|
@ -4,9 +4,173 @@ |
|
|
START=90 |
|
|
START=90 |
|
|
USE_PROCD=1 |
|
|
USE_PROCD=1 |
|
|
|
|
|
|
|
|
|
|
|
PID_FILE="/var/run/stunnel.pid" |
|
|
|
|
|
CONF_FILE="/tmp/stunnel.conf" |
|
|
|
|
|
BIN="/usr/bin/stunnel" |
|
|
|
|
|
|
|
|
|
|
|
global_defs() { |
|
|
|
|
|
local debug compression |
|
|
|
|
|
|
|
|
|
|
|
config_get alt_config_file 'globals' alt_config_file |
|
|
|
|
|
[ -z "$alt_config_file" ] || return 0 |
|
|
|
|
|
|
|
|
|
|
|
# Set default settings |
|
|
|
|
|
printf "foreground = yes\n" >> "$CONF_FILE" |
|
|
|
|
|
printf "pid = %s\n" "$PID_FILE" >> "$CONF_FILE" |
|
|
|
|
|
printf "syslog = yes\n" >> "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
config_get debug 'globals' debug '5' |
|
|
|
|
|
printf "debug = %s\n" "$debug" >> "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
config_get compression 'globals' compression |
|
|
|
|
|
[ -z "$compression" ] || printf "compression = %s\n" "$compression" >> "$CONF_FILE" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
print_options() { |
|
|
|
|
|
local config=$1 |
|
|
|
|
|
shift |
|
|
|
|
|
for opt in "$@"; do |
|
|
|
|
|
local $opt |
|
|
|
|
|
local value |
|
|
|
|
|
local is_boolean=0 |
|
|
|
|
|
|
|
|
|
|
|
if [ "${opt:0:5}" == "bool_" ]; then |
|
|
|
|
|
opt="${opt:5}" |
|
|
|
|
|
is_boolean=1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
config_get "value" "$config" "$opt" |
|
|
|
|
|
[ -z "$value" ] || { |
|
|
|
|
|
if [ "$value" = '1' ] && [ "$is_boolean" -eq "1" ]; then |
|
|
|
|
|
value="yes" |
|
|
|
|
|
elif [ "$value" = '0' ] && [ "$is_boolean" -eq "1" ] ; then |
|
|
|
|
|
value="no" |
|
|
|
|
|
fi |
|
|
|
|
|
printf "%s = %s\n" "$opt" "$value" >> "$CONF_FILE" |
|
|
|
|
|
} |
|
|
|
|
|
done |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
print_list() { |
|
|
|
|
|
local config=$1 |
|
|
|
|
|
shift |
|
|
|
|
|
for opt in "$@"; do |
|
|
|
|
|
local $opt |
|
|
|
|
|
local elements |
|
|
|
|
|
config_get "elements" "$config" "$opt" |
|
|
|
|
|
for element in $elements; do |
|
|
|
|
|
printf "%s = %s\n" "$opt" "$element" >> "$CONF_FILE" |
|
|
|
|
|
done |
|
|
|
|
|
done |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
print_list_colon() { |
|
|
|
|
|
local config=$1 |
|
|
|
|
|
local value |
|
|
|
|
|
shift |
|
|
|
|
|
for opt in "$@"; do |
|
|
|
|
|
local $opt |
|
|
|
|
|
local elements |
|
|
|
|
|
config_get "elements" "$config" "$opt" |
|
|
|
|
|
for element in $elements; do |
|
|
|
|
|
value="${value}:${element}" |
|
|
|
|
|
done |
|
|
|
|
|
printf "%s = %s\n" "$opt" "${value#*:}" >> "$CONF_FILE" |
|
|
|
|
|
done |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
service_section() { |
|
|
|
|
|
local cfg="$1" |
|
|
|
|
|
local accept_host accept_port |
|
|
|
|
|
|
|
|
|
|
|
printf "\n" >> "$CONF_FILE" |
|
|
|
|
|
printf "[%s]\n" "$cfg" >> "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
config_get accept_host "$cfg" accept_host 'localhost' |
|
|
|
|
|
config_get accept_port "$cfg" accept_port |
|
|
|
|
|
printf "accept = %s:%s\n" "$accept_host" "$accept_port" >> "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
print_options "$cfg" CApath \ |
|
|
|
|
|
CAfile \ |
|
|
|
|
|
cert \ |
|
|
|
|
|
CRLpath \ |
|
|
|
|
|
CRLfile \ |
|
|
|
|
|
curve \ |
|
|
|
|
|
logId \ |
|
|
|
|
|
debug \ |
|
|
|
|
|
engineId \ |
|
|
|
|
|
engineNum \ |
|
|
|
|
|
failover \ |
|
|
|
|
|
ident \ |
|
|
|
|
|
key \ |
|
|
|
|
|
local \ |
|
|
|
|
|
PSKidentity \ |
|
|
|
|
|
PSKsecrets \ |
|
|
|
|
|
sslVersion \ |
|
|
|
|
|
TIMEOUTbusy \ |
|
|
|
|
|
TIMEOUTclose \ |
|
|
|
|
|
TIMEOUTconnect \ |
|
|
|
|
|
TIMEOUTidle \ |
|
|
|
|
|
bool_delay \ |
|
|
|
|
|
bool_libwrap \ |
|
|
|
|
|
bool_reset \ |
|
|
|
|
|
bool_requireCert \ |
|
|
|
|
|
bool_verifyChain \ |
|
|
|
|
|
bool_verifyPeer \ |
|
|
|
|
|
bool_client |
|
|
|
|
|
|
|
|
|
|
|
print_list "$cfg" checkEmail \ |
|
|
|
|
|
checkHost \ |
|
|
|
|
|
checkIP \ |
|
|
|
|
|
connect \ |
|
|
|
|
|
options |
|
|
|
|
|
|
|
|
|
|
|
print_list_colon "$cfg" ciphers |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
process_config() { |
|
|
|
|
|
local alt_config_file |
|
|
|
|
|
|
|
|
|
|
|
rm -f "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
# First line |
|
|
|
|
|
printf "; STunnel configuration file generated by uci\n" > "$CONF_FILE" |
|
|
|
|
|
printf "; Written %s\n\n" "$(date +'%c')" >> "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
[ -f /etc/config/stunnel ] || return 0 |
|
|
|
|
|
|
|
|
|
|
|
config_load stunnel |
|
|
|
|
|
global_defs |
|
|
|
|
|
|
|
|
|
|
|
# If "alt_config_file" specified, use that instead |
|
|
|
|
|
[ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && { |
|
|
|
|
|
rm -f "$CONF_FILE" |
|
|
|
|
|
# Symlink "alt_config_file" since it's a bit easier and safer |
|
|
|
|
|
ln -s "$alt_config_file" "$CONF_FILE" |
|
|
|
|
|
return 0 |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
config_foreach service_section service |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
reload_service() { |
|
|
|
|
|
process_config |
|
|
|
|
|
# SIGHUP is used by stunnel to do init.d reload |
|
|
|
|
|
procd_send_signal stunnel |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
service_triggers() { |
|
|
|
|
|
procd_add_reload_trigger "stunnel" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
start_service() { |
|
|
start_service() { |
|
|
procd_open_instance |
|
|
procd_open_instance |
|
|
procd_set_param command /usr/bin/stunnel /etc/stunnel/stunnel.conf |
|
|
|
|
|
procd_set_param respawn # respawn automatically if something died |
|
|
|
|
|
|
|
|
procd_set_param command "$BIN" |
|
|
|
|
|
procd_append_param command "$CONF_FILE" |
|
|
|
|
|
|
|
|
|
|
|
process_config |
|
|
|
|
|
|
|
|
|
|
|
# set auto respawn behavior |
|
|
|
|
|
procd_set_param respawn |
|
|
procd_close_instance |
|
|
procd_close_instance |
|
|
} |
|
|
} |