LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4394 Commits
1 Branch
46 MiB
Tree: c0e04c18a7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c0e04c18a7'
${ noResults }
openwrt-packages-dist/net/stunnel/files/stunnel.conf

45 lines
1.2 KiB
Raw Normal View History

stunnel: Bring it back at v5.10 From: Michael Haas <haas@computerlinguist.org> * init script no longer creates certificates (consider client mode as use case) * patches/010_fix_getnameinfo.patch: Fix getnameinfo signature * patches/011_disable_ssp_linking.patch: Disable -fstack-protector as it is not always available in OpenWRT * old patches (in oldpackages) no longer necessary * remove libwrap dependency * remove libpthread dependency * respect CONFIG_IPV6 * init script uses procd * sample stunnel.conf runs in client mode - prevents start failure, does not require cert Possible enhancement: automatically generate certificate as done in uhttpd. However, as client mode is a possible use case, I'd rather not. Additionally, stunnel may use several certs with user-defined locations and we can't easily set a cert location via command-line args. The package is based on https://sites.google.com/site/twisteroidambassador/openwrt/stunnel Signed-off-by: Michael Haas <haas@computerlinguist.org>
10 years ago
 
  1. ; Drop privileges
  2. setuid = nobody 
  3. setgid = nogroup
  4. 

  5. ; When running under procd, stay in foreground
  6. foreground = yes
  7. 

  8. ; Don't log to stderr, use syslog
  9. syslog = yes
  10. 

  11. ; 1-7. Use 7 for greatest verbosity
  12. ;debug = 5
  13. 

  14. ; Starting here, enter your services or uncomment the examples
  15. 

  16. ; Example:
  17. ; If your local httpd does not support HTTPS, use stunnel in remote
  18. ; mode to forward TLS connections coming in on port 443 to non-TLS
  19. ; on port 80.
  20. ; Make sure that the cert is available.
  21. ;[httpd]
  22. ;accept = 443
  23. ;connect = 127.0.0.1:80
  24. ;cert = /etc/stunnel/stunnel.pem
  25. 

  26. ; Example:
  27. ; If your local email client does not support TLS,
  28. ; use stunnel in client mode to forward non-TLS connections on
  29. ; port 143 to TLS-enabled servername:993.
  30. ;[imap]
  31. ;client = yes
  32. ;accept = 143
  33. ;connect = servername:993
  34. ; Disable peer verification - be sure to understand the limitations of peer
  35. ; verification in stunnel when enabling.
  36. ;verify = 0
  37. 

  38. ; Default client section:
  39. ; stunnel requires at least one section to start successfully.
  40. ; You can safely remove this section once you have configured
  41. ; your own. We use client mode here as server requires a certificate.
  42. [dummy]
  43. client = yes
  44. accept = localhost:6000
  45. connect = localhost:6001