Commit graph

17 commits

Author SHA1 Message Date
jmmv
da4fb9e636 Install example file under the examples hierarchy and honour PKG_SYSCONFDIR.
Bump PKGREVISION to 1.
2003-07-29 11:18:38 +00:00
martti
4bab2ec9a5 Updated stunnel to 4.04 (upgrade to 4.03 provided by Juan RP in pkg/19310)
* New features sponsored by MAXIMUS http://www.maximus.com/
  - New 'options' configuration option to setup
    OpenSSL library hacks with SSL_CTX_set_options().
  - 'service' option also changes the name for
    TCP Wrappers access control in inetd mode.
  - SSL is negotiated before connecting remote host
    or spawning local process whenever possible.
  - REMOTE_HOST variable is always placed in the
    enrivonment of a process spawned with 'exec'.
  - Whole SSL error stack is dumped on errors.
  - Manual page updated (special thanks to Brian Hatch).
  - New user interface (config file).
  - Single daemon can listen on multiple ports, now.
  - Delayed DNS lookup added.

* Other new features
  - All the timeouts are now configurable including
    TIMEOUTclose that can be set to 0 for MSIE and other
    buggy clients that do not send close_notify.
  - Stunnel process can be chrooted in a specified directory.
  - Numerical values for setuid() and setgid() are allowed, now.
  - Confusing code for setting certificate defaults introduced in
    version 3.8p3 was removed to simplify stunnel setup.
    There are no built-in defaults for CApath and CAfile options.
  - Private key file for a certificate can be kept in a separate
    file.  Default remains to keep it in the cert file.
  - Manual page updated.
2003-01-18 08:33:42 +00:00
tron
1a79961b2c Update "stunnel" package to version 3.22. Changes sinc version 3.21c:
- Format string bug fixed in protocol.c
  smtp, pop3 and nntp in client mode were affected.
  (stunnel clients could be attacked by malicious servers)
- Certificate chain can be supplied with -p option or in stunnel.pem.
- Problem with -r and -l options used together fixed.
- memmove() instead of memcpy() is used to move data in buffers.
- More detailed information about negotiated ciphers is printed.
- New ./configure options: "--enable-no-rsa" and "--enable-dh".
2001-12-28 07:22:29 +00:00
martti
f165a167c1 Updated to version 3.21.3 (a.k.a 3.21c).
Changelog for version 3.21c, 2001.11.11, urgency: LOW:

* autoconf scripts upgraded to version 2.52.
* Problem with pthread_sigmask on Darwin fixed (I hope).
* Some documentation typos corrected.
* Attempt to ignore EINTR in transfer().
* Shared library version reported on startup.
* DLLs for OpenSSL 0.9.6b.
2001-11-20 15:15:14 +00:00
martti
8c280b2aa6 Changelog for version 3.21, 2001.10.31, urgency: MEDIUM:
* Problem with errno and posix threads fixed.
* It is assumed that system has getopt() if it has getopt.h header file.
* SSL_CLIENT_DN and SSL_CLIENT_I_DN environment variables set in local mode
  (-l) process.  This feature doesn't work if
  client mode (-c) or protocol negotiation (-n) is used.
* Winsock error descriptions hardcoded (English version only).
* SetConsoleCtrlHandler() used to handle CTRL+C, logoff and shutdown on Win32.
* Stunnel always requests peer certificate with -v 0.
* sysconf()/getrlimit() used to calculate number of clients allowed.
* SSL mode changed for OpenSSL >= 0.9.6.
* close-on-exec option used to avoid socket inheriting.
* Buffer size increased from 8KB to 16KB.
* fdscanf()/fdprintf() changes:
   - non-blocking socket support,
   - timeout after 1 minute of inactivity.
* auth_user() redesigned to force 1 minute timeout.
* Some source arrangement towards 4.x architecture.
* No need for "goto" any more.
* New Makefile "test" rule.  It performs basic test of
  standalone/inetd, remote/local and server/client mode.
* pop3 server mode support added.
2001-10-31 10:00:23 +00:00
martin
7b8e4113f8 Update of stunnel to version 3.20, from Martti Kuparinen in PR pkg/13728.
Changelog for version 3.20, 2001.08.15, urgency: LOW:

* setsockopt() optlen set according to the optval for Solaris.
* Minor NetBSD compatibility fixes by Martti Kuparinen.
* Minor MSVC6 compatibility fixes by Patrick Mayweg.
* SSL close_notify timeout reduced to 10 seconds of inactivity.
* Socket close instead of reset on close_notify timeout.
* Some source arrangement and minor bugfixes.
2001-08-19 16:26:07 +00:00
martin
a25568677c Update stunnel to version 3.19.
Based on PR pkg/13679 by Martti Kuparinen.

Changelog for version 3.19, 2001.08.10, urgency: MEDIUM:

* Critical section added around non MT-safe TCP Wrappers code.
* Problem with "select: Interrupted system call" error fixed.
* errno replaced with get_last_socket_error() for Win32.
* Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
* Local mode process pid logged.
* Default FQDN (localhost) removed from stunnel.cnf
* ./configure changed to recognize POSIX threads library on OSF.
* New -O option to set socket options.
2001-08-10 14:41:18 +00:00
martin
2652afb096 Update to version 3.16.
Changes:
* Some transfer() bugfixes/improvements.
* STDIN/STDOUT are no logner assumed to be non-socket decriptors.
* Problem with --with-tcp-wrappers patch fixed.
* pop3 and nntp support bug fixed by Martin Germann.
* -o option to append log messages to a file added.
* Changed error message for SSL error 0.

Provided by Martti Kuparinen in PR 13537.
2001-07-23 10:03:09 +00:00
martin
64bebb655e Update stunnel to 3.15.
Based on a pkg provided by Martti Kuparinen in PR 13484.

Changes include:

* Serious bug resulting in random transfer() hangs fixed.
* Separate file descriptors are used for inetd mode.
* -f (foreground) logs are now stamped with time.
* New ./configure option: --with-tcp-wrappers by Brian Hatch.
* pop3 protocol client support (-n pop3) by Martin Germann.
* nntp protocol client support (-n nntp) by Martin Germann.
* RFC 2487 (smtp STARTTLS) client mode support.
* Transparency support for Tru64 added.
* Some #includes for AIX added.
2001-07-19 12:22:17 +00:00
martin
ae1a666f1c Update pkg to stunnel-3.11.
Fixes key-length and zombies problems.
2001-01-22 13:30:36 +00:00
jlam
47dddbae81 Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the
default certificate directory is now /etc/openssl/certs (matches OpenSSL's
default), but if stunnel uses the pkgsrc OpenSSL, then the default is
${PREFIX}/certs.

Changes from version 3.8 include:

* Updated temporary key generation:
   - stunnel is now honoring requested key-lengths correctly,
   - temporary key is changed every hour.
* transfer() no longer hangs on some platforms.
  Special thanks to Peter Wagemans for the patch.
* Potential security problem with syslog() call fixed.
* use daemon() function instead of daemonize, if available
* added -S flag, allowing you to choose which default verify
  sources to use
* relocated service name output logging until after log_open.
  (no longer outputs log info to inetd socket, causing bad SSL)
* -V flag now outputs the default values used by stunnel
* Added rigerous PRNG seeding
* PID changes (and related security-fix)
* Man page fixes
* Client SSL Session-IDs now used
* -N flag to specify tcpwrapper service name

* UPGRADE NOTE: this version seriously changes several previous stunnel
  default behaviours.  There are no longer any default cert file/dirs
  compilied into stunnel, you must use the --with-cert-dir and
  --with-cert-file configure arguments to set these manually, if desired.
  Stunnel does not use the underlying ssl library defaults by default
  unless configured with --enable-ssllib-cs.  Note that these can always
  be enabled at run time with the -A,-a, and -S flags.
  Additionally, unless --with-pem-dir is specified at compile time,
  stunnel will default to looking for stunnel.pem in the current directory.
2000-12-19 07:03:21 +00:00
tron
222f1769e7 Don't install automatically created certificate. It is useless and will
only overwrite a useful one.
2000-06-17 21:52:18 +00:00
tron
0fefb76748 Don't clobber permission of "/var/run" during installation. 2000-04-26 13:00:16 +00:00
tron
7e3ad98ca2 Put pid file to "/var/run" and certificates to "${PREFIX}/certs". 2000-04-03 17:23:10 +00:00
tron
0d9959f437 Add changes to SSL detection in "configure" to patch for "configure.in". 2000-04-03 16:52:17 +00:00
tron
26a2806134 Patching "configure" doesn't make any sense if it is overwritten by
"autoreconf" later.
2000-04-03 16:51:17 +00:00
martin
9ea9360fee A new pkg for the stunnel program, a tool to wrap existing servers
into SSL connections.
2000-04-03 09:25:35 +00:00