt 'O';; \
|
|
||||||
-*l) strip_trailopt 'l'; skip_next=yes;; \
|
|
||||||
-*l?*) strip_trailopt 'l';; \
|
|
||||||
-[dEDm]) skip_next=yes;; \
|
|
||||||
-[JT]) skip_next=yes;; \
|
|
||||||
esac; \
|
|
||||||
case $$flg in \
|
|
||||||
*$$target_option*) has_opt=yes; break;; \
|
|
||||||
esac; \
|
|
||||||
done; \
|
|
||||||
test $$has_opt = yes
|
|
||||||
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
|
|
||||||
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
|
|
||||||
pkgdatadir = $(datadir)/@PACKAGE@
|
|
||||||
pkgincludedir = $(includedir)/@PACKAGE@
|
|
||||||
pkglibdir = $(libdir)/@PACKAGE@
|
|
||||||
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
|
||||||
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
|
||||||
install_sh_DATA = $(install_sh) -c -m 644
|
|
||||||
install_sh_PROGRAM = $(install_sh) -c
|
|
||||||
install_sh_SCRIPT = $(install_sh) -c
|
|
||||||
INSTALL_HEADER = $(INSTALL_DATA)
|
|
||||||
transform = $(program_transform_name)
|
|
||||||
NORMAL_INSTALL = :
|
|
||||||
PRE_INSTALL = :
|
|
||||||
POST_INSTALL = :
|
|
||||||
NORMAL_UNINSTALL = :
|
|
||||||
PRE_UNINSTALL = :
|
|
||||||
POST_UNINSTALL = :
|
|
||||||
build_triplet = @build@
|
|
||||||
host_triplet = @host@
|
|
||||||
subdir = doc
|
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
|
|
||||||
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
|
|
||||||
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
|
|
||||||
$(top_srcdir)/configure.ac
|
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
|
||||||
$(ACLOCAL_M4)
|
|
||||||
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
|
|
||||||
mkinstalldirs = $(install_sh) -d
|
|
||||||
CONFIG_HEADER = $(top_builddir)/src/config.h
|
|
||||||
CONFIG_CLEAN_FILES =
|
|
||||||
CONFIG_CLEAN_VPATH_FILES =
|
|
||||||
AM_V_P = $(am__v_P_@AM_V@)
|
|
||||||
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
|
|
||||||
am__v_P_0 = false
|
|
||||||
am__v_P_1 = :
|
|
||||||
AM_V_GEN = $(am__v_GEN_@AM_V@)
|
|
||||||
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
|
|
||||||
am__v_GEN_0 = @echo " GEN " $@;
|
|
||||||
am__v_GEN_1 =
|
|
||||||
AM_V_at = $(am__v_at_@AM_V@)
|
|
||||||
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
|
|
||||||
am__v_at_0 = @
|
|
||||||
am__v_at_1 =
|
|
||||||
SOURCES =
|
|
||||||
DIST_SOURCES =
|
|
||||||
am__can_run_installinfo = \
|
|
||||||
case $$AM_UPDATE_INFO_DIR in \
|
|
||||||
n|no|NO) false;; \
|
|
||||||
*) (install-info --version) >/dev/null 2>&1;; \
|
|
||||||
esac
|
|
||||||
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
|
|
||||||
am__vpath_adj = case $$p in \
|
|
||||||
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
|
|
||||||
*) f=$$p;; \
|
|
||||||
esac;
|
|
||||||
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
|
|
||||||
am__install_max = 40
|
|
||||||
am__nobase_strip_setup = \
|
|
||||||
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
|
|
||||||
am__nobase_strip = \
|
|
||||||
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
|
|
||||||
am__nobase_list = $(am__nobase_strip_setup); \
|
|
||||||
for p in $$list; do echo "$$p $$p"; done | \
|
|
||||||
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
|
|
||||||
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
|
|
||||||
if (++n[$$2] == $(am__install_max)) \
|
|
||||||
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
|
|
||||||
END { for (dir in files) print dir, files[dir] }'
|
|
||||||
am__base_list = \
|
|
||||||
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
|
|
||||||
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
|
|
||||||
am__uninstall_files_from_dir = { \
|
|
||||||
test -z "$$files" \
|
|
||||||
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|
|
||||||
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
|
|
||||||
$(am__cd) "$$dir" && rm -f $$files; }; \
|
|
||||||
}
|
|
||||||
man8dir = $(mandir)/man8
|
|
||||||
am__installdirs = "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)"
|
|
||||||
NROFF = nroff
|
|
||||||
MANS = $(man_MANS)
|
|
||||||
DATA = $(doc_DATA)
|
|
||||||
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
|
|
||||||
am__DIST_COMMON = $(srcdir)/Makefile.in
|
|
||||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
|
||||||
ACLOCAL = @ACLOCAL@
|
|
||||||
AMTAR = @AMTAR@
|
|
||||||
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
|
|
||||||
AR = @AR@
|
|
||||||
AUTOCONF = @AUTOCONF@
|
|
||||||
AUTOHEADER = @AUTOHEADER@
|
|
||||||
AUTOMAKE = @AUTOMAKE@
|
|
||||||
AWK = @AWK@
|
|
||||||
CC = @CC@
|
|
||||||
CCDEPMODE = @CCDEPMODE@
|
|
||||||
CFLAGS = @CFLAGS@
|
|
||||||
CPP = @CPP@
|
|
||||||
CPPFLAGS = @CPPFLAGS@
|
|
||||||
CYGPATH_W = @CYGPATH_W@
|
|
||||||
DEFAULT_GROUP = @DEFAULT_GROUP@
|
|
||||||
DEFS = @DEFS@
|
|
||||||
DEPDIR = @DEPDIR@
|
|
||||||
DLLTOOL = @DLLTOOL@
|
|
||||||
DSYMUTIL = @DSYMUTIL@
|
|
||||||
DUMPBIN = @DUMPBIN@
|
|
||||||
ECHO_C = @ECHO_C@
|
|
||||||
ECHO_N = @ECHO_N@
|
|
||||||
ECHO_T = @ECHO_T@
|
|
||||||
EGREP = @EGREP@
|
|
||||||
EXEEXT = @EXEEXT@
|
|
||||||
FGREP = @FGREP@
|
|
||||||
GREP = @GREP@
|
|
||||||
INSTALL = @INSTALL@
|
|
||||||
INSTALL_DATA = @INSTALL_DATA@
|
|
||||||
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
|
||||||
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
|
||||||
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
|
||||||
LD = @LD@
|
|
||||||
LDFLAGS = @LDFLAGS@
|
|
||||||
LIBOBJS = @LIBOBJS@
|
|
||||||
LIBS = @LIBS@
|
|
||||||
LIBTOOL = @LIBTOOL@
|
|
||||||
LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
|
||||||
LIPO = @LIPO@
|
|
||||||
LN_S = @LN_S@
|
|
||||||
LTLIBOBJS = @LTLIBOBJS@
|
|
||||||
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
|
|
||||||
MAKEINFO = @MAKEINFO@
|
|
||||||
MANIFEST_TOOL = @MANIFEST_TOOL@
|
|
||||||
MKDIR_P = @MKDIR_P@
|
|
||||||
NM = @NM@
|
|
||||||
NMEDIT = @NMEDIT@
|
|
||||||
OBJDUMP = @OBJDUMP@
|
|
||||||
OBJEXT = @OBJEXT@
|
|
||||||
OTOOL = @OTOOL@
|
|
||||||
OTOOL64 = @OTOOL64@
|
|
||||||
PACKAGE = @PACKAGE@
|
|
||||||
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
|
||||||
PACKAGE_NAME = @PACKAGE_NAME@
|
|
||||||
PACKAGE_STRING = @PACKAGE_STRING@
|
|
||||||
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
|
||||||
PACKAGE_URL = @PACKAGE_URL@
|
|
||||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
|
||||||
PATH_SEPARATOR = @PATH_SEPARATOR@
|
|
||||||
PTHREAD_CC = @PTHREAD_CC@
|
|
||||||
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
|
|
||||||
PTHREAD_LIBS = @PTHREAD_LIBS@
|
|
||||||
RANDOM_FILE = @RANDOM_FILE@
|
|
||||||
RANLIB = @RANLIB@
|
|
||||||
SED = @SED@
|
|
||||||
SET_MAKE = @SET_MAKE@
|
|
||||||
SHELL = @SHELL@
|
|
||||||
SSLDIR = @SSLDIR@
|
|
||||||
STRIP = @STRIP@
|
|
||||||
VERSION = @VERSION@
|
|
||||||
abs_builddir = @abs_builddir@
|
|
||||||
abs_srcdir = @abs_srcdir@
|
|
||||||
abs_top_builddir = @abs_top_builddir@
|
|
||||||
abs_top_srcdir = @abs_top_srcdir@
|
|
||||||
ac_ct_AR = @ac_ct_AR@
|
|
||||||
ac_ct_CC = @ac_ct_CC@
|
|
||||||
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
|
|
||||||
am__include = @am__include@
|
|
||||||
am__leading_dot = @am__leading_dot@
|
|
||||||
am__quote = @am__quote@
|
|
||||||
am__tar = @am__tar@
|
|
||||||
am__untar = @am__untar@
|
|
||||||
ax_pthread_config = @ax_pthread_config@
|
|
||||||
bindir = @bindir@
|
|
||||||
build = @build@
|
|
||||||
build_alias = @build_alias@
|
|
||||||
build_cpu = @build_cpu@
|
|
||||||
build_os = @build_os@
|
|
||||||
build_vendor = @build_vendor@
|
|
||||||
builddir = @builddir@
|
|
||||||
datadir = @datadir@
|
|
||||||
datarootdir = @datarootdir@
|
|
||||||
docdir = $(datadir)/doc/stunnel
|
|
||||||
dvidir = @dvidir@
|
|
||||||
exec_prefix = @exec_prefix@
|
|
||||||
host = @host@
|
|
||||||
host_alias = @host_alias@
|
|
||||||
host_cpu = @host_cpu@
|
|
||||||
host_os = @host_os@
|
|
||||||
host_vendor = @host_vendor@
|
|
||||||
htmldir = @htmldir@
|
|
||||||
includedir = @includedir@
|
|
||||||
infodir = @infodir@
|
|
||||||
install_sh = @install_sh@
|
|
||||||
libdir = @libdir@
|
|
||||||
libexecdir = @libexecdir@
|
|
||||||
localedir = @localedir@
|
|
||||||
localstatedir = @localstatedir@
|
|
||||||
mandir = @mandir@
|
|
||||||
mkdir_p = @mkdir_p@
|
|
||||||
oldincludedir = @oldincludedir@
|
|
||||||
pdfdir = @pdfdir@
|
|
||||||
prefix = @prefix@
|
|
||||||
program_transform_name = @program_transform_name@
|
|
||||||
psdir = @psdir@
|
|
||||||
runstatedir = @runstatedir@
|
|
||||||
sbindir = @sbindir@
|
|
||||||
sharedstatedir = @sharedstatedir@
|
|
||||||
srcdir = @srcdir@
|
|
||||||
sysconfdir = @sysconfdir@
|
|
||||||
target_alias = @target_alias@
|
|
||||||
top_build_prefix = @top_build_prefix@
|
|
||||||
top_builddir = @top_builddir@
|
|
||||||
top_srcdir = @top_srcdir@
|
|
||||||
EXTRA_DIST = stunnel.pod.in stunnel.8.in stunnel.html.in en \
|
|
||||||
stunnel.pl.pod.in stunnel.pl.8.in stunnel.pl.html.in pl
|
|
||||||
man_MANS = stunnel.8 stunnel.pl.8
|
|
||||||
doc_DATA = stunnel.html stunnel.pl.html
|
|
||||||
CLEANFILES = $(man_MANS) $(doc_DATA)
|
|
||||||
SUFFIXES = .pod.in .8.in .html.in
|
|
||||||
edit = sed \
|
|
||||||
-e 's|@bindir[@]|$(bindir)|g' \
|
|
||||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g'
|
|
||||||
|
|
||||||
all: all-am
|
|
||||||
|
|
||||||
.SUFFIXES:
|
|
||||||
.SUFFIXES: .pod.in .8.in .html.in
|
|
||||||
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
|
|
||||||
@for dep in $?; do \
|
|
||||||
case '$(am__configure_deps)' in \
|
|
||||||
*$$dep*) \
|
|
||||||
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
|
|
||||||
&& { if test -f $@; then exit 0; else break; fi; }; \
|
|
||||||
exit 1;; \
|
|
||||||
esac; \
|
|
||||||
done; \
|
|
||||||
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
|
|
||||||
$(am__cd) $(top_srcdir) && \
|
|
||||||
$(AUTOMAKE) --gnu doc/Makefile
|
|
||||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
|
||||||
@case '$?' in \
|
|
||||||
*config.status*) \
|
|
||||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
|
|
||||||
*) \
|
|
||||||
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
|
|
||||||
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
|
|
||||||
esac;
|
|
||||||
|
|
||||||
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
|
|
||||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
|
||||||
|
|
||||||
$(top_srcdir)/configure: $(am__configure_deps)
|
|
||||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
|
||||||
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
|
|
||||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
|
||||||
$(am__aclocal_m4_deps):
|
|
||||||
|
|
||||||
mostlyclean-libtool:
|
|
||||||
-rm -f *.lo
|
|
||||||
|
|
||||||
clean-libtool:
|
|
||||||
-rm -rf .libs _libs
|
|
||||||
install-man8: $(man_MANS)
|
|
||||||
@$(NORMAL_INSTALL)
|
|
||||||
@list1=''; \
|
|
||||||
list2='$(man_MANS)'; \
|
|
||||||
test -n "$(man8dir)" \
|
|
||||||
&& test -n "`echo $$list1$$list2`" \
|
|
||||||
|| exit 0; \
|
|
||||||
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
|
|
||||||
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
|
|
||||||
{ for i in $$list1; do echo "$$i"; done; \
|
|
||||||
if test -n "$$list2"; then \
|
|
||||||
for i in $$list2; do echo "$$i"; done \
|
|
||||||
| sed -n '/\.8[a-z]*$$/p'; \
|
|
||||||
fi; \
|
|
||||||
} | while read p; do \
|
|
||||||
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
|
|
||||||
echo "$$d$$p"; echo "$$p"; \
|
|
||||||
done | \
|
|
||||||
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
|
|
||||||
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
|
|
||||||
sed 'N;N;s,\n, ,g' | { \
|
|
||||||
list=; while read file base inst; do \
|
|
||||||
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
|
|
||||||
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
|
|
||||||
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
|
|
||||||
fi; \
|
|
||||||
done; \
|
|
||||||
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
|
|
||||||
while read files; do \
|
|
||||||
test -z "$$files" || { \
|
|
||||||
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
|
|
||||||
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
|
|
||||||
done; }
|
|
||||||
|
|
||||||
uninstall-man8:
|
|
||||||
@$(NORMAL_UNINSTALL)
|
|
||||||
@list=''; test -n "$(man8dir)" || exit 0; \
|
|
||||||
files=`{ for i in $$list; do echo "$$i"; done; \
|
|
||||||
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
|
|
||||||
sed -n '/\.8[a-z]*$$/p'; \
|
|
||||||
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
|
|
||||||
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
|
|
||||||
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
|
|
||||||
install-docDATA: $(doc_DATA)
|
|
||||||
@$(NORMAL_INSTALL)
|
|
||||||
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
|
|
||||||
if test -n "$$list"; then \
|
|
||||||
echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \
|
|
||||||
$(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \
|
|
||||||
fi; \
|
|
||||||
for p in $$list; do \
|
|
||||||
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
|
|
||||||
echo "$$d$$p"; \
|
|
||||||
done | $(am__base_list) | \
|
|
||||||
while read files; do \
|
|
||||||
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
|
|
||||||
$(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
|
|
||||||
done
|
|
||||||
|
|
||||||
uninstall-docDATA:
|
|
||||||
@$(NORMAL_UNINSTALL)
|
|
||||||
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
|
|
||||||
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
|
|
||||||
dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir)
|
|
||||||
tags TAGS:
|
|
||||||
|
|
||||||
ctags CTAGS:
|
|
||||||
|
|
||||||
cscope cscopelist:
|
|
||||||
|
|
||||||
|
|
||||||
distdir: $(DISTFILES)
|
|
||||||
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
|
||||||
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
|
||||||
list='$(DISTFILES)'; \
|
|
||||||
dist_files=`for file in $$list; do echo $$file; done | \
|
|
||||||
sed -e "s|^$$srcdirstrip/||;t" \
|
|
||||||
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
|
|
||||||
case $$dist_files in \
|
|
||||||
*/*) $(MKDIR_P) `echo "$$dist_files" | \
|
|
||||||
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
|
|
||||||
sort -u` ;; \
|
|
||||||
esac; \
|
|
||||||
for file in $$dist_files; do \
|
|
||||||
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
|
||||||
if test -d $$d/$$file; then \
|
|
||||||
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
|
|
||||||
if test -d "$(distdir)/$$file"; then \
|
|
||||||
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
|
||||||
fi; \
|
|
||||||
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
|
||||||
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
|
|
||||||
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
|
||||||
fi; \
|
|
||||||
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
|
|
||||||
else \
|
|
||||||
test -f "$(distdir)/$$file" \
|
|
||||||
|| cp -p $$d/$$file "$(distdir)/$$file" \
|
|
||||||
|| exit 1; \
|
|
||||||
fi; \
|
|
||||||
done
|
|
||||||
check-am: all-am
|
|
||||||
check: check-am
|
|
||||||
all-am: Makefile $(MANS) $(DATA)
|
|
||||||
installdirs:
|
|
||||||
for dir in "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)"; do \
|
|
||||||
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
|
|
||||||
done
|
|
||||||
install: install-am
|
|
||||||
install-exec: install-exec-am
|
|
||||||
install-data: install-data-am
|
|
||||||
uninstall: uninstall-am
|
|
||||||
|
|
||||||
install-am: all-am
|
|
||||||
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
|
||||||
|
|
||||||
installcheck: installcheck-am
|
|
||||||
install-strip:
|
|
||||||
if test -z '$(STRIP)'; then \
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
|
||||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
|
||||||
install; \
|
|
||||||
else \
|
|
||||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
|
||||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
|
||||||
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
|
||||||
fi
|
|
||||||
mostlyclean-generic:
|
|
||||||
|
|
||||||
clean-generic:
|
|
||||||
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
|
|
||||||
|
|
||||||
distclean-generic:
|
|
||||||
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
|
|
||||||
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
|
|
||||||
|
|
||||||
maintainer-clean-generic:
|
|
||||||
@echo "This command is intended for maintainers to use"
|
|
||||||
@echo "it deletes files that may require special tools to rebuild."
|
|
||||||
clean: clean-am
|
|
||||||
|
|
||||||
clean-am: clean-generic clean-libtool mostlyclean-am
|
|
||||||
|
|
||||||
distclean: distclean-am
|
|
||||||
-rm -f Makefile
|
|
||||||
distclean-am: clean-am distclean-generic
|
|
||||||
|
|
||||||
dvi: dvi-am
|
|
||||||
|
|
||||||
dvi-am:
|
|
||||||
|
|
||||||
html: html-am
|
|
||||||
|
|
||||||
html-am:
|
|
||||||
|
|
||||||
info: info-am
|
|
||||||
|
|
||||||
info-am:
|
|
||||||
|
|
||||||
install-data-am: install-docDATA install-man
|
|
||||||
|
|
||||||
install-dvi: install-dvi-am
|
|
||||||
|
|
||||||
install-dvi-am:
|
|
||||||
|
|
||||||
install-exec-am:
|
|
||||||
|
|
||||||
install-html: install-html-am
|
|
||||||
|
|
||||||
install-html-am:
|
|
||||||
|
|
||||||
install-info: install-info-am
|
|
||||||
|
|
||||||
install-info-am:
|
|
||||||
|
|
||||||
install-man: install-man8
|
|
||||||
|
|
||||||
install-pdf: install-pdf-am
|
|
||||||
|
|
||||||
install-pdf-am:
|
|
||||||
|
|
||||||
install-ps: install-ps-am
|
|
||||||
|
|
||||||
install-ps-am:
|
|
||||||
|
|
||||||
installcheck-am:
|
|
||||||
|
|
||||||
maintainer-clean: maintainer-clean-am
|
|
||||||
-rm -f Makefile
|
|
||||||
maintainer-clean-am: distclean-am maintainer-clean-generic
|
|
||||||
|
|
||||||
mostlyclean: mostlyclean-am
|
|
||||||
|
|
||||||
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
|
|
||||||
|
|
||||||
pdf: pdf-am
|
|
||||||
|
|
||||||
pdf-am:
|
|
||||||
|
|
||||||
ps: ps-am
|
|
||||||
|
|
||||||
ps-am:
|
|
||||||
|
|
||||||
uninstall-am: uninstall-docDATA uninstall-man
|
|
||||||
|
|
||||||
uninstall-man: uninstall-man8
|
|
||||||
|
|
||||||
.MAKE: install-am install-strip
|
|
||||||
|
|
||||||
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
|
|
||||||
cscopelist-am ctags-am distclean distclean-generic \
|
|
||||||
distclean-libtool distdir dvi dvi-am html html-am info info-am \
|
|
||||||
install install-am install-data install-data-am \
|
|
||||||
install-docDATA install-dvi install-dvi-am install-exec \
|
|
||||||
install-exec-am install-html install-html-am install-info \
|
|
||||||
install-info-am install-man install-man8 install-pdf \
|
|
||||||
install-pdf-am install-ps install-ps-am install-strip \
|
|
||||||
installcheck installcheck-am installdirs maintainer-clean \
|
|
||||||
maintainer-clean-generic mostlyclean mostlyclean-generic \
|
|
||||||
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
|
|
||||||
uninstall-am uninstall-docDATA uninstall-man uninstall-man8
|
|
||||||
|
|
||||||
.PRECIOUS: Makefile
|
|
||||||
|
|
||||||
|
|
||||||
.pod.in.8.in:
|
|
||||||
pod2man -u -n stunnel -s 8 -r $(VERSION) \
|
|
||||||
-c "stunnel TLS Proxy" -d `date +%Y.%m.%d` $< $@
|
|
||||||
|
|
||||||
.pod.in.html.in:
|
|
||||||
pod2html --index --backlink --header \
|
|
||||||
--title "stunnel TLS Proxy" --infile=$< --outfile=$@
|
|
||||||
rm -f pod2htmd.tmp pod2htmi.tmp
|
|
||||||
|
|
||||||
$(man_MANS) $(doc_DATA): Makefile
|
|
||||||
$(edit) '$(srcdir)/$@.in' >$@
|
|
||||||
|
|
||||||
stunnel.8: $(srcdir)/stunnel.8.in
|
|
||||||
stunnel.html: $(srcdir)/stunnel.html.in
|
|
||||||
stunnel.pl.8: $(srcdir)/stunnel.pl.8.in
|
|
||||||
stunnel.pl.html: $(srcdir)/stunnel.pl.html.in
|
|
||||||
|
|
||||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
|
||||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
|
||||||
.NOEXPORT:
|
|
@ -1,190 +0,0 @@
|
|||||||
<!-- saved from url=(0022)http://internet.e-mail -->
|
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
||||||
<HTML>
|
|
||||||
<HEAD>
|
|
||||||
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=iso-8859-1">
|
|
||||||
<TITLE></TITLE>
|
|
||||||
<META NAME="GENERATOR" CONTENT="StarOffice/5.2 (Win32)">
|
|
||||||
<META NAME="CREATED" CONTENT="20010220;7501784">
|
|
||||||
<META NAME="CHANGED" CONTENT="16010101;0">
|
|
||||||
<STYLE>
|
|
||||||
<!--
|
|
||||||
@page { margin: 2cm }
|
|
||||||
-->
|
|
||||||
</STYLE>
|
|
||||||
</HEAD>
|
|
||||||
<BODY>
|
|
||||||
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT SIZE=4 STYLE="font-size: 16pt"><U><B>VNC
|
|
||||||
over STUNNEL with a Linux server and Windows 2000 client HOWTO</B></U></FONT></P>
|
|
||||||
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">19 February 2001</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">ver 1.0</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">by Craig Furter and Arno van der Walt</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">contact us at <A HREF="mailto:cfurter@vexen.co.za">cfurter@vexen.co.za</A>
|
|
||||||
and <A HREF="mailto:arnovdw@mycomax.com">arnovdw@mycomax.com</A></P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">We assume that you have already
|
|
||||||
downloaded VNCServer and VNCViewer.</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">First of all there is a step by step
|
|
||||||
HOWTO and then we'll look at the theory behind all this.</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">Download and install OpenSSL,
|
|
||||||
SSLeay, and Stunnel on the Linux/Unix box. Download the modules.</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">a)
|
|
||||||
[root@anthrax$]gunzip openssl-x.xx.tar.gz (repeat for all 3 the
|
|
||||||
modules)</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">b)
|
|
||||||
[root@anthrax$]tar – xvf openssl-x.xx.tar (repeat for all 3 the
|
|
||||||
modules)</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">Copy the following to Notepad and
|
|
||||||
save the file as VNCRegEdit.REG on the Windows 2000 box</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">--cut here and copy
|
|
||||||
to VNCRegEdit.REG then double click the file to
|
|
||||||
import--<BR>REGEDIT4<BR><BR>[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]<BR>AllowLoopback=dword:00000001<BR><BR>[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default]<BR>AllowLoopback=dword:00000001<BR>--stop
|
|
||||||
here--<BR><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">Install Stunnel on the Windows
|
|
||||||
2000 machine by copying the following files to your \WINNT\SYSTEM32\
|
|
||||||
directory</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">a)libeay32.dll</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">b)libssl.dll</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">c)stunnel.pem</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">On the Linux box execute the
|
|
||||||
following command as root and let it run in its own terminal.</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">./stunnel -d 5900
|
|
||||||
-r 5901</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">Execute vncserver (it should run
|
|
||||||
as display:1 when you execute the ps aux |grep vnc command)</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">Now on the Windows 2000 machine
|
|
||||||
execute the following command and let it run in its own terminal.</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">stunnel -d 5900 -r
|
|
||||||
unix.ip.address:5900 -c</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">.</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">And on the Windows 2000 machine
|
|
||||||
open VNCviewer and connect to localhost specifying no display</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">ie. 10.10.1.53 in
|
|
||||||
the window</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">For each additional display repeat
|
|
||||||
steps 4 – 6 and increment the specified ports with 2 ie. The
|
|
||||||
Linux command will look as follows:</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> ./stunnel -d 5902
|
|
||||||
-r 5903
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">and the Windows
|
|
||||||
2000 command as follows:
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">stunnel -d 5902 -r
|
|
||||||
unix.ip.address:5902</P>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">and remember to
|
|
||||||
start another vncserver on the Linux box for each VNC display</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<OL>
|
|
||||||
<LI><P STYLE="margin-bottom: 0cm">The display number on the
|
|
||||||
vncviewer must also be incremented with two ie:</P>
|
|
||||||
</OL>
|
|
||||||
<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm">10.10.1.53:2 etc.</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><FONT SIZE=4><U>The THEORY</U></FONT></P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><U>Tunneling:</U></P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">What this means is that software
|
|
||||||
(daemon) runs on the client and server machine. In this case, the
|
|
||||||
Windows 2000 machine is the client and the server is the *NIX
|
|
||||||
machine. Stunnel will then run as client on Windows 2000 and server
|
|
||||||
mode on the UNIX box.<BR><BR>eg:<BR>Windows:<BR>stunnel -d 5900 -r
|
|
||||||
unix.ip.address:5900 -c<BR><BR>UNIX<BR>stunnel -d 5900 -r 5901<BR><BR>This
|
|
||||||
means that connecting to VNC display 0 in the localhost will transfer
|
|
||||||
all the calls to the *NIX machine on display 1. So the VNC server on
|
|
||||||
the *NIX machine must be running on display 1. Not display 0. If you
|
|
||||||
run stunnel before VNC, VNC will automatically move to display 1
|
|
||||||
noticing that port 5900 ("display" 0) is already in
|
|
||||||
use).<BR><BR>What happens now is that when you connect to port 5900
|
|
||||||
on the Windows machine via an "unsecured" connection, a
|
|
||||||
secure "tunnel" is opened from Windows 2000 to the *NIX
|
|
||||||
machine on port 5900. The *NIX machine then opens a "unsecured"
|
|
||||||
connection to itself on port 5901. We now have a secure tunnel
|
|
||||||
available.</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><U>A bit about VNC and displays</U></P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">The -d is the listening IPaddress:port
|
|
||||||
and the -r is the remote IPaddress:port. VNC uses port 5900 for
|
|
||||||
display 0. That means that display 1 will be 5901. If you want VNC
|
|
||||||
server to listen for a connection on port 80 then the display number
|
|
||||||
will be 80 - 5900 = -5820. If you want VNC server to<BR>listen on
|
|
||||||
port 14000 then the display number is 14000 - 5900 = 8100.<BR><BR>So
|
|
||||||
all you have to do is run stunnel on the UNIX machine and VNC on the
|
|
||||||
desired "display" number.</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><U>VNC on the Windows 2000 machine</U></P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">To connect from the client machine you
|
|
||||||
need to enter the client machine's IP address and the "display"
|
|
||||||
(from the port conversion). But VNC will think that you are trying to
|
|
||||||
connect to the local machine and does not allow this. To override
|
|
||||||
this add the following to your registry.<BR><BR>--cut here and copy to
|
|
||||||
anything.reg. then double click the file to
|
|
||||||
import--<BR>REGEDIT4<BR><BR>[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]<BR>AllowLoopback=dword:00000001<BR><BR>[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default]<BR>AllowLoopback=dword:00000001<BR>--stop
|
|
||||||
here--<BR><BR>Now VNC will not complain. So you need to always run
|
|
||||||
stunnel in client mode on the Windows machine and then connect with
|
|
||||||
VNCViewer to the localhost on the correct "display". By the
|
|
||||||
way, *NIX doesn't complain about this. There is no setting needed if
|
|
||||||
*NIX to *NIX.</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><U>VNC's Java client</U></P>
|
|
||||||
<P STYLE="margin-bottom: 0cm"><BR>
|
|
||||||
</P>
|
|
||||||
<P STYLE="margin-bottom: 0cm">Unfortunately this will not work well
|
|
||||||
with the built-in web version. If you did not known about it, try
|
|
||||||
http'ing into a machine running VNC server on it, to port 58XX (where
|
|
||||||
XX is the display number), and the Java client will be loaded.<BR><BR>
|
|
||||||
</P>
|
|
||||||
</BODY>
|
|
||||||
</HTML>
|
|
@ -1,143 +0,0 @@
|
|||||||
<HTML>
|
|
||||||
<HEAD>
|
|
||||||
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-2">
|
|
||||||
<TITLE>Gdy pojawiają się kłopoty</TITLE>
|
|
||||||
</HEAD>
|
|
||||||
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000EF" VLINK="#51188E" ALINK="#FF0000">
|
|
||||||
<B>Q: </B>Próbuje kompilować stunnel jednak dostaje
|
|
||||||
następujące komunikaty:
|
|
||||||
<BR>stunnel.c:69: ssl.h: No such file or directory
|
|
||||||
<BR>stunnel.c:71: bio.h: No such file or directory
|
|
||||||
<BR>stunnel.c:72: pem.h: No such file or directory
|
|
||||||
<BR>make: *** [stunnel.o] Error 1
|
|
||||||
|
|
||||||
<P><B>A:</B> Są dwie prawdopodobne przyczyny: nie masz zainstalowanego
|
|
||||||
w systemie pakietu SSLeay lub pakiet nie znajduje sie w miejscu domyślnym
|
|
||||||
czyli<B> /usr/local/ssl. </B>Należy zainstalować SSLeay lub też poprawić
|
|
||||||
Makefile tak by ścieżka była prawidłowa.
|
|
||||||
<BR>
|
|
||||||
<HR WIDTH="100%">
|
|
||||||
<BR><B>Q:</B> Próbuje uruchomić stunnel jako wrapper dla httpd. Po
|
|
||||||
wydaniu komendy: <B>stunnel 443 @localhost:80</B> demon się nie uruchamia
|
|
||||||
a w syslogu pojawia się komunikat "<B>stunnel[2481]: getpeername: Socket
|
|
||||||
operation on non-socket (88)"</B><B></B>
|
|
||||||
|
|
||||||
<P><B>A</B>: Jest to błąd charakterystyczny dla Linuxa. Należy w pliku
|
|
||||||
stunnel.c zmienić linię<B> #define INET_SOCKET_PAIR 1</B> na
|
|
||||||
<BR><B>#define INET_SOCKET_PAIR 0</B> i zrekompilować program ponownie.
|
|
||||||
<BR>
|
|
||||||
<HR WIDTH="100%">
|
|
||||||
<BR><B>Q:</B> Stunnel nadal się nie uruchamia a w syslogu pojawia się komunikat
|
|
||||||
"<B>stunnel[2525]: /usr/local/ssl/certs/localhost:80.pem: No such file
|
|
||||||
or directory (2)</B>"<B></B>
|
|
||||||
|
|
||||||
<P><B>A:</B> Nie posiadasz odpowiedniego certyfikatu dla demona. Stunnel
|
|
||||||
w celu poprawnego działania <B>MUSI</B> posiadać certyfikat. W celu wygenerowania
|
|
||||||
odpowiedniego certyfikatu należy wydać komende: <B>/usr/local/ssl/bin/ssleay
|
|
||||||
req -new -x509 -nodes -out server.pem -days 365 -keyout server.pem</B>
|
|
||||||
bądź też użyć <B>Makefile</B> dołączonego do programu stunnel i przy pomocy
|
|
||||||
komendy <B>make cert </B>stworzyć certyfikat. Tak utworzony certyfikat (server.pem)
|
|
||||||
należy umieścić w katalogu <B>/usr/local/ssl/certs</B> i utworzyć doń odpowiednie
|
|
||||||
linki lub zmieć nazwę certyfikatu na wymaganą przez stunnel.
|
|
||||||
<BR>
|
|
||||||
<HR WIDTH="100%">
|
|
||||||
<BR><B>Q:</B> Wygenerowałem odpowiedni certyfikat przy pomocy skryptu CA.sh,
|
|
||||||
a stunnel <B>przy starcie prosi o podanie hasła</B>. Jak można przekazać
|
|
||||||
hasło zabezpieczające certyfikat do programu ?<B></B>
|
|
||||||
|
|
||||||
<P><B>A:</B> W chwili obecnej jest to niemożliwe. Certyfikaty którymi posługuje
|
|
||||||
sie stunnel nie mogą być zabezpieczane hasłem. Przy tworzeniu certyfikatu
|
|
||||||
należy użyć opcji -nodes (lub utworzyć certyfikat przy pomocy makefile
|
|
||||||
odstarczonego z programem).
|
|
||||||
<BR>
|
|
||||||
<HR WIDTH="100%">
|
|
||||||
<BR><B>Q:</B> Po uruchomieniu programu stunnel w syslogu pojawia się komunikat:
|
|
||||||
"<B>stunnel[2805]: WARNING: Wrong permissions on /usr/local/ssl/certs/localhost:80.pem</B>".
|
|
||||||
Co jest nie tak ?<B></B>
|
|
||||||
|
|
||||||
<P><B>A:</B> To tylko ostrzeżenie ! Certyfikat nie powien dać się odczytać
|
|
||||||
przez innych użytkowników systemu. Prawidłowe prawa dostępu powinny być
|
|
||||||
następujące: <B>-rw------ 1 root root
|
|
||||||
1370 Nov 8 1997 server.pem </B>(jeśli uruchamiającym stunnel jest
|
|
||||||
root).
|
|
||||||
<BR>
|
|
||||||
<HR WIDTH="100%">
|
|
||||||
<BR><B>Q:</B> Probowałem zrobić tunelowanie połączenia do demona <B>pop3</B>.
|
|
||||||
Pomimo zrobienia prawidłowego wpisu do inetd.conf
|
|
||||||
<BR>"spop3 stream tcp nowait root /usr/sbin/stunnel
|
|
||||||
qpopper -s" stunnel nie działa a w syslogu pojawia się komunikat:
|
|
||||||
<BR><B>inetd[2949]: spop3/tcp: unknown service.</B><B></B>
|
|
||||||
|
|
||||||
<P><B>A: </B>Nie zrobiłeś dodatkowych wpisów do pliku <B>/etc/services.</B>
|
|
||||||
Zgodnie z rfc???? prawidłowymi portami na których działają demony posługujące
|
|
||||||
się SSL są:
|
|
||||||
<TABLE>
|
|
||||||
<TR>
|
|
||||||
<TD>https</TD>
|
|
||||||
|
|
||||||
<TD>443/tcp</TD>
|
|
||||||
|
|
||||||
<TD># HTTP over SSL </TD>
|
|
||||||
</TR>
|
|
||||||
|
|
||||||
<TR>
|
|
||||||
<TD>ssmtp</TD>
|
|
||||||
|
|
||||||
<TD>465/tcp</TD>
|
|
||||||
|
|
||||||
<TD># SMTP over SSL </TD>
|
|
||||||
</TR>
|
|
||||||
|
|
||||||
<TR>
|
|
||||||
<TD>snews</TD>
|
|
||||||
|
|
||||||
<TD>563/tcp</TD>
|
|
||||||
|
|
||||||
<TD># NNTP over SSL </TD>
|
|
||||||
</TR>
|
|
||||||
|
|
||||||
<TR>
|
|
||||||
<TD>ssl-ldap</TD>
|
|
||||||
|
|
||||||
<TD>636/tcp</TD>
|
|
||||||
|
|
||||||
<TD># LDAP over SSL </TD>
|
|
||||||
</TR>
|
|
||||||
|
|
||||||
<TR>
|
|
||||||
<TD>simap</TD>
|
|
||||||
|
|
||||||
<TD>993/tcp</TD>
|
|
||||||
|
|
||||||
<TD># IMAP over SSL </TD>
|
|
||||||
</TR>
|
|
||||||
|
|
||||||
<TR>
|
|
||||||
<TD>spop3</TD>
|
|
||||||
|
|
||||||
<TD>995/tcp</TD>
|
|
||||||
|
|
||||||
<TD># POP-3 over SSL </TD>
|
|
||||||
</TR>
|
|
||||||
</TABLE>
|
|
||||||
Jeśli nie chesz robić poprawek zamiast nazwy serwisu użyj numeru portu
|
|
||||||
na którym on działa.
|
|
||||||
<BR>
|
|
||||||
<HR WIDTH="100%">
|
|
||||||
<BR><B>Q:</B> Dobrze, zrobiłem wymagany wpis lecz w dalszym ciagu stunnel
|
|
||||||
nie działa, natomiast w syslogu pojawia sie wpis:
|
|
||||||
<BR> <B>stunnel[3015]: execvp: No such file or directory (2). </B>Co
|
|
||||||
jeszcze jest nie tak ?<B></B>
|
|
||||||
|
|
||||||
<P><B>A:</B> Prawdopodone są dwie przyczyny: pierwsza w twoim systemie
|
|
||||||
nie ma demona dla ktorego zrobiłeś wpis w inetd.conf,
|
|
||||||
<BR>(spop3 stream tcp nowait root /usr/sbin/stunnel
|
|
||||||
qpopper -s) lub też dany program jest w systemie, jednak ścieżka dostępu
|
|
||||||
do niego nie jest wymieniona w zmiennej systemowej <B>$PATH</B>. Należy
|
|
||||||
więc poprawić zapis w inetd.conf uzupełniając o pełna ścieżke dostępu do
|
|
||||||
demona np. <B>spop3 stream tcp nowait root
|
|
||||||
/usr/sbin/stunnel /usr/sbin/qpopper -s</B>
|
|
||||||
<BR>
|
|
||||||
<BR>
|
|
||||||
</BODY>
|
|
||||||
</HTML>
|
|
@ -1,744 +0,0 @@
|
|||||||
<HTML>
|
|
||||||
<HEAD>
|
|
||||||
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-2">
|
|
||||||
<META NAME="Author" CONTENT="Adam Hernik">
|
|
||||||
<TITLE>Wszystko co powiniene¶ wiedzieæ o tworzeniu certyfikatów ale nie chce Ci siê poszukaæ w dokumentacji</TITLE>
|
|
||||||
</HEAD>
|
|
||||||
<BODY TEXT="#000000" BGCOLOR="#CCCCCC" LINK="#0000EF" VLINK="#51188E" ALINK="#FF0000">
|
|
||||||
|
|
||||||
<CENTER>
|
|
||||||
<H1>
|
|
||||||
<FONT SIZE=+2>Wszystko co powiniene¶ wiedzieæ o tworzeniu certyfikatów
|
|
||||||
ale nie chce Ci siê</FONT></H1></CENTER>
|
|
||||||
|
|
||||||
<CENTER>
|
|
||||||
<H1>
|
|
||||||
<FONT SIZE=+2>poszukaæ w dokumentacji.</FONT></H1></CENTER>
|
|
||||||
|
|
||||||
|
|
||||||
<P><B><FONT SIZE=+1>Co powinno znajdowaæ siê na Twoim dysku zamin zostaniesz
|
|
||||||
"Certificate Authorities".</FONT></B>
|
|
||||||
|
|
||||||
<P>Podstawowym oprogramowaniem jest oczywi¶cie <A HREF="http://www.openssl.org">openssl</A>.
|
|
||||||
W tym miejscu nale¿y zachowaæ czujno¶æ
|
|
||||||
<BR>bo openssl <B>MUSI</B> byæ co najmniej w wersji 0.9.2b dziêki czemu
|
|
||||||
ominie Ciê czê¶æ karko³omnych
|
|
||||||
<BR>operacji przy pomocy <A HREF="http://www.drh-consultancy.demon.co.uk">pcks12</A>
|
|
||||||
ktory tak¿e musisz posiadaæ w swoich zasobach dyskowych.
|
|
||||||
<BR>Je¶li masz ju¿ zainstalowane powy¿sze oprogramowanie mo¿esz zacz±æ
|
|
||||||
tworzyæ certyfikaty.
|
|
||||||
|
|
||||||
<P><B><FONT SIZE=+1>Konfiguracja openssl.</FONT></B>
|
|
||||||
|
|
||||||
<P>Zak³adam ze openssl jest zainstalowany standardowo czyli w <B>/usr/local/ssl</B>.
|
|
||||||
Pierwszym krokiem jest
|
|
||||||
<BR>przejrzenie i "dokonfigurowanie" <B>/usr/local/ssl/lib/openssl.cnf</B>.
|
|
||||||
Mój domowy konfig wygl±da nastêpuj±co
|
|
||||||
<BR>(kolorem czerwonym zaznaczylem opcje które raczej powiniene¶ zmieniæ)
|
|
||||||
:
|
|
||||||
<BR><FONT SIZE=-2><A HREF="#koniec openssl.cnf">je¶li nie chce Ci siê tego
|
|
||||||
czytaæ to skocz na koniec konfiga</A></FONT>
|
|
||||||
|
|
||||||
<P><I>#</I>
|
|
||||||
<BR><I># OpenSSL example configuration file.</I>
|
|
||||||
<BR><I># This is mostly being used for generation of certificate requests.</I>
|
|
||||||
<BR><I>#</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>RANDFILE
|
|
||||||
= $ENV::HOME/.rnd</I>
|
|
||||||
<BR><I>oid_file
|
|
||||||
= $ENV::HOME/.oid</I>
|
|
||||||
<BR><I>oid_section
|
|
||||||
= new_oids</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>[ new_oids ]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># We can add new OIDs in here for use by 'ca' and 'req'.</I>
|
|
||||||
<BR><I># Add a simple OID like this:</I>
|
|
||||||
<BR><I># testoid1=1.2.3.4</I>
|
|
||||||
<BR><I># Or use config file substitution like this:</I>
|
|
||||||
<BR><I># testoid2=${testoid1}.5.6</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>####################################################################</I>
|
|
||||||
<BR><I>[ ca ]</I>
|
|
||||||
<BR><I>default_ca = CA_default
|
|
||||||
# The default ca section</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>####################################################################</I>
|
|
||||||
<BR><I>[ CA_default ]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>dir
|
|
||||||
= ./demoCA
|
|
||||||
# Where everything is kept</I>
|
|
||||||
<BR><I>certs
|
|
||||||
= $dir/certs
|
|
||||||
# Where the issued certs are kept</I>
|
|
||||||
<BR><I>crl_dir = $dir/crl
|
|
||||||
# Where the issued crl are kept</I>
|
|
||||||
<BR><I>database = $dir/index.txt
|
|
||||||
# database index file.</I>
|
|
||||||
<BR><I>new_certs_dir = $dir/newcerts
|
|
||||||
# default place for new certs.</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>certificate = $dir/cacert.pem
|
|
||||||
# The CA certificate</I>
|
|
||||||
<BR><I>serial = $dir/serial
|
|
||||||
# The current serial number</I>
|
|
||||||
<BR><I>crl
|
|
||||||
= $dir/crl.pem #
|
|
||||||
The current CRL</I>
|
|
||||||
<BR><I>private_key = $dir/private/cakey.pem# The
|
|
||||||
private key</I>
|
|
||||||
<BR><I>RANDFILE = $dir/private/.rand
|
|
||||||
# private random number file</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>x509_extensions = usr_cert
|
|
||||||
# The extensions to add to the cert</I>
|
|
||||||
<BR><I>crl_extensions = crl_ext
|
|
||||||
# Extensions to add to CRL</I>
|
|
||||||
<BR><I>default_days = 365
|
|
||||||
# how long to certify for</I>
|
|
||||||
<BR><I>default_crl_days= 30
|
|
||||||
# how long before next CRL</I>
|
|
||||||
<BR><I>default_md = md5
|
|
||||||
# which md to use.</I>
|
|
||||||
<BR><I>preserve = no
|
|
||||||
# keep passed DN ordering</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># A few difference way of specifying how similar the request should
|
|
||||||
look</I>
|
|
||||||
<BR><I># For type CA, the listed attributes must be the same, and the optional</I>
|
|
||||||
<BR><I># and supplied fields are just that :-)</I>
|
|
||||||
<BR><I>policy = policy_match</I>
|
|
||||||
<BR><I># For the CA policy</I>
|
|
||||||
<BR><I>[ policy_match ]</I>
|
|
||||||
<BR><I>countryName
|
|
||||||
= match</I>
|
|
||||||
<BR><I>stateOrProvinceName = match</I>
|
|
||||||
<BR><I>organizationName = match</I>
|
|
||||||
<BR><I>organizationalUnitName = optional</I>
|
|
||||||
<BR><I>commonName
|
|
||||||
= supplied</I>
|
|
||||||
<BR><I>emailAddress
|
|
||||||
= optional</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># For the 'anything' policy</I>
|
|
||||||
<BR><I># At this point in time, you must list all acceptable 'object'</I>
|
|
||||||
<BR><I># types.</I>
|
|
||||||
<BR><I>[ policy_anything ]</I>
|
|
||||||
<BR><I>countryName
|
|
||||||
= optional</I>
|
|
||||||
<BR><I>stateOrProvinceName = optional</I>
|
|
||||||
<BR><I>localityName
|
|
||||||
= optional</I>
|
|
||||||
<BR><I>organizationName = optional</I>
|
|
||||||
<BR><I>organizationalUnitName = optional</I>
|
|
||||||
<BR><I>commonName
|
|
||||||
= supplied</I>
|
|
||||||
<BR><I>emailAddress
|
|
||||||
= optional</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>####################################################################</I>
|
|
||||||
<BR><A NAME="req"></A><I>[ req ]</I>
|
|
||||||
<BR><I>default_bits
|
|
||||||
= <FONT COLOR="#FF0000">1024</FONT></I>
|
|
||||||
<BR><I>default_keyfile
|
|
||||||
= privkey.pem</I>
|
|
||||||
<BR><I>distinguished_name = req_distinguished_name</I>
|
|
||||||
<BR><I>attributes
|
|
||||||
= req_attributes</I>
|
|
||||||
<BR><I>x509_extensions = v3_ca # The extensions to add to the self signed
|
|
||||||
cert</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>[ req_distinguished_name ]</I>
|
|
||||||
<BR><I>countryName
|
|
||||||
= Country Name (2 letter code)</I>
|
|
||||||
<BR><I>countryName_default
|
|
||||||
= <FONT COLOR="#FF0000">PL</FONT></I>
|
|
||||||
<BR><I>countryName_min
|
|
||||||
= 2</I>
|
|
||||||
<BR><I>countryName_max
|
|
||||||
= 2</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>stateOrProvinceName
|
|
||||||
= State i Prowincja</I>
|
|
||||||
<BR><I>stateOrProvinceName_default = <FONT COLOR="#FF0000">State-Prowincja
|
|
||||||
domyslna</FONT></I>
|
|
||||||
<BR><I>localityName
|
|
||||||
= Locality Name (eg, city)</I>
|
|
||||||
<BR><I>localityName_default
|
|
||||||
= <FONT COLOR="#FF0000">Lodz</FONT></I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>0.organizationName
|
|
||||||
= Organization Name (eg, company)</I>
|
|
||||||
<BR><I>0.organizationName_default = <FONT COLOR="#FF0000">Nawza
|
|
||||||
Organizacji</FONT></I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># we can do this but it is not needed normally :-)</I>
|
|
||||||
<BR><I>#1.organizationName
|
|
||||||
= Second Organization Name (eg, company)</I>
|
|
||||||
<BR><I>#1.organizationName_default = World Wide
|
|
||||||
Web Pty Ltd</I>
|
|
||||||
<BR><I>organizationalUnitName
|
|
||||||
= Organizational Unit Name (eg, section)</I>
|
|
||||||
<BR><I>organizationalUnitName_default = <FONT COLOR="#FF0000">Unit
|
|
||||||
name domyslny</FONT></I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>commonName
|
|
||||||
= Common Name (eg, YOUR name)</I>
|
|
||||||
<BR><I>commonName_max
|
|
||||||
= 64</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>emailAddress
|
|
||||||
= Email Address</I>
|
|
||||||
<BR><I>emailAddress_max
|
|
||||||
= 40</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># SET-ex3
|
|
||||||
= SET extension number 3</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>[ req_attributes ]</I>
|
|
||||||
<BR><I>challengePassword
|
|
||||||
= A challenge password</I>
|
|
||||||
<BR><I>challengePassword_min = 4</I>
|
|
||||||
<BR><I>challengePassword_max = 20</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>unstructuredName
|
|
||||||
= An optional company name</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><A NAME="usr_cert"></A><I>[ usr_cert ]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># These extensions are added when 'ca' signs a request.</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># This goes against PKIX guidelines but some CAs do it and some
|
|
||||||
software</I>
|
|
||||||
<BR><I># requires this to avoid interpreting an end user certificate as
|
|
||||||
a CA.</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>basicConstraints=CA:FALSE</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># Here are some examples of the usage of nsCertType. If it is omitted</I>
|
|
||||||
<BR><I># the certificate can be used for anything *except* object signing.</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><A NAME="server"></A><I># This is OK for an SSL server.</I>
|
|
||||||
<BR><I><FONT COLOR="#006600">#nsCertType
|
|
||||||
= server</FONT></I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># For an object signing certificate this would be used.</I>
|
|
||||||
<BR><I>#nsCertType = objsign</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><A NAME="klient"></A><I># For normal client use this is typical</I>
|
|
||||||
<BR><I><FONT COLOR="#006600">nsCertType = client, email</FONT></I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># This is typical also</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>keyUsage = nonRepudiation, digitalSignature, keyEncipherment</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>nsComment
|
|
||||||
= "<FONT COLOR="#FF0000">OpenSSL Generated Certificate</FONT>"</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># PKIX recommendations</I>
|
|
||||||
<BR><I>subjectKeyIdentifier=hash</I>
|
|
||||||
<BR><I>authorityKeyIdentifier=keyid,issuer:always</I>
|
|
||||||
<BR><I># Import the email address.</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>subjectAltName=email:copy</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># Copy subject details</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>issuerAltName=issuer:copy</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>#nsCaRevocationUrl
|
|
||||||
= http://www.domain.dom/ca-crl.pem</I>
|
|
||||||
<BR><I>#nsBaseUrl</I>
|
|
||||||
<BR><I>#nsRevocationUrl</I>
|
|
||||||
<BR><I>#nsRenewalUrl</I>
|
|
||||||
<BR><I>#nsCaPolicyUrl</I>
|
|
||||||
<BR><I>#nsSslServerName</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>[ v3_ca]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># Extensions for a typical CA</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># It's a CA certificate</I>
|
|
||||||
<BR><I>basicConstraints = CA:true</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># PKIX recommendation.</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>subjectKeyIdentifier=hash</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>authorityKeyIdentifier=keyid:always,issuer:always</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># This is what PKIX recommends but some broken software chokes on
|
|
||||||
critical</I>
|
|
||||||
<BR><I># extensions.</I>
|
|
||||||
<BR><I>#basicConstraints = critical,CA:true</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># Key usage: again this should really be critical.</I>
|
|
||||||
<BR><I>keyUsage = cRLSign, keyCertSign</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># Some might want this also</I>
|
|
||||||
<BR><I>nsCertType = sslCA, emailCA, objCA</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># Include email address in subject alt name: another PKIX recommendation</I>
|
|
||||||
<BR><I>subjectAltName=email:copy</I>
|
|
||||||
<BR><I># Copy issuer details</I>
|
|
||||||
<BR><I>issuerAltName=issuer:copy</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># RAW DER hex encoding of an extension: beware experts only!</I>
|
|
||||||
<BR><I># 1.2.3.5=RAW:02:03</I>
|
|
||||||
<BR><I># You can even override a supported extension:</I>
|
|
||||||
<BR><I># basicConstraints= critical, RAW:30:03:01:01:FF</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>[ crl_ext ]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># CRL extensions.</I>
|
|
||||||
<BR><I># Only issuerAltName and authorityKeyIdentifier make any sense in
|
|
||||||
a CRL.</I>
|
|
||||||
|
|
||||||
<P><I>issuerAltName=issuer:copy</I>
|
|
||||||
<BR><I>authorityKeyIdentifier=keyid:always,issuer:always</I>
|
|
||||||
<BR>################################################################################
|
|
||||||
<BR>########## koniec pliku openssl.cnf
|
|
||||||
|
|
||||||
<P><A NAME="koniec openssl.cnf"></A>Jak widaæ zmiany s± praktycznie kosmetyczne.
|
|
||||||
Nale¿y zwrócic jedynie uwagê na opcjê <A HREF="#req">default_bits</A> w
|
|
||||||
sekcji req.
|
|
||||||
<BR>W momencie generowania certyfikatu CA powinna mieæ ona warto¶æ 1024
|
|
||||||
lub wiêcej, natomiast w trakcie tworzenia
|
|
||||||
<BR>certyfikatów klienckich winno mieæ siê na uwadze wredn± cechê produktów
|
|
||||||
M$ dostêpnych poza granicami USA.
|
|
||||||
<BR>Nie s± one w stanie zaimportowaæ kluczy maj±cych wiêcej ni¿ 512 bitów.
|
|
||||||
W takim przypadku default_bits nale¿y
|
|
||||||
<BR>zmniejszyæ do tej warto¶ci. Je¶li chodzi o Netscapa konieczno¶æ taka
|
|
||||||
nie wystêpuje, nawet gdy nie jest on
|
|
||||||
<BR>patchowany przy pomocy <A HREF="http://www.fortify.net/">Fortify</A>.
|
|
||||||
Jednak¿e klucz nie powinien byæ wiêkszy ni¿ 1024 bity.
|
|
||||||
|
|
||||||
<P><B><FONT SIZE=+1>Generowanie certyfikatu CA</FONT></B>
|
|
||||||
|
|
||||||
<P>Pierwszy± czynno¶ci± jak± nale¿y wykonaæ jest wygenerowanie certyfikatu
|
|
||||||
CA czyli czego¶ czym bêd±
|
|
||||||
<BR>podpiswane certyfikaty udostêpniane klientom. Uruchom rxvt lub co¶
|
|
||||||
innego i wykonaj polecenie:
|
|
||||||
|
|
||||||
<P><I>adas:~# <B>cd /usr/local/ssl/bin</B></I>
|
|
||||||
<BR><I>adas:/usr/local/ssl/bin# <B>./CA.pl -newca</B></I>
|
|
||||||
|
|
||||||
<P><I>CA certificate filename (or enter to create)</I>
|
|
||||||
|
|
||||||
<P><I>Making CA certificate ...</I>
|
|
||||||
<BR><I>Using configuration from /usr/local/ssl/lib/openssl.cnf</I>
|
|
||||||
<BR><I>Generating a 1024 bit RSA private key</I>
|
|
||||||
<BR><I>..+++++</I>
|
|
||||||
<BR><I>....+++++</I>
|
|
||||||
<BR><I>writing new private key to './demoCA/private/cakey.pem'</I>
|
|
||||||
<BR><A NAME="pem_pass"></A><I><FONT COLOR="#009900">Enter PEM pass phrase:</FONT></I>
|
|
||||||
<BR><I><FONT COLOR="#009900">Verifying password - Enter PEM pass phrase:</FONT></I>
|
|
||||||
<BR><I>-----</I>
|
|
||||||
<BR><I>You are about to be asked to enter information that will be incorporated</I>
|
|
||||||
<BR><I>into your certificate request.</I>
|
|
||||||
<BR><I>What you are about to enter is what is called a Distinguished Name
|
|
||||||
or a DN.</I>
|
|
||||||
<BR><I>There are quite a few fields but you can leave some blank</I>
|
|
||||||
<BR><I>For some fields there will be a default value,</I>
|
|
||||||
<BR><I>If you enter '.', the field will be left blank.</I>
|
|
||||||
<BR><I>-----</I>
|
|
||||||
<BR><I>Country Name (2 letter code) [PL]:</I>
|
|
||||||
<BR><I>State i Prowincja [Kraina Bezrobotnych Szwaczek]:</I>
|
|
||||||
<BR><I>Locality Name (eg, city) [Lodz]:</I>
|
|
||||||
<BR><I>Organization Name (eg, company) [Instytut Badan Czarow i Magii]:</I>
|
|
||||||
<BR><I>Organizational Unit Name (eg, section) [Komorka d/s Egzorcyzmow
|
|
||||||
i Opentan]:</I>
|
|
||||||
<BR><I>Common Name (eg, YOUR name) []:Adam Hernik</I>
|
|
||||||
<BR><I>Email Address []:adas@infocentrum.com</I>
|
|
||||||
|
|
||||||
<P><I>adas:/usr/local/ssl/bin#</I>
|
|
||||||
|
|
||||||
<P>Skrypt CA.pl uruchomiony poraz pierwszy tworzy w /usr/local/ssl/bin
|
|
||||||
katalog o nazwie demoCA w którym znajduje siê
|
|
||||||
<BR>wygenerowany przed chwil± certyfikat publiczny <B>cacert.pem</B> (do³±czany
|
|
||||||
pó¿niej do certyfikatów klienckich) oraz tajny
|
|
||||||
<BR>zabezpieczony <A HREF="#pem_pass">has³em</A> klucz <B>cakey.pem</B>
|
|
||||||
którym bêdziesz podpisywa³ certyfikaty wydawane u¿ytkownikom. Klucz i has³o
|
|
||||||
<BR>oczywi¶cie nale¿y dobrze chroniæ i najlepiej jest gdy znajduje siê
|
|
||||||
na serwerze tylko w momencie generowania certyfikatu.
|
|
||||||
<BR>Ponowne uruchomienie CA.pl z parametrem -newca niszczy to co pracowicie
|
|
||||||
stworzy³e¶ i generuje nowy klucz i certyfikat.
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P><B><FONT SIZE=+1>Tworzenie certyfikatu dla stunnela i innych serwerów</FONT></B>
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P>Zanim siê do tego zabierzesz powiniene¶ lekko zmodyfikowac skrypt <B>CA.pl</B>
|
|
||||||
oraz plik konfiguracyjny <B>openssl.cnf</B>.
|
|
||||||
<BR>Skopiuj je odpowiednio do plików <B>/usr/local/ssl/bin/CAserv.pl</B>
|
|
||||||
i <B>/usr/local/ssl/lib/openssl_serv.cnf</B>.<B></B>
|
|
||||||
<BR>Generowane certyfikaty domy¶lnie zabezpieczone s± has³em, w takim przypadku
|
|
||||||
w momencie startu stunnela zawsze
|
|
||||||
<BR>bêdziesz pytany o haslo zabezpieczaj±ce, co skutecznie uniemo¿liwi
|
|
||||||
automatyczne uruchamianie programu w czasie
|
|
||||||
<BR>bootowania serwera, czy te¿ przy próbie wystartowania go przez
|
|
||||||
inetd. Nale¿y poprawiæ <B>linie 40</B> i <B>41</B> skryptu
|
|
||||||
<BR><B>CAserv.pl</B> z
|
|
||||||
|
|
||||||
<P><FONT COLOR="#006600">linia 40:</FONT>
|
|
||||||
<BR><B>$REQ="openssl req <I>$SSLEAY_CONFIG</I>";</B>
|
|
||||||
<BR>na
|
|
||||||
<BR><B>$REQ="openssl req <FONT COLOR="#FF0000">-nodes -config /usr/local/ssl/lib/openssl_serv.cnf</FONT>";</B>
|
|
||||||
|
|
||||||
<P><FONT COLOR="#006600">linia 41:</FONT>
|
|
||||||
<BR><B>$CA="openssl ca <I>$SSLEAY_CONFIG</I>";</B>
|
|
||||||
<BR>na
|
|
||||||
<BR><B>$CA="openssl ca <FONT COLOR="#FF0000">-config /usr/local/ssl/lib/openssl_serv.cnf</FONT>";</B>
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P>Natomiast w pliku <B>/usr/local/ssl/lib/openssl_serv.cnf </B>nalezy
|
|
||||||
w sekcji <A HREF="#usr_cert">usr_cert</A> "zahashowaæ" linijkê
|
|
||||||
<BR><A HREF="#klient">nsCertType = client, email</A> oraz "odhashowaæ"
|
|
||||||
linijkê <A HREF="#server">nsCertType = server</A> . Je¶li tego
|
|
||||||
nie zrobisz klient nie bêdzie
|
|
||||||
<BR>poprawnie rozpoznawa³ typu certyfikatu. A teraz kolej na wygenerowanie
|
|
||||||
"requestu" posy³anego zazwyczaj do CA.
|
|
||||||
<BR>Bêd±c w katalogu /usr/local/ssl/bin wykonaj:
|
|
||||||
|
|
||||||
<P><I>adas:/usr/local/ssl/bin# .<B>/CAserv.pl -newreq</B></I>
|
|
||||||
<BR><I>Using configuration from /usr/local/ssl/lib/openssl_serv.cnf</I>
|
|
||||||
<BR><I>Generating a 1024 bit RSA private key</I>
|
|
||||||
<BR><I>..............................+++++</I>
|
|
||||||
<BR><I>.........+++++</I>
|
|
||||||
<BR><I>writing new private key to 'newreq.pem'</I>
|
|
||||||
<BR><I>-----</I>
|
|
||||||
<BR><I>You are about to be asked to enter information that will be incorporated</I>
|
|
||||||
<BR><I>into your certificate request.</I>
|
|
||||||
<BR><I>What you are about to enter is what is called a Distinguished Name
|
|
||||||
or a DN.</I>
|
|
||||||
<BR><I>There are quite a few fields but you can leave some blank</I>
|
|
||||||
<BR><I>For some fields there will be a default value,</I>
|
|
||||||
<BR><I>If you enter '.', the field will be left blank.</I>
|
|
||||||
<BR><I>-----</I>
|
|
||||||
<BR><I>Country Name (2 letter code) [PL]:</I>
|
|
||||||
<BR><I>State i Prowincja [Kraina Bezrobotnych Szwaczek]:Kraina latajacych
|
|
||||||
scyzorykow</I>
|
|
||||||
<BR><I>Locality Name (eg, city) [Lodz]:Sielpia</I>
|
|
||||||
<BR><I>Organization Name (eg, company) [Instytut Badan Czarow i Magii]:Bar
|
|
||||||
Sloneczko</I>
|
|
||||||
<BR><I>Organizational Unit Name (eg, section) [Komorka d/s Egzorcyzmow
|
|
||||||
i Opentan]:Kuflownia</I>
|
|
||||||
<BR><I><FONT COLOR="#FF0000">Common Name (eg, YOUR name) []:adas.pl</FONT></I>
|
|
||||||
<BR><I>Email Address []:adas@adas.pl</I>
|
|
||||||
|
|
||||||
<P><I>Please enter the following 'extra' attributes</I>
|
|
||||||
<BR><I>to be sent with your certificate request</I>
|
|
||||||
<BR><I>A challenge password []:</I>
|
|
||||||
<BR><I>An optional company name []:</I>
|
|
||||||
<BR><I>Request (and private key) is in newreq.pem</I>
|
|
||||||
<BR><I>adas:/usr/local/ssl/bin#</I>
|
|
||||||
|
|
||||||
<P>Polem o którym warto wspomnieæ jest "Common Name" (zaznaczone na czerwono).
|
|
||||||
W trakcie generowania requestu
|
|
||||||
<BR>nale¿y w tym miejscu wpisaæ <B>FQDN serwera</B> na którym bêdzie on
|
|
||||||
u¿ywany. W przeciwnym wypadku w chwili
|
|
||||||
<BR>po³±czenia klient bêdzie twierdzi³, ¿e certyfikat jakim przedstawia
|
|
||||||
siê serwer nie nale¿y do niego. Unikniemy w ten
|
|
||||||
<BR>sposób niepotrzebnego klikania. Kolejn± czynno¶ci± jest podpisanie
|
|
||||||
wygenerowanego requestu. W katalogu
|
|
||||||
<BR>/usr/local/ssl/bin wykonaj polecenie:
|
|
||||||
|
|
||||||
<P><I>adas:/usr/local/ssl/bin# .<B>/CAserv.pl -sign</B></I>
|
|
||||||
<BR><I>Using configuration from /usr/local/ssl/lib/openssl.cnf</I>
|
|
||||||
<BR><I><FONT COLOR="#009900">Enter PEM pass phrase:</FONT></I>
|
|
||||||
<BR><I>Check that the request matches the signature</I>
|
|
||||||
<BR><I>Signature ok</I>
|
|
||||||
<BR><I>The Subjects Distinguished Name is as follows</I>
|
|
||||||
<BR><I>countryName
|
|
||||||
:PRINTABLE:'PL'</I>
|
|
||||||
<BR><I>stateOrProvinceName :PRINTABLE:'Kraina latajacych scyzorykow'</I>
|
|
||||||
<BR><I>localityName
|
|
||||||
:PRINTABLE:'Sielpia'</I>
|
|
||||||
<BR><I>organizationName :PRINTABLE:'Bar Sloneczko'</I>
|
|
||||||
<BR><I>organizationalUnitName:PRINTABLE:'Kuflownia'</I>
|
|
||||||
<BR><I>commonName
|
|
||||||
:PRINTABLE:'adas.pl'</I>
|
|
||||||
<BR><I>emailAddress
|
|
||||||
:IA5STRING:'adas@adas.pl'</I>
|
|
||||||
<BR><I>Certificate is to be certified until Mar 26 21:06:13 2000 GMT (365
|
|
||||||
days)</I>
|
|
||||||
<BR><I>Sign the certificate? [y/n]:y</I>
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P><I>1 out of 1 certificate requests certified, commit? [y/n]y</I>
|
|
||||||
<BR><I>Write out database with 1 new entries</I>
|
|
||||||
<BR><I>Data Base Updated</I>
|
|
||||||
<BR><I>Signed certificate is in newcert.pem</I>
|
|
||||||
<BR><I>adas:/usr/local/ssl/bin#</I>
|
|
||||||
|
|
||||||
<P>W trakcie podpisywania bêdziesz pytany o has³o zabezpieczaj±ce klucz
|
|
||||||
prywatny CA (zaznaczone na zielono).
|
|
||||||
<BR>Po tej operacji powiniene¶ w katalogu /usr/local/ssl/bin otrzymaæ 2
|
|
||||||
pliki: <B>newcert.pem</B> oraz <B>newreq.pem</B>.
|
|
||||||
<BR>Zanim zaczniesz ich u¿ywaæ musisz wykonaæ jeszcze jedn± operacje, a
|
|
||||||
mianowicie z³orzyæ wszystko do kupy.
|
|
||||||
<BR>Wykonujesz: <B>cat newcert.pem newreq.pem > httpds.pem</B> a nastêpnie
|
|
||||||
poddajesz tak powsta³y certyfikat edycji.
|
|
||||||
<BR>Nale¿y z pliku httpds.pem nale¿y usun±æ wszystkie niepotrzebne informacje
|
|
||||||
tak by pozosta³ jedynie certyfikat oraz
|
|
||||||
<BR>klucz prywatny. Po tej operacji plik httpds.pem powinien wygl±daæ mniej
|
|
||||||
wiêcej tak:
|
|
||||||
|
|
||||||
<P><I>issuer :/C=PL/ST=Kraina Bezrobotnych Szwaczek/L=Lodz/O=Instytut Badan
|
|
||||||
Czarow i Magii/OU=Komorka d/s Egzorcyzmow i opentan/CN=Adam Hernik/Email=adas@infocentrum.com</I>
|
|
||||||
<BR><I>subject:/C=PL/ST=Kraina latajacych scyzorykow/L=Sielpia/O=Bar Sloneczko/OU=Kuflownia/CN=adas.pl/</I>
|
|
||||||
<BR><I>Email=adas@adas.pl</I>
|
|
||||||
<BR><I>-----BEGIN CERTIFICATE-----</I>
|
|
||||||
<BR><I> Tu s± magiczne dane</I>
|
|
||||||
<BR><I>-----END CERTIFICATE-----</I>
|
|
||||||
|
|
||||||
<P><I>-----BEGIN RSA PRIVATE KEY-----</I>
|
|
||||||
<BR><I> I tu te¿ s± magiczne dane</I>
|
|
||||||
<BR><I>-----END RSA PRIVATE KEY-----</I>
|
|
||||||
|
|
||||||
<P>Spreparowany w ten sposób plik umieszczamy w katalogu /usr/local/ssl/certs
|
|
||||||
i zajmujemy siê generowaniem dwu
|
|
||||||
<BR>certyfikatów klienckich.
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P><B><FONT SIZE=+1>Generowanie i importowanie certyfikatów klienckich
|
|
||||||
do Netscape Communikatora.</FONT></B>
|
|
||||||
<BR>
|
|
||||||
<BR>Generalnie s± dwie metody tworzenia i importowania certyfikatów klienckich
|
|
||||||
do Netscapa
|
|
||||||
<BR><B>Sposób pierwszy:</B>
|
|
||||||
<BR>Przy pomocy komendy <B>CA.pl -newreq</B> wygeneruj request a nastêpnie
|
|
||||||
przy pomocy <B>CA.pl -sign</B> podpisz go.
|
|
||||||
<BR>Pytanie o <I>challenge password</I> zignoruj. Kolejn± czynno¶ci± jest
|
|
||||||
scalenie i podczyszczenie certyfikatu.
|
|
||||||
<BR>W przypadku certyfikatu klienta wa¿ne jest podanie <B>prawid³owego
|
|
||||||
adresu email</B> <B>!</B> Bez tego nie bêdzie mo¿na
|
|
||||||
<BR>podpisywaæ i szyfrowaæ listów. Stwórz dwa certyfikaty. Bêd± one
|
|
||||||
potrzebne do wyja¶nienia dzia³ania opcji -v 3
|
|
||||||
<BR>programu stunnel. Zak³adam ¿e pierwszy certyfikat nale¿y do Jana Kowalskiego
|
|
||||||
jan@ibczim.pl zachowany w
|
|
||||||
<BR>pliku jan.pem a drugi do Genowefy Pigwy pigwa@scyzoryki.pl znajduj±cym
|
|
||||||
siê w pliku pigwa.pem. Przed
|
|
||||||
<BR>zaimportowaniem plików do Netscpea nale¿y przekonwertowaæ je z formatu
|
|
||||||
PEM do PCKS12. Wykonuje siê to
|
|
||||||
<BR>przy pomocy wspomnianego na pocz±tku programu <B>pcks12</B>. Aby przekonwertowaæ
|
|
||||||
certyfikat Jan Kowalskiego,
|
|
||||||
<BR>w katalogu w ktorym znajduje siê plik jan.pem wykonaj:
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P><B>pkcs12 -export -name "Jan Kowalski jan@ibczim.pl" -in jan.pem -out
|
|
||||||
jan.p12 -certfile /usr/local/ssl/bin/demoCA/cacert.pem</B>
|
|
||||||
|
|
||||||
<P>(<FONT COLOR="#990000">jest to jedna linia !!!</FONT>)
|
|
||||||
<BR>w wyniku czego powstanie plik jan.p12 który mo¿na zaimportowaæ do Netscapea.
|
|
||||||
Bardzo wa¿n± opcj± jest
|
|
||||||
<BR><B><I>-certfile /usr/local/ssl/bin/demoCA/cacert.pem</I></B>. Bez niej
|
|
||||||
nie bêdzie mo¿na w prawid³owy sposób podpisywaæ listów.
|
|
||||||
<BR>Prze³±cznik -certfile powoduje do³±czenie publicznego certyfikatu CA
|
|
||||||
do certyfikatu klienta dziêki czemu Netscape
|
|
||||||
<BR>jest wstanie "wyekstrachowaæ" certyfikat CA i dodaæ go do wewnêtrznej
|
|
||||||
bazy CA. Wykonaj powy¿sz± operacjê tak¿e
|
|
||||||
<BR>dla pigwy. Samo zaimportowanie certyfikatu jest bardzo proste wykonuje
|
|
||||||
siê to klikaj±c w Netscape na
|
|
||||||
|
|
||||||
<P><B>Security-> Yours -> Import a Certificate</B>
|
|
||||||
|
|
||||||
<P>Po zaimportowaniu nale¿y w <B>Security -> Signers</B> zaznaczyæ nasz
|
|
||||||
CA certyfikat a nastêpnie klikn±æ na przycisku Edit
|
|
||||||
<BR>oraz "zaczekowaæ" opcje:
|
|
||||||
|
|
||||||
<P><I>Accept this Certificate Authority for Certifying network sites</I>
|
|
||||||
<BR><I>Accept this Certificate Authority for Certifying e-mail users</I>
|
|
||||||
|
|
||||||
<P>Od tej pory nasz certyfikat bêdzie traktowany na równi z innymi, komercyjnymi.
|
|
||||||
|
|
||||||
<P><B>Sposób drugi:</B>
|
|
||||||
<BR>Polega on na wygenerowaniu i imporcie certyfikatu poprzez strone www.
|
|
||||||
Wraz z stunnelem dostarczane s±
|
|
||||||
<BR>przk³adowe strony (dwie) i skrypty (dwa). Skrypty nale¿y raczej
|
|
||||||
traktowaæ jako wzorzec i ka¿dy powinien napisaæ
|
|
||||||
<BR>swoje, bardziej bezpieczne. Pierwszym krokiem jest import certyfikatu
|
|
||||||
CA. U¿ywa siê do tego strony <B>importCA.html</B>
|
|
||||||
<BR>oraz skryptu <B>importCA.sh</B>. Sam skrypt wygl±da tak:
|
|
||||||
|
|
||||||
<P><I>#!/bin/bash</I>
|
|
||||||
|
|
||||||
<P><I>echo "Content-type: application/x-x509-ca-cert"</I>
|
|
||||||
<BR><I>echo</I>
|
|
||||||
<BR><I>cat <FONT COLOR="#CC0000">/var/lib/httpds/cgi-bin/<B>cacert.pem</B></FONT></I>
|
|
||||||
|
|
||||||
<P>cacert.pem jest to oczywi¶cie certyfikat publiczny CA znajduj±cy siê
|
|
||||||
w katalogu /usr/local/ssl/bin/demoCA
|
|
||||||
<BR>który nale¿y przekopiowaæ do katalogu cgi-bin serwera httpd oraz nadaæ
|
|
||||||
mu odpowiednie prawa dostêpu.
|
|
||||||
<BR>Po zaimportowaniu certyfikatu CA nale¿y w Security->Signers zaznaczyæ
|
|
||||||
do jakich celów bêdziemy uznawli
|
|
||||||
<BR>go za wiarygodny. Do generowania certyfikatu klienta wykorzystamy pozosta³±
|
|
||||||
strone i skrypt. Zanim do tego dojdzie
|
|
||||||
<BR>nale¿y "dokonfigurowaæ" skrypt i stworzyæ potrzebne katalogi.
|
|
||||||
W /tmp (lub w innym miejscu) nalezy stworzyæ
|
|
||||||
<BR>katalog ssl a nastêpnie przekopiowaæ do niego katalog <B>/usr/local/bin/demoCA</B>
|
|
||||||
oraz plik <B>openssl.cnf</B>.
|
|
||||||
<BR>Jako ¿e skrypty domy¶lnie uruchamiane s± z prawami u¿ytkownika nobody
|
|
||||||
nale¿y uczyniæ go wla¶cicielem
|
|
||||||
<BR>katalogu /tmp/ssl i ca³ej jego zawarto¶ci. Kolejn± czynno¶ci± jest
|
|
||||||
wygenerowanie pliku <B>.rnd</B>. W Linuxie robimy to
|
|
||||||
<BR>tak:
|
|
||||||
<BR><B>cat /dev/random > /tmp/ssl/.rnd</B>
|
|
||||||
<BR>czekamy chwilkê tak by plik .rnd mia³ wielko¶æ oko³o 1024 B po czym
|
|
||||||
w³a¶cicielem pliku robimy u¿ytkownika nobody.
|
|
||||||
<BR>Teraz trzeba przekonfigurowaæ plik /tmp/ssl/openssl.cnf
|
|
||||||
|
|
||||||
<P><I>#</I>
|
|
||||||
<BR><I># OpenSSL example configuration file.</I>
|
|
||||||
<BR><I># This is mostly being used for generation of certificate requests.</I>
|
|
||||||
<BR><I>#</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I><FONT COLOR="#FF0000">RANDFILE
|
|
||||||
= /tmp/ssl/.rnd</FONT></I>
|
|
||||||
<BR><I>#oid_file
|
|
||||||
= /tmp/ssl/.oid</I>
|
|
||||||
<BR><I>oid_section
|
|
||||||
= new_oids</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I>[ new_oids ]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I># We can add new OIDs in here for use by 'ca' and 'req'.</I>
|
|
||||||
<BR><I># Add a simple OID like this:</I>
|
|
||||||
<BR><I># testoid1=1.2.3.4</I>
|
|
||||||
<BR><I># Or use config file substitution like this:</I>
|
|
||||||
<BR><I># testoid2=${testoid1}.5.6</I><I></I>
|
|
||||||
|
|
||||||
<P><I>####################################################################</I>
|
|
||||||
<BR><I>[ ca ]</I>
|
|
||||||
<BR><I>default_ca = CA_default
|
|
||||||
# The default ca section</I><I></I>
|
|
||||||
|
|
||||||
<P><I>####################################################################</I>
|
|
||||||
<BR><I>[ CA_default ]</I>
|
|
||||||
<BR><I> </I>
|
|
||||||
<BR><I><FONT COLOR="#FF0000">dir
|
|
||||||
= /tmp/ssl/demoCA
|
|
||||||
# Where everything is kept</FONT></I>
|
|
||||||
<BR><I>certs
|
|
||||||
= $dir/certs
|
|
||||||
# Where the issued certs are kept</I>
|
|
||||||
<BR><I>crl_dir = $dir/crl
|
|
||||||
# Where the issued crl are kept</I>
|
|
||||||
<BR><I>database = $dir/index.txt
|
|
||||||
# database index file.</I>
|
|
||||||
<BR><I>new_certs_dir = $dir/newcerts
|
|
||||||
# default place for new certs.</I>
|
|
||||||
<BR>
|
|
||||||
<BR>Nale¿y zmieniæ opcje zaznaczone na czerwono. Ostatni± czynno¶ci± jest
|
|
||||||
sprawdzenie i ewentualne poprawienie
|
|
||||||
<BR>strony ca.html i skryptu ca.pl. W pliku ca.html nalezy wpisaæ poprawn±
|
|
||||||
nazwê serwera na którym znajduje siê
|
|
||||||
<BR>skrypt ca.pl czyli linijkê <B><FORM ACTION="<FONT COLOR="#FF0000">http://localhost/cgi-bin/ca.pl</FONT>"
|
|
||||||
METHOD=POST></B>. W ca.pl
|
|
||||||
<BR>nale¿y skontrolowaæ poprawno¶æ podanych ¶cie¿ek oraz wpisaæ has³o jakim
|
|
||||||
zabezpieczony jest klucz prywatny CA
|
|
||||||
<BR>(zmienna $certpass zaznaczona na czerwono).
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P><I>#!/usr/bin/perl</I>
|
|
||||||
<BR><I>#ca.pl</I><I></I>
|
|
||||||
|
|
||||||
<P><I>$config = "/tmp/ssl/openssl.cnf";</I>
|
|
||||||
<BR><I>$capath = "/usr/local/ssl/bin/openssl ca";</I>
|
|
||||||
<BR><I><FONT COLOR="#FF0000">$certpass = "tu_jest_haslo";</FONT></I>
|
|
||||||
<BR><I>$tempca = "/tmp/ssl/cli".rand 10000;</I>
|
|
||||||
<BR><I>$tempout = "/tmp/ssl/certtmp".rand 10000;</I>
|
|
||||||
<BR><I>$caout = "/tmp/ssl/certwynik.txt";</I>
|
|
||||||
<BR><I>$CAcert = "/tmp/ssl/demoCA/cacert.pem";</I>
|
|
||||||
<BR><I>...</I>
|
|
||||||
<BR>
|
|
||||||
|
|
||||||
<P>Po umieszczeniu tak przygotowanych stron i skryptów na serwerze bêdzie
|
|
||||||
mo¿na generowaæ certyfikaty dla klientów.
|
|
||||||
|
|
||||||
<P><B>Wady i zalety obydwu sposobów generowania i instalowania certyfikatów.</B>
|
|
||||||
|
|
||||||
<P><A NAME="usuwanie"></A>Jak wynika z powy¿szego opisu bezpieczniejszym
|
|
||||||
i polecanym przeze mnie jest sposób pierwszy. Jego powa¿n± wad±
|
|
||||||
<BR>jest fakt ¿e cz³owiek generuj±cy certyfikaty znajduje siê w posiadaniu
|
|
||||||
klucza prywatnego osoby wystêpuj±cej o
|
|
||||||
<BR>certyfikat. <FONT COLOR="#FF0000">Oczywi¶cie uczciwy CA powinien
|
|
||||||
skasowaæ go, zaraz po utworzeniu</FONT>. W takim wypadku metoda pierwsza
|
|
||||||
<BR>spe³nia wszelkie wymogi. Sposób drugi prócz samych wad ma jedn±
|
|
||||||
acz ogromn± zaletê. Mianowicie klucz prywatny
|
|
||||||
<BR>klienta nigdy nie opuszcza jego komputera. Do wad mo¿na zaliczyæ
|
|
||||||
fakt ¿e has³o zabezpieczaj±ce klucz prywatny CA
|
|
||||||
<BR>znajduje siê na serwerze i to w dodatku w ¿aden sposób nie chronione.
|
|
||||||
Kolejn± wad± jest generowanie kompletnych
|
|
||||||
<BR>certyfikatów przez strone www, co mo¿e groziæ wykradzeniem klucza prywatnego.
|
|
||||||
Rozwi±zaniem mo¿e byæ sk³adowanie
|
|
||||||
<BR>requestów w bazie danych a nastpnie rêczna ich obróbka przez administratora.
|
|
||||||
Reasumuj±c, sposób drugi nale¿y
|
|
||||||
<BR>potraktowaæ jako demonstracje metody któr± mo¿na przeæwiczyæ przed
|
|
||||||
napisaniem porz±dnych skryptów.
|
|
||||||
<BR> <B><FONT SIZE=+1></FONT></B>
|
|
||||||
|
|
||||||
<P><B><FONT SIZE=+1>Tajemniczy prze³±cznik -v 3 w stunnelu</FONT></B>
|
|
||||||
|
|
||||||
<P>Stunnel posiada trzy tryby weryfikacji klienta.
|
|
||||||
<BR>Pierwszy opcja <B><FONT SIZE=+1>-v 1</FONT></B> oznacza ¿e nale¿y spróbowaæ
|
|
||||||
zweryfikowaæ osobê nawi±zuj±c± po³±czenie czyli uzyskaæ jej
|
|
||||||
<BR>ceryfikat. Je¶li operacja ta siê nie powiedzie, mimo wszystko dostêp
|
|
||||||
do serwera bêdzie zapewniony.
|
|
||||||
<BR>Prze³±cznik <B><FONT SIZE=+1>-v 2</FONT></B> nakazuje stunnelowi zweryfikowaæ
|
|
||||||
klienta. Je¶li u¿ytkownik nie posiada certyfikatu lub certyfikat
|
|
||||||
<BR>jest niewa¿ny, niew³a¶ciwy czy te¿ nie posiadamy certyfikatu CA którym
|
|
||||||
podpisany jest certyfikat klienta
|
|
||||||
<BR><FONT SIZE=-2>(straszny jest ten jêzyk polski)</FONT> nawi±zanie po³±czenia
|
|
||||||
z serwerem bêdzie niemo¿liwe. I wreszcie opcja <B><FONT SIZE=+1>-v 3</FONT></B>
|
|
||||||
nakazuj±ca
|
|
||||||
<BR>stunnelowi zweryfikowaæ klienta a tak¿e poszukaæ jego certyfikatu w
|
|
||||||
naszej lokalnej bazie.
|
|
||||||
<BR>Dzieki opcji -v 3 mo¿emy stworzyæ bardzo selektywny dostêp do us³ug
|
|
||||||
oferowanych przez serwer, unikaj±c generowania du¿ych ilo¶ci certyfikatów.
|
|
||||||
<FONT COLOR="#FF0000">Uwaga ogólna: do poprawnej weryfikacji klienta KONIECZNE
|
|
||||||
jest posiadanie certyfikatu CA którym podpisany jest sprawdzany certyfikat</FONT>.
|
|
||||||
Bez tego stunnel nie jest wstanie przeprowadziæ poprawnej autoryzacji klienta.
|
|
||||||
Próba taka koñczy siê b³êdami "<B>VERIFY ERROR: self signed certificate
|
|
||||||
for .....</B>" oraz "<B>SSL_accept: error:140890B1:SSL routines:</B> <B>SSL3_GET_CLIENT_CERTIFICATE:no
|
|
||||||
certificate returned</B>". A teraz przyk³ad praktyczny: chcemy aby do https
|
|
||||||
bêd±cym na <B>porcie 444</B> mia³y dostêp wszystkie osoby maj±ce certyfikaty
|
|
||||||
natomiast
|
|
||||||
<BR>do do https na <B>porcie 445</B> dostêp mia³ tylko Jan Kowalski. Pierwsz±
|
|
||||||
czynno¶ci± jak± nale¿y wykonaæ jest skopiowanie
|
|
||||||
<BR>certyfikatu CA do katalogu <B>/usr/local/ssl/certs</B> (default cert
|
|
||||||
area), nastêpnie w tym katalogu nale¿y utworzyæ
|
|
||||||
<BR>podkatalog o nazwie <B>mytrusted</B>, poczym skopiowaæ do niego
|
|
||||||
certyfikat klienta czyli jan.pem. <A HREF="#usuwanie"><B>Uwaga</B>: z pliku
|
|
||||||
jan.pem</A>
|
|
||||||
<BR><A HREF="#usuwanie"><B>MUSISZ</B> usun±æ klucz prywatny</A> !!! Czyli
|
|
||||||
to co siê znajduje miêdzy
|
|
||||||
|
|
||||||
<P>-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
<BR>.......
|
|
||||||
<BR>-----END RSA PRIVATE KEY-----
|
|
||||||
|
|
||||||
<P>³±cznie z powy¿szymi liniami. Nastêpnie w katalogach <B>/usr/local/ssl/certs</B>
|
|
||||||
i <B>/usr/local/ssl/certs/mytrusted</B> nale¿y
|
|
||||||
<BR>wykonaæ polecenie
|
|
||||||
<BR><B>/usr/local/ssl/bin/c_rehash ./</B>
|
|
||||||
<BR>Teraz kolej na uruchomienie stunnela:
|
|
||||||
<BR><B>stunnel -d 444 -r 80 -v 2</B>
|
|
||||||
<BR>oraz
|
|
||||||
<BR><B>stunnel -d 445 -r 80 -v 3</B>
|
|
||||||
<BR>Netscapem nale¿y po³±czyæ sie z https://localhost:444/ a po pytaniu
|
|
||||||
o certyfikat przedstawiæ certyfikat nale¿±cy
|
|
||||||
<BR>do pigwy. Dostêp do serwera bêdzie zapewniony. Czynno¶c tê nale¿y powtórzyæ
|
|
||||||
przedstawiaj±c siê za drugim razem
|
|
||||||
<BR>certyfikatem Jana Kowalskiego. Po³±czenie tak¿e bêdzie zrealizowane.
|
|
||||||
W przypadku https://localhost:445/ wej¶cie
|
|
||||||
<BR>na serwer bêdzie zapewnione tylko po wylegitymowaniu siê certyfikatem
|
|
||||||
Jana Kowalskiego. Po kazdej zmianie w
|
|
||||||
<BR>katalogu /usr/local/ssl/certs/mytrusted nale¿y wykonaæ komendê c_rehash
|
|
||||||
./ i zrestartowaæ stunnela.
|
|
||||||
<BR>
|
|
||||||
</BODY>
|
|
||||||
</HTML>
|
|
1395
doc/stunnel.8.in
1395
doc/stunnel.8.in
File diff suppressed because it is too large
Load Diff
1625
doc/stunnel.html.in
1625
doc/stunnel.html.in
File diff suppressed because it is too large
Load Diff
1425
doc/stunnel.pl.8.in
1425
doc/stunnel.pl.8.in
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
1529
doc/stunnel.pod.in
1529
doc/stunnel.pod.in
File diff suppressed because it is too large
Load Diff
8387
m4/libtool.m4
vendored
8387
m4/libtool.m4
vendored
File diff suppressed because it is too large
Load Diff
437
m4/ltoptions.m4
vendored
437
m4/ltoptions.m4
vendored
@ -1,437 +0,0 @@
|
|||||||
# Helper functions for option handling. -*- Autoconf -*-
|
|
||||||
#
|
|
||||||
# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
|
|
||||||
# Foundation, Inc.
|
|
||||||
# Written by Gary V. Vaughan, 2004
|
|
||||||
#
|
|
||||||
# This file is free software; the Free Software Foundation gives
|
|
||||||
# unlimited permission to copy and/or distribute it, with or without
|
|
||||||
# modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
# serial 8 ltoptions.m4
|
|
||||||
|
|
||||||
# This is to help aclocal find these macros, as it can't see m4_define.
|
|
||||||
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
|
|
||||||
# ------------------------------------------
|
|
||||||
m4_define([_LT_MANGLE_OPTION],
|
|
||||||
[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
|
|
||||||
# ---------------------------------------
|
|
||||||
# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
|
|
||||||
# matching handler defined, dispatch to it. Other OPTION-NAMEs are
|
|
||||||
# saved as a flag.
|
|
||||||
m4_define([_LT_SET_OPTION],
|
|
||||||
[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
|
|
||||||
m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
|
|
||||||
_LT_MANGLE_DEFUN([$1], [$2]),
|
|
||||||
[m4_warning([Unknown $1 option '$2'])])[]dnl
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
|
|
||||||
# ------------------------------------------------------------
|
|
||||||
# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
|
|
||||||
m4_define([_LT_IF_OPTION],
|
|
||||||
[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
|
|
||||||
# -------------------------------------------------------
|
|
||||||
# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
|
|
||||||
# are set.
|
|
||||||
m4_define([_LT_UNLESS_OPTIONS],
|
|
||||||
[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
|
|
||||||
[m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
|
|
||||||
[m4_define([$0_found])])])[]dnl
|
|
||||||
m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
|
|
||||||
])[]dnl
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
|
|
||||||
# ----------------------------------------
|
|
||||||
# OPTION-LIST is a space-separated list of Libtool options associated
|
|
||||||
# with MACRO-NAME. If any OPTION has a matching handler declared with
|
|
||||||
# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
|
|
||||||
# the unknown option and exit.
|
|
||||||
m4_defun([_LT_SET_OPTIONS],
|
|
||||||
[# Set options
|
|
||||||
m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
|
|
||||||
[_LT_SET_OPTION([$1], _LT_Option)])
|
|
||||||
|
|
||||||
m4_if([$1],[LT_INIT],[
|
|
||||||
dnl
|
|
||||||
dnl Simply set some default values (i.e off) if boolean options were not
|
|
||||||
dnl specified:
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
|
|
||||||
])
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
|
|
||||||
])
|
|
||||||
dnl
|
|
||||||
dnl If no reference was made to various pairs of opposing options, then
|
|
||||||
dnl we run the default mode handler for the pair. For example, if neither
|
|
||||||
dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
|
|
||||||
dnl archives by default:
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
|
|
||||||
[_LT_ENABLE_FAST_INSTALL])
|
|
||||||
_LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
|
|
||||||
[_LT_WITH_AIX_SONAME([aix])])
|
|
||||||
])
|
|
||||||
])# _LT_SET_OPTIONS
|
|
||||||
|
|
||||||
|
|
||||||
## --------------------------------- ##
|
|
||||||
## Macros to handle LT_INIT options. ##
|
|
||||||
## --------------------------------- ##
|
|
||||||
|
|
||||||
# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
|
|
||||||
# -----------------------------------------
|
|
||||||
m4_define([_LT_MANGLE_DEFUN],
|
|
||||||
[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
|
|
||||||
|
|
||||||
|
|
||||||
# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
|
|
||||||
# -----------------------------------------------
|
|
||||||
m4_define([LT_OPTION_DEFINE],
|
|
||||||
[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
|
|
||||||
])# LT_OPTION_DEFINE
|
|
||||||
|
|
||||||
|
|
||||||
# dlopen
|
|
||||||
# ------
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
|
|
||||||
])
|
|
||||||
|
|
||||||
AU_DEFUN([AC_LIBTOOL_DLOPEN],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], [dlopen])
|
|
||||||
AC_DIAGNOSE([obsolete],
|
|
||||||
[$0: Remove this warning and the call to _LT_SET_OPTION when you
|
|
||||||
put the 'dlopen' option into LT_INIT's first parameter.])
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl aclocal-1.4 backwards compatibility:
|
|
||||||
dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
|
|
||||||
|
|
||||||
|
|
||||||
# win32-dll
|
|
||||||
# ---------
|
|
||||||
# Declare package support for building win32 dll's.
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [win32-dll],
|
|
||||||
[enable_win32_dll=yes
|
|
||||||
|
|
||||||
case $host in
|
|
||||||
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
|
|
||||||
AC_CHECK_TOOL(AS, as, false)
|
|
||||||
AC_CHECK_TOOL(DLLTOOL, dlltool, false)
|
|
||||||
AC_CHECK_TOOL(OBJDUMP, objdump, false)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
test -z "$AS" && AS=as
|
|
||||||
_LT_DECL([], [AS], [1], [Assembler program])dnl
|
|
||||||
|
|
||||||
test -z "$DLLTOOL" && DLLTOOL=dlltool
|
|
||||||
_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
|
|
||||||
|
|
||||||
test -z "$OBJDUMP" && OBJDUMP=objdump
|
|
||||||
_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
|
|
||||||
])# win32-dll
|
|
||||||
|
|
||||||
AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
|
|
||||||
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
|
|
||||||
_LT_SET_OPTION([LT_INIT], [win32-dll])
|
|
||||||
AC_DIAGNOSE([obsolete],
|
|
||||||
[$0: Remove this warning and the call to _LT_SET_OPTION when you
|
|
||||||
put the 'win32-dll' option into LT_INIT's first parameter.])
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl aclocal-1.4 backwards compatibility:
|
|
||||||
dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_ENABLE_SHARED([DEFAULT])
|
|
||||||
# ----------------------------
|
|
||||||
# implement the --enable-shared flag, and supports the 'shared' and
|
|
||||||
# 'disable-shared' LT_INIT options.
|
|
||||||
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
|
|
||||||
m4_define([_LT_ENABLE_SHARED],
|
|
||||||
[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
|
|
||||||
AC_ARG_ENABLE([shared],
|
|
||||||
[AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
|
|
||||||
[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
|
|
||||||
[p=${PACKAGE-default}
|
|
||||||
case $enableval in
|
|
||||||
yes) enable_shared=yes ;;
|
|
||||||
no) enable_shared=no ;;
|
|
||||||
*)
|
|
||||||
enable_shared=no
|
|
||||||
# Look at the argument we got. We use all the common list separators.
|
|
||||||
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
|
|
||||||
for pkg in $enableval; do
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
if test "X$pkg" = "X$p"; then
|
|
||||||
enable_shared=yes
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
;;
|
|
||||||
esac],
|
|
||||||
[enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
|
|
||||||
|
|
||||||
_LT_DECL([build_libtool_libs], [enable_shared], [0],
|
|
||||||
[Whether or not to build shared libraries])
|
|
||||||
])# _LT_ENABLE_SHARED
|
|
||||||
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
|
|
||||||
|
|
||||||
# Old names:
|
|
||||||
AC_DEFUN([AC_ENABLE_SHARED],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
|
|
||||||
])
|
|
||||||
|
|
||||||
AC_DEFUN([AC_DISABLE_SHARED],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], [disable-shared])
|
|
||||||
])
|
|
||||||
|
|
||||||
AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
|
|
||||||
AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
|
|
||||||
|
|
||||||
dnl aclocal-1.4 backwards compatibility:
|
|
||||||
dnl AC_DEFUN([AM_ENABLE_SHARED], [])
|
|
||||||
dnl AC_DEFUN([AM_DISABLE_SHARED], [])
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_ENABLE_STATIC([DEFAULT])
|
|
||||||
# ----------------------------
|
|
||||||
# implement the --enable-static flag, and support the 'static' and
|
|
||||||
# 'disable-static' LT_INIT options.
|
|
||||||
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
|
|
||||||
m4_define([_LT_ENABLE_STATIC],
|
|
||||||
[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
|
|
||||||
AC_ARG_ENABLE([static],
|
|
||||||
[AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
|
|
||||||
[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
|
|
||||||
[p=${PACKAGE-default}
|
|
||||||
case $enableval in
|
|
||||||
yes) enable_static=yes ;;
|
|
||||||
no) enable_static=no ;;
|
|
||||||
*)
|
|
||||||
enable_static=no
|
|
||||||
# Look at the argument we got. We use all the common list separators.
|
|
||||||
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
|
|
||||||
for pkg in $enableval; do
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
if test "X$pkg" = "X$p"; then
|
|
||||||
enable_static=yes
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
;;
|
|
||||||
esac],
|
|
||||||
[enable_static=]_LT_ENABLE_STATIC_DEFAULT)
|
|
||||||
|
|
||||||
_LT_DECL([build_old_libs], [enable_static], [0],
|
|
||||||
[Whether or not to build static libraries])
|
|
||||||
])# _LT_ENABLE_STATIC
|
|
||||||
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
|
|
||||||
|
|
||||||
# Old names:
|
|
||||||
AC_DEFUN([AC_ENABLE_STATIC],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
|
|
||||||
])
|
|
||||||
|
|
||||||
AC_DEFUN([AC_DISABLE_STATIC],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], [disable-static])
|
|
||||||
])
|
|
||||||
|
|
||||||
AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
|
|
||||||
AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
|
|
||||||
|
|
||||||
dnl aclocal-1.4 backwards compatibility:
|
|
||||||
dnl AC_DEFUN([AM_ENABLE_STATIC], [])
|
|
||||||
dnl AC_DEFUN([AM_DISABLE_STATIC], [])
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_ENABLE_FAST_INSTALL([DEFAULT])
|
|
||||||
# ----------------------------------
|
|
||||||
# implement the --enable-fast-install flag, and support the 'fast-install'
|
|
||||||
# and 'disable-fast-install' LT_INIT options.
|
|
||||||
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
|
|
||||||
m4_define([_LT_ENABLE_FAST_INSTALL],
|
|
||||||
[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
|
|
||||||
AC_ARG_ENABLE([fast-install],
|
|
||||||
[AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
|
|
||||||
[optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
|
|
||||||
[p=${PACKAGE-default}
|
|
||||||
case $enableval in
|
|
||||||
yes) enable_fast_install=yes ;;
|
|
||||||
no) enable_fast_install=no ;;
|
|
||||||
*)
|
|
||||||
enable_fast_install=no
|
|
||||||
# Look at the argument we got. We use all the common list separators.
|
|
||||||
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
|
|
||||||
for pkg in $enableval; do
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
if test "X$pkg" = "X$p"; then
|
|
||||||
enable_fast_install=yes
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
;;
|
|
||||||
esac],
|
|
||||||
[enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
|
|
||||||
|
|
||||||
_LT_DECL([fast_install], [enable_fast_install], [0],
|
|
||||||
[Whether or not to optimize for fast installation])dnl
|
|
||||||
])# _LT_ENABLE_FAST_INSTALL
|
|
||||||
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
|
|
||||||
|
|
||||||
# Old names:
|
|
||||||
AU_DEFUN([AC_ENABLE_FAST_INSTALL],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
|
|
||||||
AC_DIAGNOSE([obsolete],
|
|
||||||
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
|
|
||||||
the 'fast-install' option into LT_INIT's first parameter.])
|
|
||||||
])
|
|
||||||
|
|
||||||
AU_DEFUN([AC_DISABLE_FAST_INSTALL],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
|
|
||||||
AC_DIAGNOSE([obsolete],
|
|
||||||
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
|
|
||||||
the 'disable-fast-install' option into LT_INIT's first parameter.])
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl aclocal-1.4 backwards compatibility:
|
|
||||||
dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
|
|
||||||
dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_WITH_AIX_SONAME([DEFAULT])
|
|
||||||
# ----------------------------------
|
|
||||||
# implement the --with-aix-soname flag, and support the `aix-soname=aix'
|
|
||||||
# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
|
|
||||||
# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
|
|
||||||
m4_define([_LT_WITH_AIX_SONAME],
|
|
||||||
[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
|
|
||||||
shared_archive_member_spec=
|
|
||||||
case $host,$enable_shared in
|
|
||||||
power*-*-aix[[5-9]]*,yes)
|
|
||||||
AC_MSG_CHECKING([which variant of shared library versioning to provide])
|
|
||||||
AC_ARG_WITH([aix-soname],
|
|
||||||
[AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
|
|
||||||
[shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
|
|
||||||
[case $withval in
|
|
||||||
aix|svr4|both)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
AC_MSG_ERROR([Unknown argument to --with-aix-soname])
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
lt_cv_with_aix_soname=$with_aix_soname],
|
|
||||||
[AC_CACHE_VAL([lt_cv_with_aix_soname],
|
|
||||||
[lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
|
|
||||||
with_aix_soname=$lt_cv_with_aix_soname])
|
|
||||||
AC_MSG_RESULT([$with_aix_soname])
|
|
||||||
if test aix != "$with_aix_soname"; then
|
|
||||||
# For the AIX way of multilib, we name the shared archive member
|
|
||||||
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
|
|
||||||
# and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
|
|
||||||
# Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
|
|
||||||
# the AIX toolchain works better with OBJECT_MODE set (default 32).
|
|
||||||
if test 64 = "${OBJECT_MODE-32}"; then
|
|
||||||
shared_archive_member_spec=shr_64
|
|
||||||
else
|
|
||||||
shared_archive_member_spec=shr
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
with_aix_soname=aix
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
_LT_DECL([], [shared_archive_member_spec], [0],
|
|
||||||
[Shared archive member basename, for filename based shared library versioning on AIX])dnl
|
|
||||||
])# _LT_WITH_AIX_SONAME
|
|
||||||
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
|
|
||||||
|
|
||||||
|
|
||||||
# _LT_WITH_PIC([MODE])
|
|
||||||
# --------------------
|
|
||||||
# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
|
|
||||||
# LT_INIT options.
|
|
||||||
# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
|
|
||||||
m4_define([_LT_WITH_PIC],
|
|
||||||
[AC_ARG_WITH([pic],
|
|
||||||
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
|
|
||||||
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
|
|
||||||
[lt_p=${PACKAGE-default}
|
|
||||||
case $withval in
|
|
||||||
yes|no) pic_mode=$withval ;;
|
|
||||||
*)
|
|
||||||
pic_mode=default
|
|
||||||
# Look at the argument we got. We use all the common list separators.
|
|
||||||
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
|
|
||||||
for lt_pkg in $withval; do
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
if test "X$lt_pkg" = "X$lt_p"; then
|
|
||||||
pic_mode=yes
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
IFS=$lt_save_ifs
|
|
||||||
;;
|
|
||||||
esac],
|
|
||||||
[pic_mode=m4_default([$1], [default])])
|
|
||||||
|
|
||||||
_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
|
|
||||||
])# _LT_WITH_PIC
|
|
||||||
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
|
|
||||||
LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
|
|
||||||
|
|
||||||
# Old name:
|
|
||||||
AU_DEFUN([AC_LIBTOOL_PICMODE],
|
|
||||||
[_LT_SET_OPTION([LT_INIT], [pic-only])
|
|
||||||
AC_DIAGNOSE([obsolete],
|
|
||||||
[$0: Remove this warning and the call to _LT_SET_OPTION when you
|
|
||||||
put the 'pic-only' option into LT_INIT's first parameter.])
|
|
||||||
])
|
|
||||||
|
|
||||||
dnl aclocal-1.4 backwards compatibility:
|
|
||||||
dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
|
|
||||||
|
|
||||||
## ----------------- ##
|
|
||||||
## LTDL_INIT Options ##
|
|
||||||
## ----------------- ##
|
|
||||||
|
|
||||||
m4_define([_LTDL_MODE], [])
|
|
||||||
LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
|
|
||||||
[m4_define([_LTDL_MODE], [nonrecursive])])
|
|
||||||
LT_OPTION_DEFINE([LTDL_INIT], [recursive],
|
|
||||||
[m4_define([_LTDL_MODE], [recursive])])
|
|
||||||
LT_OPTION_DEFINE([LTDL_INIT], [subproject],
|
|
||||||
[m4_define([_LTDL_MODE], [subproject])])
|
|
||||||
|
|
||||||
m4_define([_LTDL_TYPE], [])
|
|
||||||
LT_OPTION_DEFINE([LTDL_INIT], [installable],
|
|
||||||
[m4_define([_LTDL_TYPE], [installable])])
|
|
||||||
LT_OPTION_DEFINE([LTDL_INIT], [convenience],
|
|
||||||
[m4_define([_LTDL_TYPE], [convenience])])
|
|
124
m4/ltsugar.m4
vendored
124
m4/ltsugar.m4
vendored
@ -1,124 +0,0 @@
|
|||||||
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
|
|
||||||
#
|
|
||||||
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
|
|
||||||
# Foundation, Inc.
|
|
||||||
# Written by Gary V. Vaughan, 2004
|
|
||||||
#
|
|
||||||
# This file is free software; the Free Software Foundation gives
|
|
||||||
# unlimited permission to copy and/or distribute it, with or without
|
|
||||||
# modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
# serial 6 ltsugar.m4
|
|
||||||
|
|
||||||
# This is to help aclocal find these macros, as it can't see m4_define.
|
|
||||||
AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_join(SEP, ARG1, [ARG2...])
|
|
||||||
# -----------------------------
|
|
||||||
# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
|
|
||||||
# associated separator.
|
|
||||||
# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
|
|
||||||
# versions in m4sugar had bugs.
|
|
||||||
m4_define([lt_join],
|
|
||||||
[m4_if([$#], [1], [],
|
|
||||||
[$#], [2], [[$2]],
|
|
||||||
[m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
|
|
||||||
m4_define([_lt_join],
|
|
||||||
[m4_if([$#$2], [2], [],
|
|
||||||
[m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_car(LIST)
|
|
||||||
# lt_cdr(LIST)
|
|
||||||
# ------------
|
|
||||||
# Manipulate m4 lists.
|
|
||||||
# These macros are necessary as long as will still need to support
|
|
||||||
# Autoconf-2.59, which quotes differently.
|
|
||||||
m4_define([lt_car], [[$1]])
|
|
||||||
m4_define([lt_cdr],
|
|
||||||
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
|
|
||||||
[$#], 1, [],
|
|
||||||
[m4_dquote(m4_shift($@))])])
|
|
||||||
m4_define([lt_unquote], $1)
|
|
||||||
|
|
||||||
|
|
||||||
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
|
|
||||||
# ------------------------------------------
|
|
||||||
# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
|
|
||||||
# Note that neither SEPARATOR nor STRING are expanded; they are appended
|
|
||||||
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
|
|
||||||
# No SEPARATOR is output if MACRO-NAME was previously undefined (different
|
|
||||||
# than defined and empty).
|
|
||||||
#
|
|
||||||
# This macro is needed until we can rely on Autoconf 2.62, since earlier
|
|
||||||
# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
|
|
||||||
m4_define([lt_append],
|
|
||||||
[m4_define([$1],
|
|
||||||
m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
|
|
||||||
# ----------------------------------------------------------
|
|
||||||
# Produce a SEP delimited list of all paired combinations of elements of
|
|
||||||
# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
|
|
||||||
# has the form PREFIXmINFIXSUFFIXn.
|
|
||||||
# Needed until we can rely on m4_combine added in Autoconf 2.62.
|
|
||||||
m4_define([lt_combine],
|
|
||||||
[m4_if(m4_eval([$# > 3]), [1],
|
|
||||||
[m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
|
|
||||||
[[m4_foreach([_Lt_prefix], [$2],
|
|
||||||
[m4_foreach([_Lt_suffix],
|
|
||||||
]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
|
|
||||||
[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
|
|
||||||
# -----------------------------------------------------------------------
|
|
||||||
# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
|
|
||||||
# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
|
|
||||||
m4_define([lt_if_append_uniq],
|
|
||||||
[m4_ifdef([$1],
|
|
||||||
[m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
|
|
||||||
[lt_append([$1], [$2], [$3])$4],
|
|
||||||
[$5])],
|
|
||||||
[lt_append([$1], [$2], [$3])$4])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_dict_add(DICT, KEY, VALUE)
|
|
||||||
# -----------------------------
|
|
||||||
m4_define([lt_dict_add],
|
|
||||||
[m4_define([$1($2)], [$3])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
|
|
||||||
# --------------------------------------------
|
|
||||||
m4_define([lt_dict_add_subkey],
|
|
||||||
[m4_define([$1($2:$3)], [$4])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_dict_fetch(DICT, KEY, [SUBKEY])
|
|
||||||
# ----------------------------------
|
|
||||||
m4_define([lt_dict_fetch],
|
|
||||||
[m4_ifval([$3],
|
|
||||||
m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
|
|
||||||
m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
m4_define([lt_if_dict_fetch],
|
|
||||||
[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
|
|
||||||
[$5],
|
|
||||||
[$6])])
|
|
||||||
|
|
||||||
|
|
||||||
# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
m4_define([lt_dict_filter],
|
|
||||||
[m4_if([$5], [], [],
|
|
||||||
[lt_join(m4_quote(m4_default([$4], [[, ]])),
|
|
||||||
lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
|
|
||||||
[lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
|
|
||||||
])
|
|
23
m4/ltversion.m4
vendored
23
m4/ltversion.m4
vendored
@ -1,23 +0,0 @@
|
|||||||
# ltversion.m4 -- version numbers -*- Autoconf -*-
|
|
||||||
#
|
|
||||||
# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
|
|
||||||
# Written by Scott James Remnant, 2004
|
|
||||||
#
|
|
||||||
# This file is free software; the Free Software Foundation gives
|
|
||||||
# unlimited permission to copy and/or distribute it, with or without
|
|
||||||
# modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
# @configure_input@
|
|
||||||
|
|
||||||
# serial 4179 ltversion.m4
|
|
||||||
# This file is part of GNU Libtool
|
|
||||||
|
|
||||||
m4_define([LT_PACKAGE_VERSION], [2.4.6])
|
|
||||||
m4_define([LT_PACKAGE_REVISION], [2.4.6])
|
|
||||||
|
|
||||||
AC_DEFUN([LTVERSION_VERSION],
|
|
||||||
[macro_version='2.4.6'
|
|
||||||
macro_revision='2.4.6'
|
|
||||||
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
|
|
||||||
_LT_DECL(, macro_revision, 0)
|
|
||||||
])
|
|
99
m4/lt~obsolete.m4
vendored
99
m4/lt~obsolete.m4
vendored
@ -1,99 +0,0 @@
|
|||||||
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
|
|
||||||
#
|
|
||||||
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
|
|
||||||
# Foundation, Inc.
|
|
||||||
# Written by Scott James Remnant, 2004.
|
|
||||||
#
|
|
||||||
# This file is free software; the Free Software Foundation gives
|
|
||||||
# unlimited permission to copy and/or distribute it, with or without
|
|
||||||
# modifications, as long as this notice is preserved.
|
|
||||||
|
|
||||||
# serial 5 lt~obsolete.m4
|
|
||||||
|
|
||||||
# These exist entirely to fool aclocal when bootstrapping libtool.
|
|
||||||
#
|
|
||||||
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
|
|
||||||
# which have later been changed to m4_define as they aren't part of the
|
|
||||||
# exported API, or moved to Autoconf or Automake where they belong.
|
|
||||||
#
|
|
||||||
# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
|
|
||||||
# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
|
|
||||||
# using a macro with the same name in our local m4/libtool.m4 it'll
|
|
||||||
# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
|
|
||||||
# and doesn't know about Autoconf macros at all.)
|
|
||||||
#
|
|
||||||
# So we provide this file, which has a silly filename so it's always
|
|
||||||
# included after everything else. This provides aclocal with the
|
|
||||||
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
|
|
||||||
# because those macros already exist, or will be overwritten later.
|
|
||||||
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
|
|
||||||
#
|
|
||||||
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
|
|
||||||
# Yes, that means every name once taken will need to remain here until
|
|
||||||
# we give up compatibility with versions before 1.7, at which point
|
|
||||||
# we need to keep only those names which we still refer to.
|
|
||||||
|
|
||||||
# This is to help aclocal find these macros, as it can't see m4_define.
|
|
||||||
AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
|
|
||||||
|
|
||||||
m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
|
|
||||||
m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
|
|
||||||
m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
|
|
||||||
m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
|
|
||||||
m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
|
|
||||||
m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
|
|
||||||
m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
|
|
||||||
m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
|
|
||||||
m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
|
|
||||||
m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
|
|
||||||
m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
|
|
||||||
m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
|
|
||||||
m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
|
|
||||||
m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
|
|
||||||
m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
|
|
||||||
m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
|
|
||||||
m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
|
|
||||||
m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
|
|
||||||
m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
|
|
||||||
m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
|
|
||||||
m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
|
|
||||||
m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
|
|
||||||
m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
|
|
||||||
m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
|
|
||||||
m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
|
|
||||||
m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
|
|
||||||
m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
|
|
||||||
m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
|
|
||||||
m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
|
|
||||||
m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
|
|
||||||
m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])])
|
|
||||||
m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
|
|
||||||
m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
|
|
||||||
m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
|
|
||||||
m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
|
|
||||||
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
|
|
@ -1,84 +0,0 @@
|
|||||||
## Process this file with automake to produce Makefile.in
|
|
||||||
# by Michal Trojnara 2015-2017
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# File lists #
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
common_headers = common.h prototypes.h version.h
|
|
||||||
common_sources = tls.c str.c file.c client.c log.c options.c protocol.c
|
|
||||||
common_sources += network.c resolver.c ssl.c ctx.c verify.c sthreads.c
|
|
||||||
common_sources += fd.c dhparam.c cron.c stunnel.c
|
|
||||||
unix_sources = pty.c libwrap.c ui_unix.c
|
|
||||||
shared_sources = env.c
|
|
||||||
win32_gui_sources = ui_win_gui.c resources.h resources.rc
|
|
||||||
win32_gui_sources += stunnel.ico active.ico error.ico idle.ico
|
|
||||||
win32_cli_sources = ui_win_cli.c
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Generate a new set of DH parameters for each version #
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
dhparam.c: version.h
|
|
||||||
echo '#include "common.h"' >dhparam.c
|
|
||||||
echo '#ifndef OPENSSL_NO_DH' >>dhparam.c
|
|
||||||
echo '#define DN_new DH_new' >>dhparam.c
|
|
||||||
openssl dhparam -noout -C 2048 >>dhparam.c
|
|
||||||
echo '#endif /* OPENSSL_NO_DH */' >>dhparam.c
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Unix executables and shared library #
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
bin_PROGRAMS = stunnel
|
|
||||||
stunnel_SOURCES = $(common_headers) $(common_sources) $(unix_sources)
|
|
||||||
bin_SCRIPTS = stunnel3
|
|
||||||
|
|
||||||
EXTRA_DIST = stunnel3.in
|
|
||||||
CLEANFILES = stunnel3
|
|
||||||
|
|
||||||
# Red Hat "by design" bug #82369
|
|
||||||
stunnel_CPPFLAGS = -I/usr/kerberos/include
|
|
||||||
|
|
||||||
# Additional preprocesor definitions
|
|
||||||
stunnel_CPPFLAGS += -I$(SSLDIR)/include
|
|
||||||
stunnel_CPPFLAGS += -DLIBDIR='"$(pkglibdir)"'
|
|
||||||
stunnel_CPPFLAGS += -DCONFDIR='"$(sysconfdir)/stunnel"'
|
|
||||||
|
|
||||||
# TLS library
|
|
||||||
stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto
|
|
||||||
|
|
||||||
# stunnel3 script
|
|
||||||
edit = sed \
|
|
||||||
-e 's|@bindir[@]|$(bindir)|g'
|
|
||||||
stunnel3: Makefile
|
|
||||||
$(edit) '$(srcdir)/$@.in' >$@
|
|
||||||
stunnel3: $(srcdir)/stunnel3.in
|
|
||||||
|
|
||||||
# Unix shared library
|
|
||||||
pkglib_LTLIBRARIES = libstunnel.la
|
|
||||||
libstunnel_la_SOURCES = $(shared_sources)
|
|
||||||
libstunnel_la_LDFLAGS = -avoid-version
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# Win32 executables #
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
if AUTHOR_TESTS
|
|
||||||
# Just check if the programs can be built, don't perform any actual tests
|
|
||||||
#check-local: mingw mingw64
|
|
||||||
endif
|
|
||||||
|
|
||||||
mingw:
|
|
||||||
$(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=i686 win32_mingw=mingw
|
|
||||||
mingw64:
|
|
||||||
$(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=x86_64 win32_mingw=mingw64
|
|
||||||
.PHONY: mingw mingw64
|
|
||||||
|
|
||||||
clean-local:
|
|
||||||
rm -rf ../obj ../bin
|
|
||||||
|
|
||||||
# Remaining files to be included
|
|
||||||
EXTRA_DIST += $(win32_gui_sources) $(win32_cli_sources)
|
|
||||||
EXTRA_DIST += make.bat makece.bat makew32.bat
|
|
||||||
EXTRA_DIST += mingw.mk mingw.mak evc.mak vc.mak os2.mak
|
|
1157
src/Makefile.in
1157
src/Makefile.in
File diff suppressed because it is too large
Load Diff
BIN
src/active.ico
BIN
src/active.ico
Binary file not shown.
Before Width: | Height: | Size: 1.1 KiB |
1619
src/client.c
1619
src/client.c
File diff suppressed because it is too large
Load Diff
525
src/common.h
525
src/common.h
@ -1,525 +0,0 @@
|
|||||||
/*
|
|
||||||
* stunnel TLS offloading and load-balancing proxy
|
|
||||||
* Copyright (C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License as published by the
|
|
||||||
* Free Software Foundation; either version 2 of the License, or (at your
|
|
||||||
* option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
* See the GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License along
|
|
||||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
*
|
|
||||||
* Linking stunnel statically or dynamically with other modules is making
|
|
||||||
* a combined work based on stunnel. Thus, the terms and conditions of
|
|
||||||
* the GNU General Public License cover the whole combination.
|
|
||||||
*
|
|
||||||
* In addition, as a special exception, the copyright holder of stunnel
|
|
||||||
* gives you permission to combine stunnel with free software programs or
|
|
||||||
* libraries that are released under the GNU LGPL and with code included
|
|
||||||
* in the standard release of OpenSSL under the OpenSSL License (or
|
|
||||||
* modified versions of such code, with unchanged license). You may copy
|
|
||||||
* and distribute such a system following the terms of the GNU GPL for
|
|
||||||
* stunnel and the licenses of the other code concerned.
|
|
||||||
*
|
|
||||||
* Note that people who make modified versions of stunnel are not obligated
|
|
||||||
* to grant this special exception for their modified versions; it is their
|
|
||||||
* choice whether to do so. The GNU General Public License gives permission
|
|
||||||
* to release a modified version without this exception; this exception
|
|
||||||
* also makes it possible to release a modified version which carries
|
|
||||||
* forward this exception.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef COMMON_H
|
|
||||||
#define COMMON_H
|
|
||||||
|
|
||||||
#include "version.h"
|
|
||||||
|
|
||||||
/**************************************** common constants */
|
|
||||||
|
|
||||||
#define LIBWRAP_CLIENTS 5
|
|
||||||
|
|
||||||
/* CPU stack size */
|
|
||||||
#define DEFAULT_STACK_SIZE 65536
|
|
||||||
/* #define DEBUG_STACK_SIZE */
|
|
||||||
|
|
||||||
/* I/O buffer size: 18432 (0x4800) is the maximum size of TLS record payload */
|
|
||||||
#define BUFFSIZE 18432
|
|
||||||
|
|
||||||
/* how many bytes of random input to read from files for PRNG */
|
|
||||||
/* OpenSSL likes at least 128 bits, so 64 bytes seems plenty. */
|
|
||||||
#define RANDOM_BYTES 64
|
|
||||||
|
|
||||||
/* for FormatGuard */
|
|
||||||
/* #define __NO_FORMATGUARD_ */
|
|
||||||
|
|
||||||
/* additional diagnostic messages */
|
|
||||||
/* #define DEBUG_FD_ALLOC */
|
|
||||||
|
|
||||||
#ifdef DEBUG_INFO
|
|
||||||
#define NOEXPORT
|
|
||||||
#else
|
|
||||||
#define NOEXPORT static
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**************************************** platform */
|
|
||||||
|
|
||||||
#ifdef _WIN32
|
|
||||||
#define USE_WIN32
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef _WIN32_WCE
|
|
||||||
#define USE_WIN32
|
|
||||||
typedef int socklen_t;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
typedef signed char int8_t;
|
|
||||||
typedef signed short int16_t;
|
|
||||||
typedef signed int int32_t;
|
|
||||||
typedef signed long long int64_t;
|
|
||||||
typedef unsigned char uint8_t;
|
|
||||||
typedef unsigned short uint16_t;
|
|
||||||
typedef unsigned int uint32_t;
|
|
||||||
typedef unsigned long long uint64_t;
|
|
||||||
#ifndef __MINGW32__
|
|
||||||
#ifdef _WIN64
|
|
||||||
typedef __int64 ssize_t;
|
|
||||||
#else /* _WIN64 */
|
|
||||||
typedef int ssize_t;
|
|
||||||
#endif /* _WIN64 */
|
|
||||||
#endif /* !__MINGW32__ */
|
|
||||||
#define PATH_MAX MAX_PATH
|
|
||||||
#define USE_IPv6
|
|
||||||
#define _CRT_SECURE_NO_DEPRECATE
|
|
||||||
#define _CRT_NONSTDC_NO_DEPRECATE
|
|
||||||
#define _CRT_NON_CONFORMING_SWPRINTFS
|
|
||||||
/* prevent including wincrypt.h, as it defines its own OCSP_RESPONSE */
|
|
||||||
#define __WINCRYPT_H__
|
|
||||||
#define S_EADDRINUSE WSAEADDRINUSE
|
|
||||||
/* winsock does not define WSAEAGAIN */
|
|
||||||
/* in most (but not all!) BSD implementations EAGAIN==EWOULDBLOCK */
|
|
||||||
#define S_EAGAIN WSAEWOULDBLOCK
|
|
||||||
#define S_ECONNRESET WSAECONNRESET
|
|
||||||
#define S_EINPROGRESS WSAEINPROGRESS
|
|
||||||
#define S_EINTR WSAEINTR
|
|
||||||
#define S_EINVAL WSAEINVAL
|
|
||||||
#define S_EISCONN WSAEISCONN
|
|
||||||
#define S_EMFILE WSAEMFILE
|
|
||||||
/* winsock does not define WSAENFILE */
|
|
||||||
#define S_ENOBUFS WSAENOBUFS
|
|
||||||
/* winsock does not define WSAENOMEM */
|
|
||||||
#define S_ENOPROTOOPT WSAENOPROTOOPT
|
|
||||||
#define S_ENOTSOCK WSAENOTSOCK
|
|
||||||
#define S_EOPNOTSUPP WSAEOPNOTSUPP
|
|
||||||
#define S_EWOULDBLOCK WSAEWOULDBLOCK
|
|
||||||
#define S_ECONNABORTED WSAECONNABORTED
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
#define S_EADDRINUSE EADDRINUSE
|
|
||||||
#define S_EAGAIN EAGAIN
|
|
||||||
#define S_ECONNRESET ECONNRESET
|
|
||||||
#define S_EINPROGRESS EINPROGRESS
|
|
||||||
#define S_EINTR EINTR
|
|
||||||
#define S_EINVAL EINVAL
|
|
||||||
#define S_EISCONN EISCONN
|
|
||||||
#define S_EMFILE EMFILE
|
|
||||||
#ifdef ENFILE
|
|
||||||
#define S_ENFILE ENFILE
|
|
||||||
#endif
|
|
||||||
#ifdef ENOBUFS
|
|
||||||
#define S_ENOBUFS ENOBUFS
|
|
||||||
#endif
|
|
||||||
#ifdef ENOMEM
|
|
||||||
#define S_ENOMEM ENOMEM
|
|
||||||
#endif
|
|
||||||
#define S_ENOPROTOOPT ENOPROTOOPT
|
|
||||||
#define S_ENOTSOCK ENOTSOCK
|
|
||||||
#define S_EOPNOTSUPP EOPNOTSUPP
|
|
||||||
#define S_EWOULDBLOCK EWOULDBLOCK
|
|
||||||
#define S_ECONNABORTED ECONNABORTED
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
/**************************************** generic headers */
|
|
||||||
|
|
||||||
#ifdef __vms
|
|
||||||
#include <starlet.h>
|
|
||||||
#endif /* __vms */
|
|
||||||
|
|
||||||
/* for nsr-tandem-nsk architecture */
|
|
||||||
#ifdef __TANDEM
|
|
||||||
#include <floss.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* threads model */
|
|
||||||
#ifdef USE_UCONTEXT
|
|
||||||
#define __MAKECONTEXT_V2_SOURCE
|
|
||||||
#include <ucontext.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_PTHREAD
|
|
||||||
#ifndef THREADS
|
|
||||||
#define THREADS
|
|
||||||
#endif
|
|
||||||
#ifndef _REENTRANT
|
|
||||||
/* _REENTRANT is required for thread-safe errno on Solaris */
|
|
||||||
#define _REENTRANT
|
|
||||||
#endif
|
|
||||||
#ifndef _THREAD_SAFE
|
|
||||||
#define _THREAD_SAFE
|
|
||||||
#endif
|
|
||||||
#include <pthread.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* systemd */
|
|
||||||
#ifdef USE_SYSTEMD
|
|
||||||
#include <systemd/sd-daemon.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_STDINT_H
|
|
||||||
#include <stdint.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_INTTYPES_H
|
|
||||||
#include <inttypes.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* must be included before sys/stat.h for Ultrix */
|
|
||||||
/* must be included before sys/socket.h for OpenBSD */
|
|
||||||
#include <sys/types.h> /* u_short, u_long */
|
|
||||||
/* general headers */
|
|
||||||
#include <stdio.h>
|
|
||||||
/* must be included before sys/stat.h for Ultrix */
|
|
||||||
#ifndef _WIN32_WCE
|
|
||||||
#include <errno.h>
|
|
||||||
#endif
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdarg.h> /* va_ */
|
|
||||||
#include <string.h>
|
|
||||||
#include <ctype.h> /* isalnum */
|
|
||||||
#include <time.h>
|
|
||||||
#include <sys/stat.h> /* stat */
|
|
||||||
#include <setjmp.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
|
|
||||||
/**************************************** WIN32 headers */
|
|
||||||
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
|
|
||||||
#define HAVE_STRUCT_ADDRINFO
|
|
||||||
#define HAVE_SNPRINTF
|
|
||||||
#define snprintf _snprintf
|
|
||||||
#define HAVE_VSNPRINTF
|
|
||||||
#define vsnprintf _vsnprintf
|
|
||||||
#define strcasecmp _stricmp
|
|
||||||
#define strncasecmp _strnicmp
|
|
||||||
#define sleep(c) Sleep(1000*(c))
|
|
||||||
|
|
||||||
#define get_last_socket_error() WSAGetLastError()
|
|
||||||
#define set_last_socket_error(e) WSASetLastError(e)
|
|
||||||
#define get_last_error() GetLastError()
|
|
||||||
#define set_last_error(e) SetLastError(e)
|
|
||||||
#define readsocket(s,b,n) recv((s),(b),(int)(n),0)
|
|
||||||
#define writesocket(s,b,n) send((s),(b),(int)(n),0)
|
|
||||||
|
|
||||||
/* #define Win32_Winsock */
|
|
||||||
#define __USE_W32_SOCKETS
|
|
||||||
|
|
||||||
/* Winsock2 header for IPv6 definitions */
|
|
||||||
#include <winsock2.h>
|
|
||||||
#include <ws2tcpip.h>
|
|
||||||
|
|
||||||
#include <windows.h>
|
|
||||||
|
|
||||||
#include <process.h> /* _beginthread */
|
|
||||||
#include <shlobj.h> /* SHGetFolderPath */
|
|
||||||
#include <tchar.h>
|
|
||||||
|
|
||||||
#include "resources.h"
|
|
||||||
|
|
||||||
/**************************************** non-WIN32 headers */
|
|
||||||
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
|
|
||||||
#ifdef __INNOTEK_LIBC__
|
|
||||||
#define socklen_t __socklen_t
|
|
||||||
#define strcasecmp stricmp
|
|
||||||
#define strncasecmp strnicmp
|
|
||||||
#define NI_NUMERICHOST 1
|
|
||||||
#define NI_NUMERICSERV 2
|
|
||||||
#define get_last_socket_error() sock_errno()
|
|
||||||
#define set_last_socket_error(e) ()
|
|
||||||
#define get_last_error() errno
|
|
||||||
#define set_last_error(e) (errno=(e))
|
|
||||||
#define readsocket(s,b,n) recv((s),(b),(n),0)
|
|
||||||
#define writesocket(s,b,n) send((s),(b),(n),0)
|
|
||||||
#define closesocket(s) close(s)
|
|
||||||
#define ioctlsocket(a,b,c) so_ioctl((a),(b),(c))
|
|
||||||
#else
|
|
||||||
#define get_last_socket_error() errno
|
|
||||||
#define set_last_socket_error(e) (errno=(e))
|
|
||||||
#define get_last_error() errno
|
|
||||||
#define set_last_error(e) (errno=(e))
|
|
||||||
#define readsocket(s,b,n) read((s),(b),(n))
|
|
||||||
#define writesocket(s,b,n) write((s),(b),(n))
|
|
||||||
#define closesocket(s) close(s)
|
|
||||||
#define ioctlsocket(a,b,c) ioctl((a),(b),(c))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
typedef int SOCKET;
|
|
||||||
#define INVALID_SOCKET (-1)
|
|
||||||
|
|
||||||
/* OpenVMS compatibility */
|
|
||||||
#ifdef __vms
|
|
||||||
#define LIBDIR "__NA__"
|
|
||||||
#ifdef __alpha
|
|
||||||
#define HOST "alpha-openvms"
|
|
||||||
#else
|
|
||||||
#define HOST "vax-openvms"
|
|
||||||
#endif
|
|
||||||
#include <inet.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#else /* __vms */
|
|
||||||
#include <syslog.h>
|
|
||||||
#endif /* __vms */
|
|
||||||
|
|
||||||
/* Unix-specific headers */
|
|
||||||
#include <signal.h> /* signal */
|
|
||||||
#include <sys/wait.h> /* wait */
|
|
||||||
#ifdef HAVE_LIMITS_H
|
|
||||||
#include <limits.h> /* INT_MAX */
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_SYS_RESOURCE_H
|
|
||||||
#include <sys/resource.h> /* getrlimit */
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_UNISTD_H
|
|
||||||
#include <unistd.h> /* getpid, fork, execvp, exit */
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_STROPTS_H
|
|
||||||
#include <stropts.h>
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_MALLOC_H
|
|
||||||
#include <malloc.h> /* mallopt */
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_SYS_SELECT_H
|
|
||||||
#include <sys/select.h> /* for aix */
|
|
||||||
#endif
|
|
||||||
#include <dirent.h>
|
|
||||||
|
|
||||||
#if defined(HAVE_POLL) && !defined(BROKEN_POLL)
|
|
||||||
#ifdef HAVE_POLL_H
|
|
||||||
#include <poll.h>
|
|
||||||
#define USE_POLL
|
|
||||||
#else /* HAVE_POLL_H */
|
|
||||||
#ifdef HAVE_SYS_POLL_H
|
|
||||||
#include <sys/poll.h>
|
|
||||||
#define USE_POLL
|
|
||||||
#endif /* HAVE_SYS_POLL_H */
|
|
||||||
#endif /* HAVE_POLL_H */
|
|
||||||
#endif /* HAVE_POLL && !BROKEN_POLL */
|
|
||||||
|
|
||||||
#ifdef HAVE_SYS_FILIO_H
|
|
||||||
#include <sys/filio.h> /* for FIONBIO */
|
|
||||||
#endif
|
|
||||||
#include <pwd.h>
|
|
||||||
#ifdef HAVE_GRP_H
|
|
||||||
#include <grp.h>
|
|
||||||
#endif
|
|
||||||
#ifdef __BEOS__
|
|
||||||
#include <posix/grp.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_SYS_UIO_H
|
|
||||||
#include <sys/uio.h> /* struct iovec */
|
|
||||||
#endif /* HAVE_SYS_UIO_H */
|
|
||||||
|
|
||||||
/* BSD sockets */
|
|
||||||
#include <netinet/in.h> /* struct sockaddr_in */
|
|
||||||
#include <sys/socket.h> /* getpeername */
|
|
||||||
#include <arpa/inet.h> /* inet_ntoa */
|
|
||||||
#include <sys/time.h> /* select */
|
|
||||||
#include <sys/ioctl.h> /* ioctl */
|
|
||||||
#ifdef HAVE_SYS_UN_H
|
|
||||||
#include <sys/un.h>
|
|
||||||
#endif
|
|
||||||
#include <netinet/tcp.h>
|
|
||||||
#include <netdb.h>
|
|
||||||
#ifndef INADDR_ANY
|
|
||||||
#define INADDR_ANY (u32)0x00000000
|
|
||||||
#endif
|
|
||||||
#ifndef INADDR_LOOPBACK
|
|
||||||
#define INADDR_LOOPBACK (u32)0x7F000001
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(HAVE_WAITPID)
|
|
||||||
/* for SYSV systems */
|
|
||||||
#define wait_for_pid(a, b, c) waitpid((a), (b), (c))
|
|
||||||
#define HAVE_WAIT_FOR_PID 1
|
|
||||||
#elif defined(HAVE_WAIT4)
|
|
||||||
/* for BSD systems */
|
|
||||||
#define wait_for_pid(a, b, c) wait4((a), (b), (c), NULL)
|
|
||||||
#define HAVE_WAIT_FOR_PID 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* SunOS 4 */
|
|
||||||
#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
|
|
||||||
#define atexit(a) on_exit((a), NULL)
|
|
||||||
extern int sys_nerr;
|
|
||||||
extern char *sys_errlist[];
|
|
||||||
#define strerror(num) ((num)==0 ? "No error" : \
|
|
||||||
((num)>=sys_nerr ? "Unknown error" : sys_errlist[num]))
|
|
||||||
#endif /* SunOS 4 */
|
|
||||||
|
|
||||||
/* AIX does not have SOL_TCP defined */
|
|
||||||
#ifndef SOL_TCP
|
|
||||||
#define SOL_TCP SOL_SOCKET
|
|
||||||
#endif /* SOL_TCP */
|
|
||||||
|
|
||||||
/* Linux */
|
|
||||||
#ifdef __linux__
|
|
||||||
#ifndef IP_FREEBIND
|
|
||||||
/* kernel headers without IP_FREEBIND definition */
|
|
||||||
#define IP_FREEBIND 15
|
|
||||||
#endif /* IP_FREEBIND */
|
|
||||||
#ifndef IP_TRANSPARENT
|
|
||||||
/* kernel headers without IP_TRANSPARENT definition */
|
|
||||||
#define IP_TRANSPARENT 19
|
|
||||||
#endif /* IP_TRANSPARENT */
|
|
||||||
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
|
|
||||||
#include <limits.h>
|
|
||||||
#include <linux/types.h>
|
|
||||||
#include <linux/netfilter_ipv4.h>
|
|
||||||
#endif /* HAVE_LINUX_NETFILTER_IPV4_H */
|
|
||||||
#endif /* __linux__ */
|
|
||||||
#ifdef HAVE_SYS_SYSCALL_H
|
|
||||||
#include <sys/syscall.h> /* SYS_gettid */
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_LINUX_SCHED_H
|
|
||||||
#include <linux/sched.h> /* SCHED_BATCH */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
#ifndef S_ISREG
|
|
||||||
#define S_ISREG(m) (((m)&S_IFMT)==S_IFREG)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**************************************** OpenSSL headers */
|
|
||||||
|
|
||||||
#define OPENSSL_THREAD_DEFINES
|
|
||||||
#include <openssl/opensslconf.h>
|
|
||||||
/* opensslv.h requires prior opensslconf.h to include -fips in version string */
|
|
||||||
#include <openssl/opensslv.h>
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x0090700fL
|
|
||||||
#error OpenSSL 0.9.7 or later is required
|
|
||||||
#endif /* OpenSSL older than 0.9.7 */
|
|
||||||
|
|
||||||
#if defined(USE_PTHREAD) && !defined(OPENSSL_THREADS)
|
|
||||||
#error OpenSSL library compiled without thread support
|
|
||||||
#endif /* !OPENSSL_THREADS && USE_PTHREAD */
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x0090800fL
|
|
||||||
#define OPENSSL_NO_ECDH
|
|
||||||
#define OPENSSL_NO_COMP
|
|
||||||
#endif /* OpenSSL older than 0.9.8 */
|
|
||||||
|
|
||||||
/* non-blocking OCSP API is not available before OpenSSL 0.9.8h */
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x00908080L
|
|
||||||
#ifndef OPENSSL_NO_OCSP
|
|
||||||
#define OPENSSL_NO_OCSP
|
|
||||||
#endif /* !defined(OPENSSL_NO_OCSP) */
|
|
||||||
#endif /* OpenSSL older than 0.9.8h */
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x00908060L
|
|
||||||
#define OPENSSL_NO_TLSEXT
|
|
||||||
#endif /* OpenSSL older than 0.9.8f */
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x10000000L
|
|
||||||
#define OPENSSL_NO_PSK
|
|
||||||
#endif /* OpenSSL older than 1.0.0 */
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x10001000L || defined(OPENSSL_NO_TLS1)
|
|
||||||
#define OPENSSL_NO_TLS1_1
|
|
||||||
#define OPENSSL_NO_TLS1_2
|
|
||||||
#endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
||||||
#ifndef OPENSSL_NO_SSL2
|
|
||||||
#define OPENSSL_NO_SSL2
|
|
||||||
#endif /* !defined(OPENSSL_NO_SSL2) */
|
|
||||||
#else /* OpenSSL older than 1.1.0 */
|
|
||||||
#define X509_STORE_CTX_get0_chain(x) X509_STORE_CTX_get_chain(x)
|
|
||||||
#endif /* OpenSSL 1.1.0 or newer */
|
|
||||||
|
|
||||||
#if defined(USE_WIN32) && defined(OPENSSL_FIPS)
|
|
||||||
#define USE_FIPS
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <openssl/lhash.h>
|
|
||||||
#include <openssl/ssl.h>
|
|
||||||
#include <openssl/ui.h>
|
|
||||||
#include <openssl/err.h>
|
|
||||||
#include <openssl/crypto.h> /* for CRYPTO_* and SSLeay_version */
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/pkcs12.h>
|
|
||||||
#ifndef OPENSSL_NO_MD4
|
|
||||||
#include <openssl/md4.h>
|
|
||||||
#endif /* !defined(OPENSSL_NO_MD4) */
|
|
||||||
#include <openssl/des.h>
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
#include <openssl/dh.h>
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x10100000L
|
|
||||||
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
|
||||||
#endif /* OpenSSL older than 1.1.0 */
|
|
||||||
#endif /* !defined(OPENSSL_NO_DH) */
|
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
|
||||||
#include <openssl/engine.h>
|
|
||||||
#endif /* !defined(OPENSSL_NO_ENGINE) */
|
|
||||||
#ifndef OPENSSL_NO_OCSP
|
|
||||||
#include <openssl/ocsp.h>
|
|
||||||
#endif /* !defined(OPENSSL_NO_OCSP) */
|
|
||||||
#ifndef OPENSSL_NO_COMP
|
|
||||||
/* not defined in public headers before OpenSSL 0.9.8 */
|
|
||||||
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
|
|
||||||
#endif /* !defined(OPENSSL_NO_COMP) */
|
|
||||||
|
|
||||||
#ifndef OPENSSL_VERSION
|
|
||||||
#define OPENSSL_VERSION SSLEAY_VERSION
|
|
||||||
#define OpenSSL_version_num() SSLeay()
|
|
||||||
#define OpenSSL_version(x) SSLeay_version(x)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**************************************** other defines */
|
|
||||||
|
|
||||||
/* always use IPv4 defaults! */
|
|
||||||
#define DEFAULT_LOOPBACK "127.0.0.1"
|
|
||||||
#define DEFAULT_ANY "0.0.0.0"
|
|
||||||
#if 0
|
|
||||||
#define DEFAULT_LOOPBACK "::1"
|
|
||||||
#define DEFAULT_ANY "::"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (USE_WIN32) || defined (__vms)
|
|
||||||
#define LOG_EMERG 0
|
|
||||||
#define LOG_ALERT 1
|
|
||||||
#define LOG_CRIT 2
|
|
||||||
#define LOG_ERR 3
|
|
||||||
#define LOG_WARNING 4
|
|
||||||
#define LOG_NOTICE 5
|
|
||||||
#define LOG_INFO 6
|
|
||||||
#define LOG_DEBUG 7
|
|
||||||
#endif /* defined (USE_WIN32) || defined (__vms) */
|
|
||||||
|
|
||||||
#ifndef offsetof
|
|
||||||
#define offsetof(T, F) ((unsigned)((char *)&((T *)0L)->F - (char *)0L))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* defined COMMON_H */
|
|
||||||
|
|
||||||
/* end of common.h */
|
|
351
src/config.h.in
351
src/config.h.in
@ -1,351 +0,0 @@
|
|||||||
/* src/config.h.in. Generated from configure.ac by autoheader. */
|
|
||||||
|
|
||||||
/* Define to 1 if you have a broken 'poll' implementation. */
|
|
||||||
#undef BROKEN_POLL
|
|
||||||
|
|
||||||
/* Entropy Gathering Daemon socket path */
|
|
||||||
#undef EGD_SOCKET
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `accept4' function. */
|
|
||||||
#undef HAVE_ACCEPT4
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `chroot' function. */
|
|
||||||
#undef HAVE_CHROOT
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `daemon' function. */
|
|
||||||
#undef HAVE_DAEMON
|
|
||||||
|
|
||||||
/* Define to 1 if you have '/dev/ptmx' device. */
|
|
||||||
#undef HAVE_DEV_PTMX
|
|
||||||
|
|
||||||
/* Define to 1 if you have '/dev/ptc' device. */
|
|
||||||
#undef HAVE_DEV_PTS_AND_PTC
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <dlfcn.h> header file. */
|
|
||||||
#undef HAVE_DLFCN_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `endhostent' function. */
|
|
||||||
#undef HAVE_ENDHOSTENT
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `FIPS_mode_set' function. */
|
|
||||||
#undef HAVE_FIPS_MODE_SET
|
|
||||||
|
|
||||||
/* Define to 1 if you have 'getaddrinfo' function. */
|
|
||||||
#undef HAVE_GETADDRINFO
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `getcontext' function. */
|
|
||||||
#undef HAVE_GETCONTEXT
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `gethostbyname2' function. */
|
|
||||||
#undef HAVE_GETHOSTBYNAME2
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `getnameinfo' function. */
|
|
||||||
#undef HAVE_GETNAMEINFO
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `getrlimit' function. */
|
|
||||||
#undef HAVE_GETRLIMIT
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <grp.h> header file. */
|
|
||||||
#undef HAVE_GRP_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <inttypes.h> header file. */
|
|
||||||
#undef HAVE_INTTYPES_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <libutil.h> header file. */
|
|
||||||
#undef HAVE_LIBUTIL_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <limits.h> header file. */
|
|
||||||
#undef HAVE_LIMITS_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <linux/netfilter_ipv4.h> header file. */
|
|
||||||
#undef HAVE_LINUX_NETFILTER_IPV4_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <linux/sched.h> header file. */
|
|
||||||
#undef HAVE_LINUX_SCHED_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `localtime_r' function. */
|
|
||||||
#undef HAVE_LOCALTIME_R
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <malloc.h> header file. */
|
|
||||||
#undef HAVE_MALLOC_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <memory.h> header file. */
|
|
||||||
#undef HAVE_MEMORY_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have 'msghdr.msg_control' structure. */
|
|
||||||
#undef HAVE_MSGHDR_MSG_CONTROL
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `openpty' function. */
|
|
||||||
#undef HAVE_OPENPTY
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `pipe2' function. */
|
|
||||||
#undef HAVE_PIPE2
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `poll' function. */
|
|
||||||
#undef HAVE_POLL
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <poll.h> header file. */
|
|
||||||
#undef HAVE_POLL_H
|
|
||||||
|
|
||||||
/* Define if you have POSIX threads libraries and header files. */
|
|
||||||
#undef HAVE_PTHREAD
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <pthread.h> header file. */
|
|
||||||
#undef HAVE_PTHREAD_H
|
|
||||||
|
|
||||||
/* Have PTHREAD_PRIO_INHERIT. */
|
|
||||||
#undef HAVE_PTHREAD_PRIO_INHERIT
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `pthread_sigmask' function. */
|
|
||||||
#undef HAVE_PTHREAD_SIGMASK
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <pty.h> header file. */
|
|
||||||
#undef HAVE_PTY_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `realpath' function. */
|
|
||||||
#undef HAVE_REALPATH
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `setgroups' function. */
|
|
||||||
#undef HAVE_SETGROUPS
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `setsid' function. */
|
|
||||||
#undef HAVE_SETSID
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `snprintf' function. */
|
|
||||||
#undef HAVE_SNPRINTF
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <stdint.h> header file. */
|
|
||||||
#undef HAVE_STDINT_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <stdlib.h> header file. */
|
|
||||||
#undef HAVE_STDLIB_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <strings.h> header file. */
|
|
||||||
#undef HAVE_STRINGS_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <string.h> header file. */
|
|
||||||
#undef HAVE_STRING_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <stropts.h> header file. */
|
|
||||||
#undef HAVE_STROPTS_H
|
|
||||||
|
|
||||||
/* Define to 1 if the system has the type `struct addrinfo'. */
|
|
||||||
#undef HAVE_STRUCT_ADDRINFO
|
|
||||||
|
|
||||||
/* Define to 1 if `msg_control' is a member of `struct msghdr'. */
|
|
||||||
#undef HAVE_STRUCT_MSGHDR_MSG_CONTROL
|
|
||||||
|
|
||||||
/* Define to 1 if the system has the type `struct sockaddr_un'. */
|
|
||||||
#undef HAVE_STRUCT_SOCKADDR_UN
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `sysconf' function. */
|
|
||||||
#undef HAVE_SYSCONF
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <systemd/sd-daemon.h> header file. */
|
|
||||||
#undef HAVE_SYSTEMD_SD_DAEMON_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/filio.h> header file. */
|
|
||||||
#undef HAVE_SYS_FILIO_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/ioctl.h> header file. */
|
|
||||||
#undef HAVE_SYS_IOCTL_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/poll.h> header file. */
|
|
||||||
#undef HAVE_SYS_POLL_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/resource.h> header file. */
|
|
||||||
#undef HAVE_SYS_RESOURCE_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/select.h> header file. */
|
|
||||||
#undef HAVE_SYS_SELECT_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/socket.h> header file. */
|
|
||||||
#undef HAVE_SYS_SOCKET_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
|
||||||
#undef HAVE_SYS_STAT_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/syscall.h> header file. */
|
|
||||||
#undef HAVE_SYS_SYSCALL_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
|
||||||
#undef HAVE_SYS_TYPES_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/uio.h> header file. */
|
|
||||||
#undef HAVE_SYS_UIO_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <sys/un.h> header file. */
|
|
||||||
#undef HAVE_SYS_UN_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <tcpd.h> header file. */
|
|
||||||
#undef HAVE_TCPD_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <ucontext.h> header file. */
|
|
||||||
#undef HAVE_UCONTEXT_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <unistd.h> header file. */
|
|
||||||
#undef HAVE_UNISTD_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the <util.h> header file. */
|
|
||||||
#undef HAVE_UTIL_H
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `vsnprintf' function. */
|
|
||||||
#undef HAVE_VSNPRINTF
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `wait4' function. */
|
|
||||||
#undef HAVE_WAIT4
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `waitpid' function. */
|
|
||||||
#undef HAVE_WAITPID
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `_getpty' function. */
|
|
||||||
#undef HAVE__GETPTY
|
|
||||||
|
|
||||||
/* Define to 1 if you have the `__makecontext_v2' function. */
|
|
||||||
#undef HAVE___MAKECONTEXT_V2
|
|
||||||
|
|
||||||
/* Host description */
|
|
||||||
#undef HOST
|
|
||||||
|
|
||||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
|
||||||
#undef LT_OBJDIR
|
|
||||||
|
|
||||||
/* Name of package */
|
|
||||||
#undef PACKAGE
|
|
||||||
|
|
||||||
/* Define to the address where bug reports for this package should be sent. */
|
|
||||||
#undef PACKAGE_BUGREPORT
|
|
||||||
|
|
||||||
/* Define to the full name of this package. */
|
|
||||||
#undef PACKAGE_NAME
|
|
||||||
|
|
||||||
/* Define to the full name and version of this package. */
|
|
||||||
#undef PACKAGE_STRING
|
|
||||||
|
|
||||||
/* Define to the one symbol short name of this package. */
|
|
||||||
#undef PACKAGE_TARNAME
|
|
||||||
|
|
||||||
/* Define to the home page for this package. */
|
|
||||||
#undef PACKAGE_URL
|
|
||||||
|
|
||||||
/* Define to the version of this package. */
|
|
||||||
#undef PACKAGE_VERSION
|
|
||||||
|
|
||||||
/* Define to necessary symbol if this constant uses a non-standard name on
|
|
||||||
your system. */
|
|
||||||
#undef PTHREAD_CREATE_JOINABLE
|
|
||||||
|
|
||||||
/* Random file path */
|
|
||||||
#undef RANDOM_FILE
|
|
||||||
|
|
||||||
/* TLS directory */
|
|
||||||
#undef SSLDIR
|
|
||||||
|
|
||||||
/* Define to 1 if you have the ANSI C header files. */
|
|
||||||
#undef STDC_HEADERS
|
|
||||||
|
|
||||||
/* Define to 1 to enable OpenSSL FIPS support */
|
|
||||||
#undef USE_FIPS
|
|
||||||
|
|
||||||
/* Define to 1 to select FORK mode */
|
|
||||||
#undef USE_FORK
|
|
||||||
|
|
||||||
/* Define to 1 to enable IPv6 support */
|
|
||||||
#undef USE_IPv6
|
|
||||||
|
|
||||||
/* Define to 1 to enable TCP wrappers support */
|
|
||||||
#undef USE_LIBWRAP
|
|
||||||
|
|
||||||
/* Define to 1 to select PTHREAD mode */
|
|
||||||
#undef USE_PTHREAD
|
|
||||||
|
|
||||||
/* Define to 1 to enable systemd socket activation */
|
|
||||||
#undef USE_SYSTEMD
|
|
||||||
|
|
||||||
/* Define to 1 to select UCONTEXT mode */
|
|
||||||
#undef USE_UCONTEXT
|
|
||||||
|
|
||||||
/* Version number of package */
|
|
||||||
#undef VERSION
|
|
||||||
|
|
||||||
/* Use Darwin source */
|
|
||||||
#undef _DARWIN_C_SOURCE
|
|
||||||
|
|
||||||
/* Enable large inode numbers on Mac OS X 10.5. */
|
|
||||||
#ifndef _DARWIN_USE_64_BIT_INODE
|
|
||||||
# define _DARWIN_USE_64_BIT_INODE 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Number of bits in a file offset, on hosts where this is settable. */
|
|
||||||
#undef _FILE_OFFSET_BITS
|
|
||||||
|
|
||||||
/* Use GNU source */
|
|
||||||
#undef _GNU_SOURCE
|
|
||||||
|
|
||||||
/* Define for large files, on AIX-style hosts. */
|
|
||||||
#undef _LARGE_FILES
|
|
||||||
|
|
||||||
/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
|
|
||||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
|
||||||
#define below would cause a syntax error. */
|
|
||||||
#undef _UINT32_T
|
|
||||||
|
|
||||||
/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>,
|
|
||||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
|
||||||
#define below would cause a syntax error. */
|
|
||||||
#undef _UINT64_T
|
|
||||||
|
|
||||||
/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
|
|
||||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
|
||||||
#define below would cause a syntax error. */
|
|
||||||
#undef _UINT8_T
|
|
||||||
|
|
||||||
/* Use X/Open 5 with POSIX 1995 */
|
|
||||||
#undef _XOPEN_SOURCE
|
|
||||||
|
|
||||||
/* Define to `int' if <sys/types.h> doesn't define. */
|
|
||||||
#undef gid_t
|
|
||||||
|
|
||||||
/* Define to the type of a signed integer type of width exactly 16 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef int16_t
|
|
||||||
|
|
||||||
/* Define to the type of a signed integer type of width exactly 32 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef int32_t
|
|
||||||
|
|
||||||
/* Define to the type of a signed integer type of width exactly 64 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef int64_t
|
|
||||||
|
|
||||||
/* Define to the type of a signed integer type of width exactly 8 bits if such
|
|
||||||
a type exists and the standard includes do not define it. */
|
|
||||||
#undef int8_t
|
|
||||||
|
|
||||||
/* Define to `unsigned int' if <sys/types.h> does not define. */
|
|
||||||
#undef size_t
|
|
||||||
|
|
||||||
/* Type of socklen_t */
|
|
||||||
#undef socklen_t
|
|
||||||
|
|
||||||
/* Define to `int' if <sys/types.h> does not define. */
|
|
||||||
#undef ssize_t
|
|
||||||
|
|
||||||
/* Define to `int' if <sys/types.h> doesn't define. */
|
|
||||||
#undef uid_t
|
|
||||||
|
|
||||||
/* Define to the type of an unsigned integer type of width exactly 16 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef uint16_t
|
|
||||||
|
|
||||||
/* Define to the type of an unsigned integer type of width exactly 32 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef uint32_t
|
|
||||||
|
|
||||||
/* Define to the type of an unsigned integer type of width exactly 64 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef uint64_t
|
|
||||||
|
|
||||||
/* Define to the type of an unsigned integer type of width exactly 8 bits if
|
|
||||||
such a type exists and the standard includes do not define it. */
|
|
||||||
#undef uint8_t
|
|
201
src/cron.c
201
src/cron.c
@ -1,201 +0,0 @@
|
|||||||
/*
|
|
||||||
* stunnel TLS offloading and load-balancing proxy
|
|
||||||
* Copyright (C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License as published by the
|
|
||||||
* Free Software Foundation; either version 2 of the License, or (at your
|
|
||||||
* option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
* See the GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License along
|
|
||||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
*
|
|
||||||
* Linking stunnel statically or dynamically with other modules is making
|
|
||||||
* a combined work based on stunnel. Thus, the terms and conditions of
|
|
||||||
* the GNU General Public License cover the whole combination.
|
|
||||||
*
|
|
||||||
* In addition, as a special exception, the copyright holder of stunnel
|
|
||||||
* gives you permission to combine stunnel with free software programs or
|
|
||||||
* libraries that are released under the GNU LGPL and with code included
|
|
||||||
* in the standard release of OpenSSL under the OpenSSL License (or
|
|
||||||
* modified versions of such code, with unchanged license). You may copy
|
|
||||||
* and distribute such a system following the terms of the GNU GPL for
|
|
||||||
* stunnel and the licenses of the other code concerned.
|
|
||||||
*
|
|
||||||
* Note that people who make modified versions of stunnel are not obligated
|
|
||||||
* to grant this special exception for their modified versions; it is their
|
|
||||||
* choice whether to do so. The GNU General Public License gives permission
|
|
||||||
* to release a modified version without this exception; this exception
|
|
||||||
* also makes it possible to release a modified version which carries
|
|
||||||
* forward this exception.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "common.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
#ifdef USE_PTHREAD
|
|
||||||
NOEXPORT void *cron_thread(void *arg);
|
|
||||||
#endif
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
NOEXPORT void cron_thread(void *arg);
|
|
||||||
#endif
|
|
||||||
#if defined(USE_PTHREAD) || defined(USE_WIN32)
|
|
||||||
NOEXPORT void cron_worker(void);
|
|
||||||
NOEXPORT void cron_dh_param(void);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(USE_PTHREAD)
|
|
||||||
|
|
||||||
int cron_init() {
|
|
||||||
pthread_t thread;
|
|
||||||
pthread_attr_t pth_attr;
|
|
||||||
#if defined(HAVE_PTHREAD_SIGMASK) && !defined(__APPLE__)
|
|
||||||
sigset_t new_set, old_set;
|
|
||||||
#endif /* HAVE_PTHREAD_SIGMASK && !__APPLE__*/
|
|
||||||
|
|
||||||
#if defined(HAVE_PTHREAD_SIGMASK) && !defined(__APPLE__)
|
|
||||||
sigfillset(&new_set);
|
|
||||||
pthread_sigmask(SIG_SETMASK, &new_set, &old_set); /* block signals */
|
|
||||||
#endif /* HAVE_PTHREAD_SIGMASK && !__APPLE__*/
|
|
||||||
pthread_attr_init(&pth_attr);
|
|
||||||
pthread_attr_setdetachstate(&pth_attr, PTHREAD_CREATE_DETACHED);
|
|
||||||
if(pthread_create(&thread, &pth_attr, cron_thread, NULL))
|
|
||||||
ioerror("pthread_create");
|
|
||||||
pthread_attr_destroy(&pth_attr);
|
|
||||||
#if defined(HAVE_PTHREAD_SIGMASK) && !defined(__APPLE__)
|
|
||||||
pthread_sigmask(SIG_SETMASK, &old_set, NULL); /* unblock signals */
|
|
||||||
#endif /* HAVE_PTHREAD_SIGMASK && !__APPLE__*/
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
NOEXPORT void *cron_thread(void *arg) {
|
|
||||||
#ifdef SCHED_BATCH
|
|
||||||
struct sched_param param;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
(void)arg; /* squash the unused parameter warning */
|
|
||||||
tls_alloc(NULL, NULL, "cron");
|
|
||||||
#ifdef SCHED_BATCH
|
|
||||||
param.sched_priority=0;
|
|
||||||
if(pthread_setschedparam(pthread_self(), SCHED_BATCH, ¶m))
|
|
||||||
ioerror("pthread_getschedparam");
|
|
||||||
#endif
|
|
||||||
cron_worker();
|
|
||||||
return NULL; /* it should never be executed */
|
|
||||||
}
|
|
||||||
|
|
||||||
#elif defined(USE_WIN32)
|
|
||||||
|
|
||||||
int cron_init() {
|
|
||||||
if((long)_beginthread(cron_thread, 0, NULL)==-1)
|
|
||||||
ioerror("_beginthread");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
NOEXPORT void cron_thread(void *arg) {
|
|
||||||
(void)arg; /* squash the unused parameter warning */
|
|
||||||
tls_alloc(NULL, NULL, "cron");
|
|
||||||
if(!SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_LOWEST))
|
|
||||||
ioerror("SetThreadPriority");
|
|
||||||
cron_worker();
|
|
||||||
_endthread(); /* it should never be executed */
|
|
||||||
}
|
|
||||||
|
|
||||||
#else /* !defined(USE_PTHREAD) && !defined(USE_WIN32) */
|
|
||||||
|
|
||||||
int cron_init() {
|
|
||||||
/* not implemented for now */
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* run the cron job every 24 hours */
|
|
||||||
#define CRON_PERIOD (24*60*60)
|
|
||||||
|
|
||||||
#if defined(USE_PTHREAD) || defined(USE_WIN32)
|
|
||||||
|
|
||||||
NOEXPORT void cron_worker(void) {
|
|
||||||
time_t now, then;
|
|
||||||
int delay;
|
|
||||||
|
|
||||||
s_log(LOG_DEBUG, "Cron thread initialized");
|
|
||||||
sleep(60); /* allow the other services to start with idle CPU */
|
|
||||||
time(&then);
|
|
||||||
for(;;) {
|
|
||||||
s_log(LOG_INFO, "Executing cron jobs");
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
cron_dh_param();
|
|
||||||
#endif /* OPENSSL_NO_DH */
|
|
||||||
time(&now);
|
|
||||||
s_log(LOG_INFO, "Cron jobs completed in %d seconds", (int)(now-then));
|
|
||||||
then+=CRON_PERIOD;
|
|
||||||
if(then>now) {
|
|
||||||
delay=(int)(then-now);
|
|
||||||
} else {
|
|
||||||
s_log(LOG_NOTICE, "Cron backlog cleared (possible hibernation)");
|
|
||||||
delay=CRON_PERIOD-(int)(now-then)%CRON_PERIOD;
|
|
||||||
then=now+delay;
|
|
||||||
}
|
|
||||||
s_log(LOG_DEBUG, "Waiting %d seconds", delay);
|
|
||||||
do { /* retry sleep() if it was interrupted by a signal */
|
|
||||||
sleep((unsigned)delay);
|
|
||||||
time(&now);
|
|
||||||
delay=(int)(then-now);
|
|
||||||
} while(delay>0);
|
|
||||||
s_log(LOG_INFO, "Reopening log file");
|
|
||||||
signal_post(SIGNAL_REOPEN_LOG);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
NOEXPORT void cron_dh_param(void) {
|
|
||||||
SERVICE_OPTIONS *opt;
|
|
||||||
DH *dh;
|
|
||||||
|
|
||||||
if(!dh_needed)
|
|
||||||
return;
|
|
||||||
|
|
||||||
s_log(LOG_NOTICE, "Updating DH parameters");
|
|
||||||
#if OPENSSL_VERSION_NUMBER>=0x0090800fL
|
|
||||||
/* generate 2048-bit DH parameters */
|
|
||||||
dh=DH_new();
|
|
||||||
if(!dh) {
|
|
||||||
sslerror("DH_new");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if(!DH_generate_parameters_ex(dh, 2048, 2, NULL)) {
|
|
||||||
DH_free(dh);
|
|
||||||
sslerror("DH_generate_parameters_ex");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#else /* OpenSSL older than 0.9.8 */
|
|
||||||
dh=DH_generate_parameters(2048, 2, NULL, NULL);
|
|
||||||
if(!dh) {
|
|
||||||
sslerror("DH_generate_parameters");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* update global dh_params for future configuration reloads */
|
|
||||||
stunnel_write_lock(&stunnel_locks[LOCK_DH]);
|
|
||||||
DH_free(dh_params);
|
|
||||||
dh_params=dh;
|
|
||||||
stunnel_write_unlock(&stunnel_locks[LOCK_DH]);
|
|
||||||
|
|
||||||
/* set for all sections that require it */
|
|
||||||
for(opt=service_options.next; opt; opt=opt->next)
|
|
||||||
if(opt->option.dh_needed)
|
|
||||||
SSL_CTX_set_tmp_dh(opt->ctx, dh);
|
|
||||||
s_log(LOG_NOTICE, "DH parameters updated");
|
|
||||||
}
|
|
||||||
#endif /* OPENSSL_NO_DH */
|
|
||||||
|
|
||||||
#endif /* USE_PTHREAD || USE_WIN32 */
|
|
||||||
|
|
||||||
/* end of cron.c */
|
|
@ -1,57 +0,0 @@
|
|||||||
#include "common.h"
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
#define DN_new DH_new
|
|
||||||
#ifndef HEADER_DH_H
|
|
||||||
# include <openssl/dh.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
DH *get_dh2048()
|
|
||||||
{
|
|
||||||
static unsigned char dhp_2048[] = {
|
|
||||||
0xEF, 0xED, 0x5C, 0xA2, 0x8E, 0x37, 0xD8, 0xF4, 0xD1, 0xE9,
|
|
||||||
0x85, 0x06, 0x79, 0x0E, 0xC0, 0xBC, 0xD2, 0xF3, 0xBC, 0x26,
|
|
||||||
0xAE, 0x63, 0xB9, 0x06, 0xDF, 0x16, 0xDB, 0xE5, 0x76, 0x76,
|
|
||||||
0xD5, 0xBC, 0x4F, 0xC1, 0x55, 0x28, 0xC9, 0x7A, 0xC8, 0xD6,
|
|
||||||
0x1E, 0xB0, 0x5D, 0x85, 0x12, 0x39, 0x62, 0x06, 0x9D, 0x99,
|
|
||||||
0x4D, 0xCF, 0x79, 0x27, 0x94, 0xB6, 0xE1, 0xC2, 0x92, 0x06,
|
|
||||||
0xA3, 0xCF, 0x10, 0x25, 0xC4, 0x3D, 0x01, 0xD2, 0x34, 0x0C,
|
|
||||||
0x1F, 0xB2, 0xA3, 0x0D, 0xA8, 0xDC, 0xB6, 0x5F, 0xDB, 0x8C,
|
|
||||||
0xF6, 0x73, 0xC2, 0x07, 0x70, 0x4D, 0x01, 0x85, 0xE8, 0x49,
|
|
||||||
0xBC, 0xC1, 0x80, 0x6C, 0x77, 0x71, 0xFF, 0x5D, 0x25, 0x2F,
|
|
||||||
0x64, 0x5F, 0x0D, 0x33, 0xB3, 0x43, 0x24, 0xC0, 0xFC, 0xB3,
|
|
||||||
0x94, 0xEA, 0xF2, 0xB7, 0x24, 0x08, 0x12, 0x74, 0x9D, 0xEA,
|
|
||||||
0x20, 0x31, 0xD7, 0x0C, 0x0A, 0x84, 0x37, 0xCF, 0x34, 0x56,
|
|
||||||
0x85, 0xFB, 0xF4, 0x7C, 0xF4, 0x4E, 0x67, 0x0E, 0x63, 0xB2,
|
|
||||||
0x49, 0xAF, 0xA6, 0x43, 0xD3, 0x6E, 0x60, 0xA9, 0x96, 0xD6,
|
|
||||||
0xE8, 0x63, 0x7E, 0x23, 0x39, 0x91, 0xE1, 0xF6, 0xC3, 0x8B,
|
|
||||||
0x60, 0x92, 0x73, 0xB9, 0x5A, 0x69, 0xDF, 0x8A, 0xD4, 0x0E,
|
|
||||||
0x1C, 0x95, 0x82, 0x59, 0xE4, 0x3B, 0xA8, 0xAC, 0x46, 0x47,
|
|
||||||
0xE2, 0xFE, 0x98, 0xD7, 0xC2, 0xD4, 0xC6, 0x0A, 0xC5, 0x23,
|
|
||||||
0x98, 0xCA, 0x0C, 0x5A, 0x82, 0xE1, 0x17, 0xC8, 0xA4, 0x5C,
|
|
||||||
0x43, 0x2A, 0xE5, 0x5B, 0x20, 0x7C, 0x36, 0x90, 0x71, 0xB6,
|
|
||||||
0x02, 0x55, 0xF5, 0x26, 0x13, 0xCF, 0xB3, 0x4C, 0xB7, 0x89,
|
|
||||||
0x57, 0xC8, 0x27, 0x28, 0x72, 0x04, 0xF1, 0x78, 0x4B, 0xFF,
|
|
||||||
0xB3, 0x78, 0x60, 0x79, 0xEF, 0xDD, 0xDE, 0x34, 0x88, 0xE2,
|
|
||||||
0x00, 0x13, 0xED, 0x4B, 0x9F, 0xE7, 0x71, 0xBA, 0x68, 0xF6,
|
|
||||||
0xD2, 0x9E, 0xF3, 0x3B, 0x2D, 0x2B
|
|
||||||
};
|
|
||||||
static unsigned char dhg_2048[] = {
|
|
||||||
0x02
|
|
||||||
};
|
|
||||||
DH *dh = DH_new();
|
|
||||||
BIGNUM *dhp_bn, *dhg_bn;
|
|
||||||
|
|
||||||
if (dh == NULL)
|
|
||||||
return NULL;
|
|
||||||
dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
|
|
||||||
dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
|
|
||||||
if (dhp_bn == NULL || dhg_bn == NULL
|
|
||||||
|| !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
|
|
||||||
DH_free(dh);
|
|
||||||
BN_free(dhp_bn);
|
|
||||||
BN_free(dhg_bn);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
return dh;
|
|
||||||
}
|
|
||||||
#endif /* OPENSSL_NO_DH */
|
|
70
src/env.c
70
src/env.c
@ -1,70 +0,0 @@
|
|||||||
/*
|
|
||||||
* stunnel TLS offloading and load-balancing proxy
|
|
||||||
* Copyright (C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License as published by the
|
|
||||||
* Free Software Foundation; either version 2 of the License, or (at your
|
|
||||||
* option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
* See the GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License along
|
|
||||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
*
|
|
||||||
* Linking stunnel statically or dynamically with other modules is making
|
|
||||||
* a combined work based on stunnel. Thus, the terms and conditions of
|
|
||||||
* the GNU General Public License cover the whole combination.
|
|
||||||
*
|
|
||||||
* In addition, as a special exception, the copyright holder of stunnel
|
|
||||||
* gives you permission to combine stunnel with free software programs or
|
|
||||||
* libraries that are released under the GNU LGPL and with code included
|
|
||||||
* in the standard release of OpenSSL under the OpenSSL License (or
|
|
||||||
* modified versions of such code, with unchanged license). You may copy
|
|
||||||
* and distribute such a system following the terms of the GNU GPL for
|
|
||||||
* stunnel and the licenses of the other code concerned.
|
|
||||||
*
|
|
||||||
* Note that people who make modified versions of stunnel are not obligated
|
|
||||||
* to grant this special exception for their modified versions; it is their
|
|
||||||
* choice whether to do so. The GNU General Public License gives permission
|
|
||||||
* to release a modified version without this exception; this exception
|
|
||||||
* also makes it possible to release a modified version which carries
|
|
||||||
* forward this exception.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* getpeername() can't be declared in the following includes */
|
|
||||||
#define getpeername no_getpeername
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h> /* for AF_INET */
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <arpa/inet.h> /* for inet_addr() */
|
|
||||||
#include <stdlib.h> /* for getenv() */
|
|
||||||
#ifdef __BEOS__
|
|
||||||
#include <be/bone/arpa/inet.h> /* for AF_INET */
|
|
||||||
#include <be/bone/sys/socket.h> /* for AF_INET */
|
|
||||||
#else
|
|
||||||
#include <sys/socket.h> /* for AF_INET */
|
|
||||||
#endif
|
|
||||||
#undef getpeername
|
|
||||||
|
|
||||||
int getpeername(int s, struct sockaddr_in *name, int *len) {
|
|
||||||
char *value;
|
|
||||||
|
|
||||||
(void)s; /* squash the unused parameter warning */
|
|
||||||
(void)len; /* squash the unused parameter warning */
|
|
||||||
name->sin_family=AF_INET;
|
|
||||||
if((value=getenv("REMOTE_HOST")))
|
|
||||||
name->sin_addr.s_addr=inet_addr(value);
|
|
||||||
else
|
|
||||||
name->sin_addr.s_addr=htonl(INADDR_ANY);
|
|
||||||
if((value=getenv("REMOTE_PORT")))
|
|
||||||
name->sin_port=htons((uint16_t)atoi(value));
|
|
||||||
else
|
|
||||||
name->sin_port=htons(0); /* dynamic port allocation */
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* end of env.c */
|
|
BIN
src/error.ico
BIN
src/error.ico
Binary file not shown.
Before Width: | Height: | Size: 1.1 KiB |
167
src/evc.mak
167
src/evc.mak
@ -1,167 +0,0 @@
|
|||||||
# wce.mak for stunnel.exe by Michal Trojnara 2006-2012
|
|
||||||
# with help of Pierre Delaage <delaage.pierre@free.fr>
|
|
||||||
# pdelaage 20140610 : added UNICODE optional FLAG, always ACTIVE on WCE because of poor ANSI support
|
|
||||||
# pdelaage 20140610 : added _WIN32_WCE flag for RC compilation, to preprocess out "HELP" unsupported menu flag on WCE
|
|
||||||
# pdelaage 20140610 : ws2 lib is required to get WSAGetLastError routine (absent from winsock lib)
|
|
||||||
# pdelaage 20140610 : /Dx86 flag required for X86/Emulator targets, to get proper definition for InterlockedExchange
|
|
||||||
# pdelaage 20140610 : /MT flag is NON-SENSE for X86-WCE platforms, it is only meaningful for X86-W32-Desktop.
|
|
||||||
# for X86-WCE targets, although compiler "cl.exe" is REALLY the same as desktop W32 VS6 C++ compiler,
|
|
||||||
# the MT flags relating to LIBCMT is useless BECAUSE LIBCMT does NOT exist on WCE. No msvcrt on WCE either...
|
|
||||||
|
|
||||||
# pdelaage 20140610 : Note on /MC flag
|
|
||||||
# For other targets than X86/Emulator, /MC flag is redundant with "/nodefaultlib coredll.lib corelibc.lib" LD lib list.
|
|
||||||
# For << X86 / Emulator >> target, as the cl.exe compiler IS the SAME as the standard VS6.0 C++ compiler for Desktop Pentium processor,
|
|
||||||
# /MC flag is in fact NOT existing, thus requiring an explicit linking with core libs by using :
|
|
||||||
# /NODEFAULTLIB coredll.lib corelibc.lib,
|
|
||||||
# something that is correct for any WCE target, X86 and other, and leading /MC flag to be useless ALSO for other target than X86.
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# DEFAULTLIB management: only 2 are necessary
|
|
||||||
# defaultlibS, as given for CLxxx in the MS doc, ARE WRONG
|
|
||||||
|
|
||||||
# !!!!!!!!!!!!!!
|
|
||||||
# CUSTOMIZE THIS according to your wcecompat and openssl directories
|
|
||||||
# !!!!!!!!!!!!!!
|
|
||||||
|
|
||||||
# Modify this to point to your actual openssl compile directory
|
|
||||||
# (You did already compile openssl, didn't you???)
|
|
||||||
SSLDIR=C:\Users\pdelaage\Dvts\Contrib\openssl
|
|
||||||
|
|
||||||
# Note that we currently use a multi-target customized version of legacy Essemer/wcecompat lib
|
|
||||||
COMPATDIR=C:\Users\pdelaage\Dvts\Contrib\wcecompat\v12\patched3emu
|
|
||||||
|
|
||||||
WCEVER=420
|
|
||||||
|
|
||||||
# !!!!!!!!!!!!!!!!!!
|
|
||||||
# END CUSTOMIZATION
|
|
||||||
# !!!!!!!!!!!!!!!!!!
|
|
||||||
|
|
||||||
!IF "$(TARGETCPU)"=="X86"
|
|
||||||
WCETARGETCPU=_X86_
|
|
||||||
LDTARGETCPU=X86
|
|
||||||
#pdelaage 20140621 /Dx86 for inline defs of InterlockedExchange inline in winbase.h; no more /MT
|
|
||||||
MORECFLAGS=/Dx86
|
|
||||||
|
|
||||||
# TODO: continue list for other targets : see wcecompat/wcedefs.mak for a good ref.
|
|
||||||
# see also openssl/util/pl/vc-32.pl, also link /?
|
|
||||||
# for LDTARGETCPU: /MACHINE:{AM33|ARM|IA64|M32R|MIPS|MIPS16|MIPSFPU|MIPSFPU16|MIPSR41XX|SH3|SH3DSP|SH4|SH5|THUMB|X86}
|
|
||||||
# see wce/include/winnt.h for other "target architecture" flag
|
|
||||||
|
|
||||||
!ELSEIF "$(TARGETCPU)"=="emulator"
|
|
||||||
WCETARGETCPU=_X86_
|
|
||||||
LDTARGETCPU=X86
|
|
||||||
#pdelaage 20140621 /Dx86 for inline defs of InterlockedExchange inline in winbase.h; no more /MT
|
|
||||||
MORECFLAGS=/Dx86
|
|
||||||
|
|
||||||
!ELSEIF "$(TARGETCPU)"=="MIPS16" || "$(TARGETCPU)"=="MIPSII" || "$(TARGETCPU)"=="MIPSII_FP" || "$(TARGETCPU)"=="MIPSIV" || "$(TARGETCPU)"=="MIPSIV_FP"
|
|
||||||
WCETARGETCPU=_MIPS_
|
|
||||||
LDTARGETCPU=MIPS
|
|
||||||
#pdelaage 20140621 no more /MC required
|
|
||||||
MORECFLAGS=/DMIPS
|
|
||||||
|
|
||||||
!ELSEIF "$(TARGETCPU)"=="SH3" || "$(TARGETCPU)"=="SH4"
|
|
||||||
WCETARGETCPU=SHx
|
|
||||||
LDTARGETCPU=$(TARGETCPU)
|
|
||||||
#pdelaage 20140621 no more /MC required
|
|
||||||
MORECFLAGS=
|
|
||||||
|
|
||||||
!ELSE
|
|
||||||
# default is ARM !
|
|
||||||
# !IF "$(TARGETCPU)"=="ARMV4" || "$(TARGETCPU)"=="ARMV4I" || "$(TARGETCPU)"=="ARMV4T"
|
|
||||||
# the following flag is required by (eg) winnt.h, and is different from targetcpu (armV4)
|
|
||||||
WCETARGETCPU=ARM
|
|
||||||
LDTARGETCPU=ARM
|
|
||||||
#pdelaage 20140621 no more /MC required
|
|
||||||
MORECFLAGS=
|
|
||||||
!ENDIF
|
|
||||||
|
|
||||||
# ceutilsdir probably useless (nb : were tools from essemer; but ms delivers a cecopy anyway, see ms dld site)
|
|
||||||
CEUTILSDIR=..\..\ceutils
|
|
||||||
# "ce:" is not a correct location , but we never "make install"
|
|
||||||
DSTDIR=ce:\stunnel
|
|
||||||
# use MS env vars, as in wcecompat and openssl makefiles
|
|
||||||
SDKDIR=$(SDKROOT)\$(OSVERSION)\$(PLATFORM)
|
|
||||||
INCLUDES=-I$(SSLDIR)\inc32 -I$(COMPATDIR)\include -I"$(SDKDIR)\include\$(TARGETCPU)"
|
|
||||||
# for X86 and other it appears that /MC or /ML flags are absurd,
|
|
||||||
# we always have to override runtime lib list to coredll and corelibc
|
|
||||||
#LIBS=/NODEFAULTLIB winsock.lib wcecompatex.lib libeay32.lib ssleay32.lib coredll.lib corelibc.lib
|
|
||||||
LIBS=/NODEFAULTLIB ws2.lib wcecompatex.lib libeay32.lib ssleay32.lib coredll.lib corelibc.lib
|
|
||||||
|
|
||||||
DEFINES=/DHOST=\"$(TARGETCPU)-WCE-eVC-$(WCEVER)\"
|
|
||||||
# pdelaage 20140610 added unicode flag : ALWAYS ACTIVE on WCE, because of poor ANSI support by the MS SDK
|
|
||||||
UNICODEFLAGS=/DUNICODE -D_UNICODE
|
|
||||||
# /O1 /Oi more correct vs MS doc
|
|
||||||
CFLAGS=/nologo $(MORECFLAGS) /O1 /Oi /W3 /WX /GF /Gy $(DEFINES) /D$(WCETARGETCPU) /D$(TARGETCPU) /DUNDER_CE=$(WCEVER) /D_WIN32_WCE=$(WCEVER) $(UNICODEFLAGS) $(INCLUDES)
|
|
||||||
# pdelaage 20140610 : RC compilation requires D_WIN32_WCE flag to comment out unsupported "HELP" flag in menu definition, in resources.rc file
|
|
||||||
RFLAGS=$(DEFINES) /D_WIN32_WCE=$(WCEVER) $(INCLUDES)
|
|
||||||
|
|
||||||
# LDFLAGS: since openssl >> 098a (eg 098h) out32dll is out32dll_targetCPU for WCE
|
|
||||||
# delaage added $(TARGETCPU) in legacy Essemer/wcecompat libpath
|
|
||||||
# to ease multitarget compilation without recompiling everything
|
|
||||||
# this customized version is available on:
|
|
||||||
# http://delaage.pierre.free.fr/contrib/wcecompat/wcecompat12_patched.zip
|
|
||||||
|
|
||||||
LDFLAGS=/nologo /subsystem:windowsce,3.00 /machine:$(LDTARGETCPU) /libpath:"$(SDKDIR)\lib\$(TARGETCPU)" /libpath:"$(COMPATDIR)\lib\$(TARGETCPU)" /libpath:"$(SSLDIR)\out32dll_$(TARGETCPU)"
|
|
||||||
|
|
||||||
# Multi-target support for stunnel
|
|
||||||
|
|
||||||
SRC=..\src
|
|
||||||
OBJROOT=..\obj
|
|
||||||
OBJ=$(OBJROOT)\$(TARGETCPU)
|
|
||||||
BINROOT=..\bin
|
|
||||||
BIN=$(BINROOT)\$(TARGETCPU)
|
|
||||||
|
|
||||||
OBJS=$(OBJ)\stunnel.obj $(OBJ)\ssl.obj $(OBJ)\ctx.obj $(OBJ)\verify.obj \
|
|
||||||
$(OBJ)\file.obj $(OBJ)\client.obj $(OBJ)\protocol.obj $(OBJ)\sthreads.obj \
|
|
||||||
$(OBJ)\log.obj $(OBJ)\options.obj $(OBJ)\network.obj $(OBJ)\resolver.obj \
|
|
||||||
$(OBJ)\str.obj $(OBJ)\tls.obj $(OBJ)\fd.obj $(OBJ)\dhparam.obj \
|
|
||||||
$(OBJ)\cron.obj
|
|
||||||
|
|
||||||
GUIOBJS=$(OBJ)\ui_win_gui.obj $(OBJ)\resources.res
|
|
||||||
CLIOBJS=$(OBJ)\ui_win_cli.obj
|
|
||||||
|
|
||||||
{$(SRC)\}.c{$(OBJ)\}.obj:
|
|
||||||
$(CC) $(CFLAGS) -Fo$@ -c $<
|
|
||||||
|
|
||||||
{$(SRC)\}.cpp{$(OBJ)\}.obj:
|
|
||||||
$(CC) $(CFLAGS) -Fo$@ -c $<
|
|
||||||
|
|
||||||
{$(SRC)\}.rc{$(OBJ)\}.res:
|
|
||||||
$(RC) $(RFLAGS) -fo$@ -r $<
|
|
||||||
|
|
||||||
all: makedirs $(BIN)\stunnel.exe $(BIN)\tstunnel.exe
|
|
||||||
|
|
||||||
makedirs:
|
|
||||||
-@ IF NOT EXIST $(OBJROOT) mkdir $(OBJROOT) >NUL 2>&1
|
|
||||||
-@ IF NOT EXIST $(OBJ) mkdir $(OBJ) >NUL 2>&1
|
|
||||||
-@ IF NOT EXIST $(BINROOT) mkdir $(BINROOT) >NUL 2>&1
|
|
||||||
-@ IF NOT EXIST $(BIN) mkdir $(BIN) >NUL 2>&1
|
|
||||||
|
|
||||||
$(BIN)\stunnel.exe:$(OBJS) $(GUIOBJS)
|
|
||||||
link $(LDFLAGS) /out:$(BIN)\stunnel.exe $(LIBS) commctrl.lib $**
|
|
||||||
|
|
||||||
$(BIN)\tstunnel.exe:$(OBJS) $(CLIOBJS)
|
|
||||||
link $(LDFLAGS) /out:$(BIN)\tstunnel.exe $(LIBS) $**
|
|
||||||
|
|
||||||
$(OBJ)\resources.res: $(SRC)\resources.rc $(SRC)\resources.h $(SRC)\version.h
|
|
||||||
$(OBJ)\ui_win_gui.obj: $(SRC)\ui_win_gui.c $(SRC)\version.h
|
|
||||||
$(OBJ)\stunnel.obj: $(SRC)\stunnel.c $(SRC)\version.h
|
|
||||||
|
|
||||||
# now list of openssl dll has more files,
|
|
||||||
# but we do not use "make install" for stunnel
|
|
||||||
# ceutils come from essemer/wcecompat website
|
|
||||||
# some tools can be found at MS website
|
|
||||||
# TODO: update all this ceutils stuff, or suppress it
|
|
||||||
|
|
||||||
install: stunnel.exe tstunnel.exe
|
|
||||||
$(CEUTILSDIR)\cemkdir $(DSTDIR) || echo Directory exists?
|
|
||||||
$(CEUTILSDIR)\cecopy stunnel.exe $(DSTDIR)
|
|
||||||
$(CEUTILSDIR)\cecopy tstunnel.exe $(DSTDIR)
|
|
||||||
$(CEUTILSDIR)\cecopy $(SSLDIR)\out32dll_$(TARGETCPU)\libeay32.dll $(DSTDIR)
|
|
||||||
$(CEUTILSDIR)\cecopy $(SSLDIR)\out32dll_$(TARGETCPU)\ssleay32.dll $(DSTDIR)
|
|
||||||
|
|
||||||
clean:
|
|
||||||
-@ IF NOT "$(TARGETCPU)"=="" del $(OBJS) $(GUIOBJS) $(CLIOBJS) $(BIN)\stunnel.exe $(BIN)\tstunnel.exe >NUL 2>&1
|
|
||||||
-@ IF NOT "$(TARGETCPU)"=="" rmdir $(OBJ) >NUL 2>&1
|
|
||||||
-@ IF NOT "$(TARGETCPU)"=="" rmdir $(BIN) >NUL 2>&1
|
|
259
src/fd.c
259
src/fd.c
@ -1,259 +0,0 @@
|
|||||||
/*
|
|
||||||
* stunnel TLS offloading and load-balancing proxy
|
|
||||||
* Copyright (C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License as published by the
|
|
||||||
* Free Software Foundation; either version 2 of the License, or (at your
|
|
||||||
* option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
* See the GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License along
|
|
||||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
*
|
|
||||||
* Linking stunnel statically or dynamically with other modules is making
|
|
||||||
* a combined work based on stunnel. Thus, the terms and conditions of
|
|
||||||
* the GNU General Public License cover the whole combination.
|
|
||||||
*
|
|
||||||
* In addition, as a special exception, the copyright holder of stunnel
|
|
||||||
* gives you permission to combine stunnel with free software programs or
|
|
||||||
* libraries that are released under the GNU LGPL and with code included
|
|
||||||
* in the standard release of OpenSSL under the OpenSSL License (or
|
|
||||||
* modified versions of such code, with unchanged license). You may copy
|
|
||||||
* and distribute such a system following the terms of the GNU GPL for
|
|
||||||
* stunnel and the licenses of the other code concerned.
|
|
||||||
*
|
|
||||||
* Note that people who make modified versions of stunnel are not obligated
|
|
||||||
* to grant this special exception for their modified versions; it is their
|
|
||||||
* choice whether to do so. The GNU General Public License gives permission
|
|
||||||
* to release a modified version without this exception; this exception
|
|
||||||
* also makes it possible to release a modified version which carries
|
|
||||||
* forward this exception.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "common.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
#if defined HAVE_PIPE2 && defined HAVE_ACCEPT4
|
|
||||||
#define USE_NEW_LINUX_API 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* try to use non-POSIX O_NDELAY on obsolete BSD systems */
|
|
||||||
#if !defined O_NONBLOCK && defined O_NDELAY
|
|
||||||
#define O_NONBLOCK O_NDELAY
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**************************************** prototypes */
|
|
||||||
|
|
||||||
NOEXPORT SOCKET setup_fd(SOCKET, int, char *);
|
|
||||||
|
|
||||||
/**************************************** internal limit of file descriptors */
|
|
||||||
|
|
||||||
#ifndef USE_FORK
|
|
||||||
|
|
||||||
static SOCKET max_fds;
|
|
||||||
|
|
||||||
void get_limits(void) { /* set max_fds and max_clients */
|
|
||||||
/* start with current ulimit */
|
|
||||||
#if defined(HAVE_SYSCONF)
|
|
||||||
errno=0;
|
|
||||||
max_fds=(SOCKET)sysconf(_SC_OPEN_MAX);
|
|
||||||
if(errno)
|
|
||||||
ioerror("sysconf");
|
|
||||||
if(max_fds<0)
|
|
||||||
max_fds=0; /* unlimited */
|
|
||||||
#elif defined(HAVE_GETRLIMIT)
|
|
||||||
struct rlimit rlim;
|
|
||||||
|
|
||||||
if(getrlimit(RLIMIT_NOFILE, &rlim)<0) {
|
|
||||||
ioerror("getrlimit");
|
|
||||||
max_fds=0; /* unlimited */
|
|
||||||
} else
|
|
||||||
max_fds=rlim.rlim_cur!=RLIM_INFINITY ? rlim.rlim_cur : 0;
|
|
||||||
#else
|
|
||||||
max_fds=0; /* unlimited */
|
|
||||||
#endif /* HAVE_SYSCONF || HAVE_GETRLIMIT */
|
|
||||||
|
|
||||||
#if !defined(USE_WIN32) && !defined(USE_POLL) && !defined(__INNOTEK_LIBC__)
|
|
||||||
/* apply FD_SETSIZE if select() is used on Unix */
|
|
||||||
if(!max_fds || max_fds>FD_SETSIZE)
|
|
||||||
max_fds=FD_SETSIZE; /* start with select() limit */
|
|
||||||
#endif /* select() on Unix */
|
|
||||||
|
|
||||||
/* stunnel needs at least 16 file descriptors */
|
|
||||||
if(max_fds && max_fds<16)
|
|
||||||
max_fds=16;
|
|
||||||
|
|
||||||
if(max_fds) {
|
|
||||||
max_clients=(long)(max_fds>=256 ? max_fds*125/256 : (max_fds-6)/2);
|
|
||||||
s_log(LOG_DEBUG, "Clients allowed=%ld", max_clients);
|
|
||||||
} else {
|
|
||||||
max_clients=0;
|
|
||||||
s_log(LOG_DEBUG, "No limit detected for the number of clients");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**************************************** file descriptor validation */
|
|
||||||
|
|
||||||
SOCKET s_socket(int domain, int type, int protocol, int nonblock, char *msg) {
|
|
||||||
SOCKET fd;
|
|
||||||
|
|
||||||
#ifdef USE_NEW_LINUX_API
|
|
||||||
if(nonblock)
|
|
||||||
type|=SOCK_NONBLOCK;
|
|
||||||
type|=SOCK_CLOEXEC;
|
|
||||||
#endif
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
/* http://stackoverflow.com/questions/4993119 */
|
|
||||||
/* CreateProcess() needs a non-overlapped handle */
|
|
||||||
fd=WSASocket(domain, type, protocol, NULL, 0, 0);
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
fd=socket(domain, type, protocol);
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
return setup_fd(fd, nonblock, msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
SOCKET s_accept(SOCKET sockfd, struct sockaddr *addr, socklen_t *addrlen,
|
|
||||||
int nonblock, char *msg) {
|
|
||||||
SOCKET fd;
|
|
||||||
|
|
||||||
#ifdef USE_NEW_LINUX_API
|
|
||||||
if(nonblock)
|
|
||||||
fd=accept4(sockfd, addr, addrlen, SOCK_NONBLOCK|SOCK_CLOEXEC);
|
|
||||||
else
|
|
||||||
fd=accept4(sockfd, addr, addrlen, SOCK_CLOEXEC);
|
|
||||||
#else
|
|
||||||
fd=accept(sockfd, addr, addrlen);
|
|
||||||
#endif
|
|
||||||
return setup_fd(fd, nonblock, msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef USE_WIN32
|
|
||||||
|
|
||||||
int s_socketpair(int domain, int type, int protocol, SOCKET sv[2],
|
|
||||||
int nonblock, char *msg) {
|
|
||||||
#ifdef USE_NEW_LINUX_API
|
|
||||||
if(nonblock)
|
|
||||||
type|=SOCK_NONBLOCK;
|
|
||||||
type|=SOCK_CLOEXEC;
|
|
||||||
#endif
|
|
||||||
if(socketpair(domain, type, protocol, sv)<0) {
|
|
||||||
ioerror(msg);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if(setup_fd(sv[0], nonblock, msg)<0) {
|
|
||||||
closesocket(sv[1]);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if(setup_fd(sv[1], nonblock, msg)<0) {
|
|
||||||
closesocket(sv[0]);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int s_pipe(int pipefd[2], int nonblock, char *msg) {
|
|
||||||
int retval;
|
|
||||||
|
|
||||||
#ifdef USE_NEW_LINUX_API
|
|
||||||
if(nonblock)
|
|
||||||
retval=pipe2(pipefd, O_NONBLOCK|O_CLOEXEC);
|
|
||||||
else
|
|
||||||
retval=pipe2(pipefd, O_CLOEXEC);
|
|
||||||
#else
|
|
||||||
retval=pipe(pipefd);
|
|
||||||
#endif
|
|
||||||
if(retval<0) {
|
|
||||||
ioerror(msg);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if(setup_fd(pipefd[0], nonblock, msg)<0) {
|
|
||||||
close(pipefd[1]);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if(setup_fd(pipefd[1], nonblock, msg)<0) {
|
|
||||||
close(pipefd[0]);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
NOEXPORT SOCKET setup_fd(SOCKET fd, int nonblock, char *msg) {
|
|
||||||
#if !defined USE_NEW_LINUX_API && defined FD_CLOEXEC
|
|
||||||
int err;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(fd==INVALID_SOCKET) {
|
|
||||||
sockerror(msg);
|
|
||||||
return INVALID_SOCKET;
|
|
||||||
}
|
|
||||||
#ifndef USE_FORK
|
|
||||||
if(max_fds && fd>=max_fds) {
|
|
||||||
s_log(LOG_ERR, "%s: FD=%d out of range (max %d)",
|
|
||||||
msg, (int)fd, (int)max_fds);
|
|
||||||
closesocket(fd);
|
|
||||||
return INVALID_SOCKET;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_NEW_LINUX_API
|
|
||||||
(void)nonblock; /* squash the unused parameter warning */
|
|
||||||
#else /* set O_NONBLOCK and F_SETFD */
|
|
||||||
set_nonblock(fd, (unsigned long)nonblock);
|
|
||||||
#ifdef FD_CLOEXEC
|
|
||||||
do {
|
|
||||||
err=fcntl(fd, F_SETFD, FD_CLOEXEC);
|
|
||||||
} while(err<0 && get_last_socket_error()==S_EINTR);
|
|
||||||
if(err<0)
|
|
||||||
sockerror("fcntl SETFD"); /* non-critical */
|
|
||||||
#endif /* FD_CLOEXEC */
|
|
||||||
#endif /* USE_NEW_LINUX_API */
|
|
||||||
|
|
||||||
#ifdef DEBUG_FD_ALLOC
|
|
||||||
s_log(LOG_DEBUG, "%s: FD=%d allocated (%sblocking mode)",
|
|
||||||
msg, fd, nonblock?"non-":"");
|
|
||||||
#endif /* DEBUG_FD_ALLOC */
|
|
||||||
|
|
||||||
return fd;
|
|
||||||
}
|
|
||||||
|
|
||||||
void set_nonblock(SOCKET fd, unsigned long nonblock) {
|
|
||||||
#if defined F_GETFL && defined F_SETFL && defined O_NONBLOCK && !defined __INNOTEK_LIBC__
|
|
||||||
int err, flags;
|
|
||||||
|
|
||||||
do {
|
|
||||||
flags=fcntl(fd, F_GETFL, 0);
|
|
||||||
} while(flags<0 && get_last_socket_error()==S_EINTR);
|
|
||||||
if(flags<0) {
|
|
||||||
sockerror("fcntl GETFL"); /* non-critical */
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if(nonblock)
|
|
||||||
flags|=O_NONBLOCK;
|
|
||||||
else
|
|
||||||
flags&=~O_NONBLOCK;
|
|
||||||
do {
|
|
||||||
err=fcntl(fd, F_SETFL, flags);
|
|
||||||
} while(err<0 && get_last_socket_error()==S_EINTR);
|
|
||||||
if(err<0)
|
|
||||||
sockerror("fcntl SETFL"); /* non-critical */
|
|
||||||
#else /* WIN32 or similar */
|
|
||||||
if(ioctlsocket(fd, (long)FIONBIO, &nonblock)<0)
|
|
||||||
sockerror("ioctlsocket"); /* non-critical */
|
|
||||||
#if 0
|
|
||||||
else
|
|
||||||
s_log(LOG_DEBUG, "Socket %d set to %s mode",
|
|
||||||
fd, nonblock ? "non-blocking" : "blocking");
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
/* end of fd.c */
|
|
266
src/file.c
266
src/file.c
@ -1,266 +0,0 @@
|
|||||||
/*
|
|
||||||
* stunnel TLS offloading and load-balancing proxy
|
|
||||||
* Copyright (C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License as published by the
|
|
||||||
* Free Software Foundation; either version 2 of the License, or (at your
|
|
||||||
* option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
* See the GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License along
|
|
||||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
|
||||||
*
|
|
||||||
* Linking stunnel statically or dynamically with other modules is making
|
|
||||||
* a combined work based on stunnel. Thus, the terms and conditions of
|
|
||||||
* the GNU General Public License cover the whole combination.
|
|
||||||
*
|
|
||||||
* In addition, as a special exception, the copyright holder of stunnel
|
|
||||||
* gives you permission to combine stunnel with free software programs or
|
|
||||||
* libraries that are released under the GNU LGPL and with code included
|
|
||||||
* in the standard release of OpenSSL under the OpenSSL License (or
|
|
||||||
* modified versions of such code, with unchanged license). You may copy
|
|
||||||
* and distribute such a system following the terms of the GNU GPL for
|
|
||||||
* stunnel and the licenses of the other code concerned.
|
|
||||||
*
|
|
||||||
* Note that people who make modified versions of stunnel are not obligated
|
|
||||||
* to grant this special exception for their modified versions; it is their
|
|
||||||
* choice whether to do so. The GNU General Public License gives permission
|
|
||||||
* to release a modified version without this exception; this exception
|
|
||||||
* also makes it possible to release a modified version which carries
|
|
||||||
* forward this exception.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "common.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
|
|
||||||
DISK_FILE *file_open(char *name, FILE_MODE mode) {
|
|
||||||
DISK_FILE *df;
|
|
||||||
LPTSTR tname;
|
|
||||||
HANDLE fh;
|
|
||||||
DWORD desired_access, creation_disposition;
|
|
||||||
|
|
||||||
/* open file */
|
|
||||||
switch(mode) {
|
|
||||||
case FILE_MODE_READ:
|
|
||||||
desired_access=GENERIC_READ;
|
|
||||||
creation_disposition=OPEN_EXISTING;
|
|
||||||
break;
|
|
||||||
case FILE_MODE_APPEND:
|
|
||||||
/* reportedly more compatible than FILE_APPEND_DATA */
|
|
||||||
desired_access=GENERIC_WRITE;
|
|
||||||
creation_disposition=OPEN_ALWAYS; /* keep the data */
|
|
||||||
break;
|
|
||||||
case FILE_MODE_OVERWRITE:
|
|
||||||
desired_access=GENERIC_WRITE;
|
|
||||||
creation_disposition=CREATE_ALWAYS; /* remove the data */
|
|
||||||
break;
|
|
||||||
default: /* invalid mode */
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
tname=str2tstr(name);
|
|
||||||
fh=CreateFile(tname, desired_access, FILE_SHARE_READ, NULL,
|
|
||||||
creation_disposition, FILE_ATTRIBUTE_NORMAL, (HANDLE)NULL);
|
|
||||||
str_free(tname); /* str_free() overwrites GetLastError() value */
|
|
||||||
if(fh==INVALID_HANDLE_VALUE)
|
|
||||||
return NULL;
|
|
||||||
if(mode==FILE_MODE_APPEND) /* workaround for FILE_APPEND_DATA */
|
|
||||||
SetFilePointer(fh, 0, NULL, FILE_END);
|
|
||||||
|
|
||||||
/* setup df structure */
|
|
||||||
df=str_alloc(sizeof df);
|
|
||||||
df->fh=fh;
|
|
||||||
return df;
|
|
||||||
}
|
|
||||||
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
|
|
||||||
DISK_FILE *file_fdopen(int fd) {
|
|
||||||
DISK_FILE *df;
|
|
||||||
|
|
||||||
df=str_alloc(sizeof(DISK_FILE));
|
|
||||||
df->fd=fd;
|
|
||||||
return df;
|
|
||||||
}
|
|
||||||
|
|
||||||
DISK_FILE *file_open(char *name, FILE_MODE mode) {
|
|
||||||
DISK_FILE *df;
|
|
||||||
int fd, flags;
|
|
||||||
|
|
||||||
/* open file */
|
|
||||||
switch(mode) {
|
|
||||||
case FILE_MODE_READ:
|
|
||||||
flags=O_RDONLY;
|
|
||||||
break;
|
|
||||||
case FILE_MODE_APPEND:
|
|
||||||
flags=O_CREAT|O_WRONLY|O_APPEND;
|
|
||||||
break;
|
|
||||||
case FILE_MODE_OVERWRITE:
|
|
||||||
flags=O_CREAT|O_WRONLY|O_TRUNC;
|
|
||||||
break;
|
|
||||||
default: /* invalid mode */
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
#ifdef O_NONBLOCK
|
|
||||||
flags|=O_NONBLOCK;
|
|
||||||
#elif defined O_NDELAY
|
|
||||||
flags|=O_NDELAY;
|
|
||||||
#endif
|
|
||||||
#ifdef O_CLOEXEC
|
|
||||||
flags|=O_CLOEXEC;
|
|
||||||
#endif /* O_CLOEXEC */
|
|
||||||
fd=open(name, flags, 0640);
|
|
||||||
if(fd==INVALID_SOCKET)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
/* setup df structure */
|
|
||||||
df=str_alloc(sizeof df);
|
|
||||||
df->fd=fd;
|
|
||||||
return df;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
void file_close(DISK_FILE *df) {
|
|
||||||
if(!df) /* nothing to do */
|
|
||||||
return;
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
CloseHandle(df->fh);
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
if(df->fd>2) /* never close stdin/stdout/stder */
|
|
||||||
close(df->fd);
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
str_free(df);
|
|
||||||
}
|
|
||||||
|
|
||||||
ssize_t file_getline(DISK_FILE *df, char *line, int len) {
|
|
||||||
/* this version is really slow, but performance is not important here */
|
|
||||||
/* (no buffering is implemented) */
|
|
||||||
ssize_t i;
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
DWORD num;
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
ssize_t num;
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
if(!df) /* not opened */
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
for(i=0; i<len-1; i++) {
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
ReadFile(df->fh, line+i, 1, &num, NULL);
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
num=read(df->fd, line+i, 1);
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
if(num!=1) { /* EOF */
|
|
||||||
if(i) /* any previously retrieved data */
|
|
||||||
break;
|
|
||||||
else
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if(line[i]=='\n') /* LF */
|
|
||||||
break;
|
|
||||||
if(line[i]=='\r') /* CR */
|
|
||||||
--i; /* ignore - it must be the last check */
|
|
||||||
}
|
|
||||||
line[i]='\0';
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssize_t file_putline(DISK_FILE *df, char *line) {
|
|
||||||
char *buff;
|
|
||||||
size_t len;
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
DWORD num;
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
ssize_t num;
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
len=strlen(line);
|
|
||||||
buff=str_alloc(len+2); /* +2 for CR+LF */
|
|
||||||
strcpy(buff, line);
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
buff[len++]='\r'; /* CR */
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
buff[len++]='\n'; /* LF */
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
WriteFile(df->fh, buff, (DWORD)len, &num, NULL);
|
|
||||||
#else /* USE_WIN32 */
|
|
||||||
/* no file -> write to stderr */
|
|
||||||
num=write(df ? df->fd : 2, buff, len);
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
str_free(buff);
|
|
||||||
return (ssize_t)num;
|
|
||||||
}
|
|
||||||
|
|
||||||
int file_permissions(const char *file_name) {
|
|
||||||
#if !defined(USE_WIN32) && !defined(USE_OS2)
|
|
||||||
struct stat sb; /* buffer for stat */
|
|
||||||
|
|
||||||
/* check permissions of the private key file */
|
|
||||||
if(stat(file_name, &sb)) {
|
|
||||||
ioerror(file_name);
|
|
||||||
return 1; /* FAILED */
|
|
||||||
}
|
|
||||||
if(sb.st_mode & 7)
|
|
||||||
s_log(LOG_WARNING,
|
|
||||||
"Insecure file permissions on %s", file_name);
|
|
||||||
#else
|
|
||||||
(void)file_name; /* squash the unused parameter warning */
|
|
||||||
#endif
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef USE_WIN32
|
|
||||||
|
|
||||||
LPTSTR str2tstr(LPCSTR in) {
|
|
||||||
LPTSTR out;
|
|
||||||
#ifdef UNICODE
|
|
||||||
int len;
|
|
||||||
|
|
||||||
len=MultiByteToWideChar(CP_UTF8, 0, in, -1, NULL, 0);
|
|
||||||
if(!len)
|
|
||||||
return str_tprintf(TEXT("MultiByteToWideChar() failed"));
|
|
||||||
out=str_alloc(((size_t)len+1)*sizeof(WCHAR));
|
|
||||||
len=MultiByteToWideChar(CP_UTF8, 0, in, -1, out, len);
|
|
||||||
if(!len) {
|
|
||||||
str_free(out);
|
|
||||||
return str_tprintf(TEXT("MultiByteToWideChar() failed"));
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
/* FIXME: convert UTF-8 to native codepage */
|
|
||||||
out=str_dup(in);
|
|
||||||
#endif
|
|
||||||
return out;
|
|
||||||
}
|
|
||||||
|
|
||||||
LPSTR tstr2str(LPCTSTR in) {
|
|
||||||
LPSTR out;
|
|
||||||
#ifdef UNICODE
|
|
||||||
int len;
|
|
||||||
|
|
||||||
len=WideCharToMultiByte(CP_UTF8, 0, in, -1, NULL, 0, NULL, NULL);
|
|
||||||
if(!len)
|
|
||||||
return str_printf("WideCharToMultiByte() failed");
|
|
||||||
out=str_alloc((size_t)len+1);
|
|
||||||
len=WideCharToMultiByte(CP_UTF8, 0, in, -1, out, len, NULL, NULL);
|
|
||||||
if(!len) {
|
|
||||||
str_free(out);
|
|
||||||
return str_printf("WideCharToMultiByte() failed");
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
/* FIXME: convert native codepage to UTF-8 */
|
|
||||||
out=str_dup(in);
|
|
||||||
#endif
|
|
||||||
return out;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* USE_WIN32 */
|
|
||||||
|
|
||||||
/* end of file.c */
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user