debmon
/
stunnel4
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: debmon:upstream/5.42
Branches Tags
debmon:master
debmon:pristine-tar
debmon:upstream
debmon:upstream/5.44
debmon:upstream/5.42
debmon:debian/4.57
debmon:upstream/4.57
debmon:debian/4.53-1.1
debmon:upstream/4.53
...
compare: debmon:master
Branches Tags
debmon:master
debmon:pristine-tar
debmon:upstream
debmon:upstream/5.44
debmon:upstream/5.42
debmon:debian/4.57
debmon:upstream/4.57
debmon:debian/4.53-1.1
debmon:upstream/4.53

13 Commits
upstream/5 ... master

Author SHA1 Message Date
Mario Fetka 3f780093b7 Bump 2019-08-02 16:02:55 +02:00
Peter Pentchev a4672526d7 Imported Debian patch 3:5.44-1 2018-03-29 12:42:36 +02:00
Mario Fetka 814d2ec685 Imported Upstream version 5.44 2018-03-29 12:42:35 +02:00
Mario Fetka 814d9ca18b Bump 2017-11-15 15:06:40 +01:00
Peter Pentchev 10de5e9e32 Imported Debian patch 3:5.42-1 2017-11-15 15:03:25 +01:00
Mario Fetka 98b4ec0cd9 Bump 2017-11-15 15:03:17 +01:00
Mario Fetka 8e9bdf3481 Bump 2017-03-28 10:47:03 +02:00
Mario Fetka 18f12ad1bc Bump 2017-03-28 10:42:58 +02:00
Mario Fetka 83fe2cf45c Bump 2017-03-28 10:30:49 +02:00
Mario Fetka 595593c0e7 Bump 2017-03-28 10:29:18 +02:00
Mario Fetka 4e8986c5ef Bump 2017-03-28 10:20:27 +02:00
Mario Fetka b8998ae382 Merge tag 'upstream/4.57' 
Upstream version 4.57
 2017-03-28 10:18:04 +02:00
Salvatore Bonaccorso 8e474e5321 Imported Debian patch 3:4.53-1.1 2017-03-28 09:58:14 +02:00
124 changed files with 16452 additions and 6924 deletions
Show Stats Expand all files Collapse all files

11
.travis.yml
View File

@ -19,9 +19,16 @@ env:
addons:
apt:
packages:
- autoconf-archive
- libssl-dev
- libwrap0-dev
- nmap
before_script: autoreconf -fvi && touch src/dhparam.c
before_script:
- if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew update; brew install autoconf-archive nmap; fi; true
- autoreconf -fvi && touch src/dhparam.c
script: ./configure $CONFIGURE_OPTIONS && make && make test
script:
- ./configure $CONFIGURE_OPTIONS
- make
- make test || ( for FILE in tests/logs/*.log; do echo "*** $FILE ***"; cat "$FILE"; done; false )

23
ChangeLog
View File

@ -1,5 +1,28 @@
stunnel change log
Version 5.44, 2017.11.26, urgency: MEDIUM
* New features
- Signed Win32 executables, libraries, and installer.
* Bugfixes
- Default accept address restored to INADDR_ANY.
- Fixed a race condition in "make check".
- Fixed removing the pid file after configuration reload.
Version 5.43, 2017.11.05, urgency: LOW
* New features
- OpenSSL DLLs updated to version 1.0.2m.
- Android build updated to OpenSSL 1.1.0g.
- Allow for multiple "accept" ports per section.
- Self-test framework (make check).
- Added config load before OpenSSL init (thx to Dmitrii Pichulin).
- OpenSSL 1.1.0 support for Travis CI.
- OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
- Fixed a memory fault on Solaris.
- Fixed round-robin failover in the FORK threading model.
- Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
- Minor fixes of the logging subsystem.
Version 5.42, 2017.07.16, urgency: HIGH
* New features
- "redirect" also supports "exec" and not only "connect".

6
Makefile.am
View File

@ -3,7 +3,7 @@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src doc tools
SUBDIRS = src doc tools tests
LIBTOOL_DEPS = @LIBTOOL_DEPS@
libtool: $(LIBTOOL_DEPS)
@ -41,9 +41,7 @@ sign: dist
cert:
$(MAKE) -C tools cert
test:
$(abs_builddir)/src/stunnel -version
@echo "No tests are currently implemented"
test: check
install-data-hook:
@echo "*********************************************************"

59
Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -17,7 +17,17 @@
# by Michal Trojnara 2015-2017
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@ -81,14 +91,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = .
DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \
$(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/configure $(am__configure_deps) COPYING TODO \
auto/compile auto/config.guess auto/config.sub auto/depcomp \
auto/install-sh auto/missing auto/ltmain.sh \
$(top_srcdir)/auto/compile $(top_srcdir)/auto/config.guess \
$(top_srcdir)/auto/config.sub $(top_srcdir)/auto/install-sh \
$(top_srcdir)/auto/ltmain.sh $(top_srcdir)/auto/missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
@ -96,6 +98,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
@ -187,6 +191,13 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/auto/compile \
$(top_srcdir)/auto/config.guess $(top_srcdir)/auto/config.sub \
$(top_srcdir)/auto/install-sh $(top_srcdir)/auto/ltmain.sh \
$(top_srcdir)/auto/missing AUTHORS COPYING ChangeLog INSTALL \
NEWS README TODO auto/compile auto/config.guess \
auto/config.sub auto/depcomp auto/install-sh auto/ltmain.sh \
auto/missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@ -269,6 +280,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@ -352,7 +364,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src doc tools
SUBDIRS = src doc tools tests
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE \
INSTALL.FIPS build-android.sh .travis.yml
doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog PORTS BUGS \
@ -380,7 +392,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@ -617,15 +628,15 @@ dist-xz: distdir
$(am__post_remove_distdir)
dist-tarZ: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
dist-shar: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__post_remove_distdir)
@ -661,17 +672,17 @@ distcheck: dist
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
mkdir $(distdir)/_build $(distdir)/_inst
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure \
&& $(am__cd) $(distdir)/_build/sub \
&& ../../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=.. --prefix="$$dc_install_base" \
--srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
@ -853,6 +864,8 @@ uninstall-am: uninstall-docDATA
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-am uninstall uninstall-am uninstall-docDATA
.PRECIOUS: Makefile
libtool: $(LIBTOOL_DEPS)
$(SHELL) ./config.status libtool
@ -877,9 +890,7 @@ sign: dist
cert:
$(MAKE) -C tools cert
test:
$(abs_builddir)/src/stunnel -version
@echo "No tests are currently implemented"
test: check
install-data-hook:
@echo "*********************************************************"

501
aclocal.m4 vendored
View File

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -26,7 +26,7 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
#
# SYNOPSIS
#
# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
@ -42,6 +42,8 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
# force the compiler to issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
#
# NOTE: This macro depends on the AX_APPEND_FLAG and
# AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with
# AX_APPEND_LINK_FLAGS.
@ -76,13 +78,13 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 4
#serial 5
AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
[AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
for flag in $1; do
AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3])
AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4])
done
])dnl AX_APPEND_COMPILE_FLAGS
@ -137,22 +139,24 @@ done
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 2
#serial 6
AC_DEFUN([AX_APPEND_FLAG],
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl
AS_VAR_SET_IF(FLAGS,
[case " AS_VAR_GET(FLAGS) " in
*" $1 "*)
AC_RUN_LOG([: FLAGS already contains $1])
;;
*)
AC_RUN_LOG([: FLAGS="$FLAGS $1"])
AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"])
;;
esac],
[AS_VAR_SET(FLAGS,["$1"])])
[dnl
AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
AS_VAR_SET_IF(FLAGS,[
AS_CASE([" AS_VAR_GET(FLAGS) "],
[*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
[
AS_VAR_APPEND(FLAGS,[" $1"])
AC_RUN_LOG([: FLAGS="$FLAGS"])
])
],
[
AS_VAR_SET(FLAGS,[$1])
AC_RUN_LOG([: FLAGS="$FLAGS"])
])
AS_VAR_POPDEF([FLAGS])dnl
])dnl AX_APPEND_FLAG
@ -162,7 +166,7 @@ AS_VAR_POPDEF([FLAGS])dnl
#
# SYNOPSIS
#
# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
@ -177,6 +181,8 @@ AS_VAR_POPDEF([FLAGS])dnl
# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
# issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
#
# NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG.
# Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS.
#
@ -210,13 +216,13 @@ AS_VAR_POPDEF([FLAGS])dnl
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 4
#serial 5
AC_DEFUN([AX_APPEND_LINK_FLAGS],
[AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
for flag in $1; do
AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3])
AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3], [$4])
done
])dnl AX_APPEND_LINK_FLAGS
@ -277,10 +283,10 @@ done
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 3
#serial 4
AC_DEFUN([AX_CHECK_COMPILE_FLAG],
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
@ -289,7 +295,7 @@ AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
[AS_VAR_SET(CACHEVAR,[yes])],
[AS_VAR_SET(CACHEVAR,[no])])
_AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
AS_VAR_IF(CACHEVAR,yes,
[m4_default([$2], :)],
[m4_default([$3], :)])
AS_VAR_POPDEF([CACHEVAR])dnl
@ -352,10 +358,11 @@ AS_VAR_POPDEF([CACHEVAR])dnl
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 3
#serial 4
AC_DEFUN([AX_CHECK_LINK_FLAG],
[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
ax_check_save_flags=$LDFLAGS
LDFLAGS="$LDFLAGS $4 $1"
@ -363,7 +370,7 @@ AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
[AS_VAR_SET(CACHEVAR,[yes])],
[AS_VAR_SET(CACHEVAR,[no])])
LDFLAGS=$ax_check_save_flags])
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
AS_VAR_IF(CACHEVAR,yes,
[m4_default([$2], :)],
[m4_default([$3], :)])
AS_VAR_POPDEF([CACHEVAR])dnl
@ -390,10 +397,10 @@ AS_VAR_POPDEF([CACHEVAR])dnl
# is necessary on AIX to use the special cc_r compiler alias.)
#
# NOTE: You are assumed to not only compile your program with these flags,
# but also link it with them as well. e.g. you should link with
# but also to link with them as well. For example, you might link with
# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
#
# If you are only building threads programs, you may wish to use these
# If you are only building threaded programs, you may wish to use these
# variables in your default LIBS, CFLAGS, and CC:
#
# LIBS="$PTHREAD_LIBS $LIBS"
@ -401,8 +408,8 @@ AS_VAR_POPDEF([CACHEVAR])dnl
# CC="$PTHREAD_CC"
#
# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
# (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
# has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to
# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
#
# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
# PTHREAD_PRIO_INHERIT symbol is defined when compiling with
@ -453,35 +460,40 @@ AS_VAR_POPDEF([CACHEVAR])dnl
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 21
#serial 23
AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
AC_DEFUN([AX_PTHREAD], [
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([AC_PROG_CC])
AC_REQUIRE([AC_PROG_SED])
AC_LANG_PUSH([C])
ax_pthread_ok=no
# We used to check for pthread.h first, but this fails if pthread.h
# requires special compiler flags (e.g. on True64 or Sequent).
# requires special compiler flags (e.g. on Tru64 or Sequent).
# It gets checked for in the link test anyway.
# First of all, check if the user has set any of the PTHREAD_LIBS,
# etcetera environment variables, and if threads linking works using
# them:
if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
save_CFLAGS="$CFLAGS"
if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then
ax_pthread_save_CC="$CC"
ax_pthread_save_CFLAGS="$CFLAGS"
ax_pthread_save_LIBS="$LIBS"
AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"])
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
save_LIBS="$LIBS"
LIBS="$PTHREAD_LIBS $LIBS"
AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
AC_TRY_LINK_FUNC([pthread_join], [ax_pthread_ok=yes])
AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS])
AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes])
AC_MSG_RESULT([$ax_pthread_ok])
if test x"$ax_pthread_ok" = xno; then
if test "x$ax_pthread_ok" = "xno"; then
PTHREAD_LIBS=""
PTHREAD_CFLAGS=""
fi
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
CC="$ax_pthread_save_CC"
CFLAGS="$ax_pthread_save_CFLAGS"
LIBS="$ax_pthread_save_LIBS"
fi
# We must check for the threads library under a number of different
@ -494,7 +506,7 @@ fi
# which indicates that we try without any flags at all, and "pthread-config"
# which is a program returning the flags for the Pth emulation library.
ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
# The ordering *is* (sometimes) important. Some notes on the
# individual items follow:
@ -503,82 +515,225 @@ ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mt
# none: in case threads are in libc; should be tried before -Kthread and
# other compiler flags to prevent continual compiler warnings
# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
# -pthreads: Solaris/gcc
# -mthreads: Mingw32/gcc, Lynx/gcc
# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64
# (Note: HP C rejects this with "bad form for `-t' option")
# -pthreads: Solaris/gcc (Note: HP C also rejects)
# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
# doesn't hurt to check since this sometimes defines pthreads too;
# also defines -D_REENTRANT)
# ... -mt is also the pthreads flag for HP/aCC
# doesn't hurt to check since this sometimes defines pthreads and
# -D_REENTRANT too), HP C (must be checked before -lpthread, which
# is present but should not be used directly; and before -mthreads,
# because the compiler interprets this as "-mt" + "-hreads")
# -mthreads: Mingw32/gcc, Lynx/gcc
# pthread: Linux, etcetera
# --thread-safe: KAI C++
# pthread-config: use pthread-config program (for GNU Pth library)
case ${host_os} in
case $host_os in
freebsd*)
# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
ax_pthread_flags="-kthread lthread $ax_pthread_flags"
;;
hpux*)
# From the cc(1) man page: "[-mt] Sets various -D flags to enable
# multi-threading and also sets -lpthread."
ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags"
;;
openedition*)
# IBM z/OS requires a feature-test macro to be defined in order to
# enable POSIX threads at all, so give the user a hint if this is
# not set. (We don't define these ourselves, as they can affect
# other portions of the system API in unpredictable ways.)
AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING],
[
# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS)
AX_PTHREAD_ZOS_MISSING
# endif
],
[AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])])
;;
solaris*)
# On Solaris (at least, for some versions), libc contains stubbed
# (non-functional) versions of the pthreads routines, so link-based
# tests will erroneously succeed. (We need to link with -pthreads/-mt/
# -lpthread.) (The stubs are missing pthread_cleanup_push, or rather
# a function called by this macro, so we could check for that, but
# who knows whether they'll stub that too in a future libc.) So,
# we'll just look for -pthreads and -lpthread first:
# tests will erroneously succeed. (N.B.: The stubs are missing
# pthread_cleanup_push, or rather a function called by this macro,
# so we could check for that, but who knows whether they'll stub
# that too in a future libc.) So we'll check first for the
# standard Solaris way of linking pthreads (-mt -lpthread).
ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
;;
darwin*)
ax_pthread_flags="-pthread $ax_pthread_flags"
ax_pthread_flags="-mt,pthread pthread $ax_pthread_flags"
;;
esac
# Clang doesn't consider unrecognized options an error unless we specify
# -Werror. We throw in some extra Clang-specific options to ensure that
# this doesn't happen for GCC, which also accepts -Werror.
# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC)
AC_MSG_CHECKING([if compiler needs -Werror to reject unknown flags])
save_CFLAGS="$CFLAGS"
ax_pthread_extra_flags="-Werror"
CFLAGS="$CFLAGS $ax_pthread_extra_flags -Wunknown-warning-option -Wsizeof-array-argument"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([int foo(void);],[foo()])],
[AC_MSG_RESULT([yes])],
[ax_pthread_extra_flags=
AC_MSG_RESULT([no])])
CFLAGS="$save_CFLAGS"
AS_IF([test "x$GCC" = "xyes"],
[ax_pthread_flags="-pthread -pthreads $ax_pthread_flags"])
if test x"$ax_pthread_ok" = xno; then
for flag in $ax_pthread_flags; do
# The presence of a feature test macro requesting re-entrant function
# definitions is, on some systems, a strong hint that pthreads support is
# correctly enabled
case $flag in
case $host_os in
darwin* | hpux* | linux* | osf* | solaris*)
ax_pthread_check_macro="_REENTRANT"
;;
aix*)
ax_pthread_check_macro="_THREAD_SAFE"
;;
*)
ax_pthread_check_macro="--"
;;
esac
AS_IF([test "x$ax_pthread_check_macro" = "x--"],
[ax_pthread_check_cond=0],
[ax_pthread_check_cond="!defined($ax_pthread_check_macro)"])
# Are we compiling with Clang?
AC_CACHE_CHECK([whether $CC is Clang],
[ax_cv_PTHREAD_CLANG],
[ax_cv_PTHREAD_CLANG=no
# Note that Autoconf sets GCC=yes for Clang as well as GCC
if test "x$GCC" = "xyes"; then
AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG],
[/* Note: Clang 2.7 lacks __clang_[a-z]+__ */
# if defined(__clang__) && defined(__llvm__)
AX_PTHREAD_CC_IS_CLANG
# endif
],
[ax_cv_PTHREAD_CLANG=yes])
fi
])
ax_pthread_clang="$ax_cv_PTHREAD_CLANG"
ax_pthread_clang_warning=no
# Clang needs special handling, because older versions handle the -pthread
# option in a rather... idiosyncratic way
if test "x$ax_pthread_clang" = "xyes"; then
# Clang takes -pthread; it has never supported any other flag
# (Note 1: This will need to be revisited if a system that Clang
# supports has POSIX threads in a separate library. This tends not
# to be the way of modern systems, but it's conceivable.)
# (Note 2: On some systems, notably Darwin, -pthread is not needed
# to get POSIX threads support; the API is always present and
# active. We could reasonably leave PTHREAD_CFLAGS empty. But
# -pthread does define _REENTRANT, and while the Darwin headers
# ignore this macro, third-party headers might not.)
PTHREAD_CFLAGS="-pthread"
PTHREAD_LIBS=
ax_pthread_ok=yes
# However, older versions of Clang make a point of warning the user
# that, in an invocation where only linking and no compilation is
# taking place, the -pthread option has no effect ("argument unused
# during compilation"). They expect -pthread to be passed in only
# when source code is being compiled.
#
# Problem is, this is at odds with the way Automake and most other
# C build frameworks function, which is that the same flags used in
# compilation (CFLAGS) are also used in linking. Many systems
# supported by AX_PTHREAD require exactly this for POSIX threads
# support, and in fact it is often not straightforward to specify a
# flag that is used only in the compilation phase and not in
# linking. Such a scenario is extremely rare in practice.
#
# Even though use of the -pthread flag in linking would only print
# a warning, this can be a nuisance for well-run software projects
# that build with -Werror. So if the active version of Clang has
# this misfeature, we search for an option to squash it.
AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread],
[ax_cv_PTHREAD_CLANG_NO_WARN_FLAG],
[ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
# Create an alternate version of $ac_link that compiles and
# links in two steps (.c -> .o, .o -> exe) instead of one
# (.c -> exe), because the warning occurs only in the second
# step
ax_pthread_save_ac_link="$ac_link"
ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g'
ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"`
ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)"
ax_pthread_save_CFLAGS="$CFLAGS"
for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do
AS_IF([test "x$ax_pthread_try" = "xunknown"], [break])
CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS"
ac_link="$ax_pthread_save_ac_link"
AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])],
[ac_link="$ax_pthread_2step_ac_link"
AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])],
[break])
])
done
ac_link="$ax_pthread_save_ac_link"
CFLAGS="$ax_pthread_save_CFLAGS"
AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no])
ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try"
])
case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in
no | unknown) ;;
*) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;;
esac
fi # $ax_pthread_clang = yes
if test "x$ax_pthread_ok" = "xno"; then
for ax_pthread_try_flag in $ax_pthread_flags; do
case $ax_pthread_try_flag in
none)
AC_MSG_CHECKING([whether pthreads work without any flags])
;;
-mt,pthread)
AC_MSG_CHECKING([whether pthreads work with -mt -lpthread])
PTHREAD_CFLAGS="-mt"
PTHREAD_LIBS="-lpthread"
;;
-*)
AC_MSG_CHECKING([whether pthreads work with $flag])
PTHREAD_CFLAGS="$flag"
AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag])
PTHREAD_CFLAGS="$ax_pthread_try_flag"
;;
pthread-config)
AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no])
if test x"$ax_pthread_config" = xno; then continue; fi
AS_IF([test "x$ax_pthread_config" = "xno"], [continue])
PTHREAD_CFLAGS="`pthread-config --cflags`"
PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
;;
*)
AC_MSG_CHECKING([for the pthreads library -l$flag])
PTHREAD_LIBS="-l$flag"
AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag])
PTHREAD_LIBS="-l$ax_pthread_try_flag"
;;
esac
save_LIBS="$LIBS"
save_CFLAGS="$CFLAGS"
ax_pthread_save_CFLAGS="$CFLAGS"
ax_pthread_save_LIBS="$LIBS"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
LIBS="$PTHREAD_LIBS $LIBS"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS $ax_pthread_extra_flags"
# Check for various functions. We must include pthread.h,
# since some functions may be macros. (On the Sequent, we
@ -589,7 +744,11 @@ for flag in $ax_pthread_flags; do
# pthread_cleanup_push because it is one of the few pthread
# functions on Solaris that doesn't have a non-functional libc stub.
# We try pthread_create on general principles.
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
# if $ax_pthread_check_cond
# error "$ax_pthread_check_macro must be defined"
# endif
static void routine(void *a) { a = 0; }
static void *start_routine(void *a) { return a; }],
[pthread_t th; pthread_attr_t attr;
@ -598,16 +757,14 @@ for flag in $ax_pthread_flags; do
pthread_attr_init(&attr);
pthread_cleanup_push(routine, 0);
pthread_cleanup_pop(0) /* ; */])],
[ax_pthread_ok=yes],
[])
[ax_pthread_ok=yes],
[])
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
CFLAGS="$ax_pthread_save_CFLAGS"
LIBS="$ax_pthread_save_LIBS"
AC_MSG_RESULT([$ax_pthread_ok])
if test "x$ax_pthread_ok" = xyes; then
break;
fi
AS_IF([test "x$ax_pthread_ok" = "xyes"], [break])
PTHREAD_LIBS=""
PTHREAD_CFLAGS=""
@ -615,71 +772,74 @@ done
fi
# Various other checks:
if test "x$ax_pthread_ok" = xyes; then
save_LIBS="$LIBS"
LIBS="$PTHREAD_LIBS $LIBS"
save_CFLAGS="$CFLAGS"
if test "x$ax_pthread_ok" = "xyes"; then
ax_pthread_save_CFLAGS="$CFLAGS"
ax_pthread_save_LIBS="$LIBS"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
LIBS="$PTHREAD_LIBS $LIBS"
# Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
AC_MSG_CHECKING([for joinable pthread attribute])
attr_name=unknown
for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
[int attr = $attr; return attr /* ; */])],
[attr_name=$attr; break],
[])
done
AC_MSG_RESULT([$attr_name])
if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], [$attr_name],
[Define to necessary symbol if this constant
uses a non-standard name on your system.])
fi
AC_CACHE_CHECK([for joinable pthread attribute],
[ax_cv_PTHREAD_JOINABLE_ATTR],
[ax_cv_PTHREAD_JOINABLE_ATTR=unknown
for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
[int attr = $ax_pthread_attr; return attr /* ; */])],
[ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break],
[])
done
])
AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \
test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \
test "x$ax_pthread_joinable_attr_defined" != "xyes"],
[AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE],
[$ax_cv_PTHREAD_JOINABLE_ATTR],
[Define to necessary symbol if this constant
uses a non-standard name on your system.])
ax_pthread_joinable_attr_defined=yes
])
AC_MSG_CHECKING([if more special flags are required for pthreads])
flag=no
case ${host_os} in
aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";;
osf* | hpux*) flag="-D_REENTRANT";;
solaris*)
if test "$GCC" = "yes"; then
flag="-D_REENTRANT"
else
# TODO: What about Clang on Solaris?
flag="-mt -D_REENTRANT"
fi
;;
esac
AC_MSG_RESULT([$flag])
if test "x$flag" != xno; then
PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
fi
AC_CACHE_CHECK([whether more special flags are required for pthreads],
[ax_cv_PTHREAD_SPECIAL_FLAGS],
[ax_cv_PTHREAD_SPECIAL_FLAGS=no
case $host_os in
solaris*)
ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS"
;;
esac
])
AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \
test "x$ax_pthread_special_flags_added" != "xyes"],
[PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS"
ax_pthread_special_flags_added=yes])
AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
[ax_cv_PTHREAD_PRIO_INHERIT], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]],
[[int i = PTHREAD_PRIO_INHERIT;]])],
[ax_cv_PTHREAD_PRIO_INHERIT=yes],
[ax_cv_PTHREAD_PRIO_INHERIT=no])
[ax_cv_PTHREAD_PRIO_INHERIT],
[AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]],
[[int i = PTHREAD_PRIO_INHERIT;]])],
[ax_cv_PTHREAD_PRIO_INHERIT=yes],
[ax_cv_PTHREAD_PRIO_INHERIT=no])
])
AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"],
[AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])])
AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \
test "x$ax_pthread_prio_inherit_defined" != "xyes"],
[AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])
ax_pthread_prio_inherit_defined=yes
])
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
CFLAGS="$ax_pthread_save_CFLAGS"
LIBS="$ax_pthread_save_LIBS"
# More AIX lossage: compile with *_r variant
if test "x$GCC" != xyes; then
if test "x$GCC" != "xyes"; then
case $host_os in
aix*)
AS_CASE(["x/$CC"],
[x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
[#handle absolute path differently from PATH based program lookup
AS_CASE(["x$CC"],
[x/*],
[AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])],
[AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])])
[x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
[#handle absolute path differently from PATH based program lookup
AS_CASE(["x$CC"],
[x/*],
[AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])],
[AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])])
;;
esac
fi
@ -692,7 +852,7 @@ AC_SUBST([PTHREAD_CFLAGS])
AC_SUBST([PTHREAD_CC])
# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
if test x"$ax_pthread_ok" = xyes; then
if test "x$ax_pthread_ok" = "xyes"; then
ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1])
:
else
@ -740,7 +900,7 @@ AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
])dnl AX_REQUIRE_DEFINED
# Copyright (C) 2002-2013 Free Software Foundation, Inc.
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -752,10 +912,10 @@ AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.14'
[am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.14.1], [],
m4_if([$1], [1.15], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@ -771,14 +931,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.14.1])dnl
[AM_AUTOMAKE_VERSION([1.15])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -830,7 +990,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -861,7 +1021,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1052,7 +1212,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1128,7 +1288,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1218,8 +1378,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
@ -1293,6 +1453,9 @@ END
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
fi
fi
dnl The trailing newline in this macro's definition is deliberate, for
dnl backward compatibility and to allow trailing 'dnl'-style comments
dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
])
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
@ -1322,7 +1485,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1333,7 +1496,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
if test x"${install_sh}" != xset; then
if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
@ -1343,7 +1506,7 @@ if test x"${install_sh}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2013 Free Software Foundation, Inc.
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1364,7 +1527,7 @@ AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1414,7 +1577,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1453,7 +1616,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1482,7 +1645,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1529,7 +1692,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1548,7 +1711,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1629,7 +1792,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2013 Free Software Foundation, Inc.
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1689,7 +1852,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1717,7 +1880,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2013 Free Software Foundation, Inc.
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1736,7 +1899,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2013 Free Software Foundation, Inc.
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

2
auto/compile
View File

@ -3,7 +3,7 @@
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify

174
auto/config.guess vendored
View File

@ -1,8 +1,8 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2014 Free Software Foundation, Inc.
# Copyright 1992-2016 Free Software Foundation, Inc.
timestamp='2014-03-23'
timestamp='2016-10-02'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -24,12 +24,12 @@ timestamp='2014-03-23'
# program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
#
# Originally written by Per Bothner.
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
#
# Please send patches with a ChangeLog entry to config-patches@gnu.org.
# Please send patches to <config-patches@gnu.org>.
me=`echo "$0" | sed -e 's,.*/,,'`
@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2014 Free Software Foundation, Inc.
Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -168,19 +168,29 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || \
echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
earmv*)
arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
machine=${arch}${endian}-unknown
;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
# to ELF recently (or will in the future) and ABI.
case "${UNAME_MACHINE_ARCH}" in
earm*)
os=netbsdelf
;;
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
@ -197,6 +207,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
os=netbsd
;;
esac
# Determine ABI tags.
case "${UNAME_MACHINE_ARCH}" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
;;
esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
@ -207,13 +224,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
@ -223,6 +240,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
exit ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
exit ;;
@ -235,6 +256,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
*:Sortix:*:*)
echo ${UNAME_MACHINE}-unknown-sortix
exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
@ -251,42 +275,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
UNAME_MACHINE=alphaev5 ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
UNAME_MACHINE=alphaev56 ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
UNAME_MACHINE=alphapca56 ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
UNAME_MACHINE=alphapca57 ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
UNAME_MACHINE=alphaev6 ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
UNAME_MACHINE=alphaev67 ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
UNAME_MACHINE=alphaev69 ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
UNAME_MACHINE=alphaev7 ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
UNAME_MACHINE=alphaev79 ;;
esac
# A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
@ -359,16 +383,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build
SUN_ARCH="i386"
SUN_ARCH=i386
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH="x86_64"
SUN_ARCH=x86_64
fi
fi
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
@ -393,7 +417,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
@ -579,8 +603,9 @@ EOF
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
if [ -x /usr/bin/lslpp ] ; then
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
@ -617,13 +642,13 @@ EOF
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
32) HP_ARCH=hppa2.0n ;;
64) HP_ARCH=hppa2.0w ;;
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
@ -662,11 +687,11 @@ EOF
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
(CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
if [ ${HP_ARCH} = hppa2.0w ]
then
eval $set_cc_for_build
@ -679,12 +704,12 @@ EOF
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
HP_ARCH="hppa2.0w"
HP_ARCH=hppa2.0w
else
HP_ARCH="hppa64"
HP_ARCH=hppa64
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@ -789,14 +814,14 @@ EOF
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
@ -878,7 +903,7 @@ EOF
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
@ -901,7 +926,7 @@ EOF
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
@ -932,6 +957,9 @@ EOF
crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
e2k:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
@ -944,6 +972,9 @@ EOF
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
k1om:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
@ -969,6 +1000,9 @@ EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
mips64el:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
openrisc*:Linux:*:*)
echo or1k-unknown-linux-${LIBC}
exit ;;
@ -1001,6 +1035,9 @@ EOF
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-${LIBC}
exit ;;
riscv32:Linux:*:* | riscv64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
@ -1020,7 +1057,7 @@ EOF
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
@ -1099,7 +1136,7 @@ EOF
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configury will decide that
# prints for the "djgpp" host, or else GDB configure will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
@ -1248,6 +1285,9 @@ EOF
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
SX-ACE:SUPER-UX:*:*)
echo sxace-nec-superux${UNAME_RELEASE}
exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
@ -1261,9 +1301,9 @@ EOF
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
@ -1285,7 +1325,7 @@ EOF
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
@ -1316,7 +1356,7 @@ EOF
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
if test "$cputype" = 386; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
@ -1358,7 +1398,7 @@ EOF
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
@ -1369,23 +1409,25 @@ EOF
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
amd64:Isilon\ OneFS:*:*)
echo x86_64-unknown-onefs
exit ;;
esac
cat >&2 <<EOF
$0: unable to guess system type
This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
This script (version $timestamp), has failed to recognize the
operating system you are using. If your script is old, overwrite
config.guess and config.sub with the latest versions from:
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
pertinent to <config-patches@gnu.org> in order to provide the needed
information to handle your system.
If $0 has already been updated, send the following data and any
information you think might be pertinent to config-patches@gnu.org to
provide the necessary information to handle your system.
config.guess timestamp = $timestamp

66
auto/config.sub vendored
View File

@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2014 Free Software Foundation, Inc.
# Copyright 1992-2016 Free Software Foundation, Inc.
timestamp='2014-09-11'
timestamp='2016-11-04'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -25,7 +25,7 @@ timestamp='2014-09-11'
# of the GNU General Public License, version 3 ("GPLv3").
# Please send patches with a ChangeLog entry to config-patches@gnu.org.
# Please send patches to <config-patches@gnu.org>.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
@ -33,7 +33,7 @@ timestamp='2014-09-11'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@ -53,8 +53,7 @@ timestamp='2014-09-11'
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
Canonicalize a configuration name.
@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2014 Free Software Foundation, Inc.
Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -117,8 +116,8 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | \
kopensolaris*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | cloudabi*-eabi* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@ -255,12 +254,13 @@ case $basic_machine in
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
| ba \
| be32 | be64 \
| bfin \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
| epiphany \
| fido | fr30 | frv \
| e2k | epiphany \
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
@ -301,11 +301,12 @@ case $basic_machine in
| open8 | or1k | or1knd | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pru \
| pyramid \
| riscv32 | riscv64 \
| rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@ -313,6 +314,7 @@ case $basic_machine in
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| visium \
| we32k \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
@ -327,6 +329,9 @@ case $basic_machine in
c6x)
basic_machine=tic6x-unknown
;;
leon|leon[3-9])
basic_machine=sparc-$basic_machine
;;
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
basic_machine=$basic_machine-unknown
os=-none
@ -372,12 +377,13 @@ case $basic_machine in
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
@ -423,13 +429,15 @@ case $basic_machine in
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pru-* \
| pyramid-* \
| riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
@ -437,6 +445,7 @@ case $basic_machine in
| ubicom32-* \
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
| visium-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
@ -513,6 +522,9 @@ case $basic_machine in
basic_machine=i386-pc
os=-aros
;;
asmjs)
basic_machine=asmjs-unknown
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -633,6 +645,14 @@ case $basic_machine in
basic_machine=m68k-bull
os=-sysv3
;;
e500v[12])
basic_machine=powerpc-unknown
os=$os"spe"
;;
e500v[12]-*)
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
os=$os"spe"
;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
@ -774,6 +794,9 @@ case $basic_machine in
basic_machine=m68k-isi
os=-sysv
;;
leon-*|leon[3-9]-*)
basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
;;
m68knommu)
basic_machine=m68k-unknown
os=-linux
@ -1009,7 +1032,7 @@ case $basic_machine in
ppc-* | ppcbe-*)
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
ppcle | powerpclittle)
basic_machine=powerpcle-unknown
;;
ppcle-* | powerpclittle-*)
@ -1019,7 +1042,7 @@ case $basic_machine in
;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
ppc64le | powerpc64little)
basic_machine=powerpc64le-unknown
;;
ppc64le-* | powerpc64little-*)
@ -1365,18 +1388,18 @@ case $os in
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \
| -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
| -bitrig* | -openbsd* | -solidbsd* \
| -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
@ -1385,7 +1408,8 @@ case $os in
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
| -onefs* | -tirtos* | -phoenix* | -fuchsia*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1517,6 +1541,8 @@ case $os in
;;
-nacl*)
;;
-ios)
;;
-none)
;;
*)

2
auto/depcomp
View File

@ -3,7 +3,7 @@
scriptversion=2013-05-30.07; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by

364
auto/install-sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
scriptversion=2014-09-12.12; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC
# This script is compatible with the BSD install script, but was written
# from scratch.
tab=' '
nl='
'
IFS=" "" $nl"
IFS=" $tab$nl"
# set DOITPROG to echo to test this script
# Set DOITPROG to "echo" to test this script.
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
doit_exec=${doit:-exec}
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
@ -68,17 +64,6 @@ mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
@ -97,7 +82,7 @@ dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
is_target_a_directory=possibly
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
@ -137,46 +122,57 @@ while test $# -ne 0; do
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
case $mode in
*' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-t)
is_target_a_directory=always
dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) no_target_directory=true;;
-T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
# We allow the use of options -d and -T together, by making -d
# take the precedence; this is for compatibility with GNU install.
if test -n "$dir_arg"; then
if test -n "$dst_arg"; then
echo "$0: target directory not allowed when installing a directory." >&2
exit 1
fi
fi
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
@ -207,6 +203,15 @@ if test $# -eq 0; then
exit 0
fi
if test -z "$dir_arg"; then
if test $# -gt 1 || test "$is_target_a_directory" = always; then
if test ! -d "$dst_arg"; then
echo "$0: $dst_arg: Is not a directory." >&2
exit 1
fi
fi
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
@ -223,16 +228,16 @@ if test -z "$dir_arg"; then
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw='% 200'
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw=,u+rw
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
@ -269,41 +274,15 @@ do
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
dstdir=`dirname "$dst"`
test -d "$dstdir"
dstdir_status=$?
fi
@ -314,81 +293,81 @@ do
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
# $RANDOM is not portable (e.g. dash); use it when possible to
# lower collision chance
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
# create the $tmpdir first (and fail if unsuccessful) to make sure
# that nobody tries to guess the $tmpdir name.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac;;
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
# create the $tmpdir first (and fail if unsuccessful) to make sure
# that nobody tries to guess the $tmpdir name.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
@ -398,53 +377,51 @@ do
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set -f
set fnord $dstdir
shift
$posix_glob set +f
set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
@ -479,15 +456,12 @@ do
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
@ -500,24 +474,24 @@ do
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1

5585
auto/ltmain.sh
View File

File diff suppressed because it is too large Load Diff

2
auto/missing
View File

@ -3,7 +3,7 @@
scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify

4
build-android.sh
View File

@ -1,10 +1,10 @@
#!/bin/sh
set -ev
VERSION=5.42
VERSION=5.44
DST=stunnel-$VERSION-android
# to build OpenSSL:
# ./Configure threads no-shared no-dso --cross-compile-prefix=arm-linux-androideabi- --openssldir=/opt/androideabi/sysroot linux-armv4
# ./Configure threads no-shared no-dso --cross-compile-prefix=arm-linux-androideabi- --prefix=/opt/androideabi/sysroot linux-armv4
# make install
test -f Makefile && make distclean

6958
configure vendored
View File

File diff suppressed because it is too large Load Diff

4
configure.ac
View File

@ -1,6 +1,6 @@
# Process this file with autoconf to produce a configure script.
AC_INIT([stunnel],[5.42])
AC_INIT([stunnel],[5.44])
AC_MSG_NOTICE([**************************************** initialization])
AC_CONFIG_AUX_DIR(auto)
AC_CONFIG_MACRO_DIR([m4])
@ -461,7 +461,7 @@ CPPFLAGS="$valid_CPPFLAGS"
LIBS="$valid_LIBS"
AC_MSG_NOTICE([**************************************** write the results])
AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile tools/Makefile])
AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile])
AC_OUTPUT
AC_MSG_NOTICE([**************************************** success])

84
debian/README.Debian vendored Normal file
View File

@ -0,0 +1,84 @@
This is the Stunnel 4.x package for Debian.
* Upgrading from stunnel to stunnel4
Stunnel 3 has been deprecated from Debian. The new stunnel4 has a
different command line syntax and configuration. You will need to
update your scripts.
The wrapper script /usr/bin/stunnel3 understands stunnel3 command line
syntax and calls stunnel4 with appropriate options. It appears to
support every stunnel3 option *except* -S (which controls the defaults
used for certificate sources).
* Basic configuration
After installation, you should :
- edit /etc/stunnel/stunnel.conf
- edit /etc/default/stunnel and set ENABLE=1, if you want your
configured tunnels to start automatically on boot.
- generate a certificate for use with stunnel if you want to use server mode
Sergio Rua <srua@debian.org> made a perl front-end for the stunnel
configuration. It is very simple and only includes a couple of configuration
options. This script is located in
/usr/share/doc/stunnel4/contrib/StunnelConf-0.1.pl
It requires libgnome2-perl and libgtk2-perl.
* How to create SSL keys for stunnel
The certificates default directory is /etc/ssl/certs, so cd into that dir
and issue the command:
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
Fill in the info requested.
Change 'stunnel.pem' to the name of the certificate you need to
create. stunnel.pem will be used by default by stunnel, but you want
to create different certificates for different services you run with
stunnel. Make sure only root can read the file (or only the user that
needs to read it, if stunnel is run as that user):
chmod 600 stunnel.pem
Now you need to append the DH parameters to the certificate.
First you need to generate some amount of random data:
dd if=/dev/urandom of=temp_file count=2
Use /dev/random if you want a more secure source of data, but make
sure you have enough entropy on you system (the output file should be
at least 512 bytes long).
And now make openssl generate the DH parameters and append them to the
certificate file:
openssl dhparam -rand temp_file 512 >> stunnel.pem
You also want to link the certificate to its hash name so that openssl
can find it also by that means:
ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
Read the manual page for openssl for more info on the various options.
* FIPS
Since version 4.21 stunnel includes support for OpenSSL's FIPS mode. However,
using it requires stunnel to be compiled statically against OpenSSL and all
supporting libraries. Thus, this option is disabled in the Debian package.
See the OpenSSL FIPS User Guide at
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
and the OpenSSL notes about FIPS 140-2 at
https://www.openssl.org/docs/fips/fipsnotes.html
- Julien LEMOINE <speedblue@debian.org>, Sun, 19 Feb 2006 17:31:24 +0100
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com>, Sat, 30 Oct 2007 14:50:54 z

477
debian/StunnelConf-0.1.pl vendored Normal file
View File

@ -0,0 +1,477 @@
#!/usr/bin/perl
# Copyright (C) 2004 Sergio Rua <srua@debian.org>
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
#
# On Debian GNU/Linux systems, the complete text of the GNU General
# Public License can be found in `/usr/share/common-licenses/GPL'.
use strict;
use Gtk2;
use Gnome2;
use Gtk2::SimpleList;
use constant TRUE => 1;
use constant FALSE => 0;
# Please configure if necessary!
my $cfgfile = "/etc/stunnel/stunnel.conf";
my $backup_cfg = 1;
my $base_cfg_dir = $cfgfile;$base_cfg_dir=~s/\/stunnel\.conf//g;
# global variables
my $ekey;
my $ecert;
my $verify;
my $app;
my $elog;
my $clientmode;
my $debuglevel;
my $capath;
my $list;
sub mydie
{
my ($msg)=@_;
print "$msg\n";
Gtk2->main_quit;
exit (-1);
}
sub sel_file
{
my ($title,$entry,$isfile)=@_;
my $fsel=Gtk2::FileSelection->new($title);
$fsel->ok_button->signal_connect("clicked",sub {
print "OK: ". $fsel->get_filename."\n";
$entry->set_text($fsel->get_filename);
$fsel->destroy;
});
$fsel->cancel_button->signal_connect("clicked",sub { $fsel->destroy; });
$fsel->show;
}
sub add_connection
{
my $win = new Gtk2::Window("toplevel");
$win->set_position("center");
my $vbox = new Gtk2::VBox( 0, 2 );
$win->add($vbox);
$vbox->show;
my $druid = new Gnome2::Druid;
$druid->signal_connect("cancel", sub { $win->destroy; } );
$vbox->pack_start($druid,0,0,0);
my $druid_start = new Gnome2::DruidPageEdge("GNOME_EDGE_START");
$druid_start->set_title("Connections setup");
$druid_start->set_text("Please follow this configuration wizard to ".
"configure your connections\n");
# $druid_start->set_watermark($logo);
$druid_start->show;
$druid->append_page($druid_start);
# Second Step: accepting connections
my $druid_name = new Gnome2::DruidPageStandard();
$druid_name->set_title("Connection name");
my $dvbox=new Gtk2::VBox(2,2);
my $dtable=new Gtk2::Table(2,2,FALSE);
$dvbox->pack_start($dtable,FALSE,FALSE,0);
my $label=new Gtk2::Label("Enter this connection name");
$dtable->attach($label,0,1,0,1,["fill"],["fill"],0,0);
my $ename=new Gtk2::Entry();
$dtable->attach($ename,1,2,0,1,["fill"],["fill"],0,0);
$druid_name->append_item("",$dvbox,"");
$druid_name->show_all;
# add page to the druid
$druid->append_page($druid_name);
# Second Step: accepting connections
my $druid_accept = new Gnome2::DruidPageStandard();
$druid_accept->set_title("Accepting connections");
my $dvbox=new Gtk2::VBox(2,2);
my $dtable=new Gtk2::Table(2,2,FALSE);
$dvbox->pack_start($dtable,FALSE,FALSE,0);
my $accept_error=new Gtk2::Label("");
$dtable->attach($accept_error,0,1,0,1,["fill"],["fill"],0,0);
my $label=new Gtk2::Label("IP or hostname");
$dtable->attach($label,0,1,1,2,["fill"],["fill"],0,0);
my $eip=new Gtk2::Entry();
$dtable->attach($eip,1,2,1,2,["fill"],["fill"],0,0);
my $label=new Gtk2::Label("Port number");
$dtable->attach($label,0,1,2,3,["fill"],["fill"],0,0);
my $eport=new Gtk2::Entry();
$dtable->attach($eport,1,2,2,3,["fill"],["fill"],0,0);
$druid_accept->append_item("",$dvbox,"");
$druid_accept->show_all;
# add page to the druid
$druid->append_page($druid_accept);
# Third Step: connecting to...
my $druid_connect = new Gnome2::DruidPageStandard();
$druid_connect->set_title("Connection To...");
my $dvbox=new Gtk2::VBox(2,2);
my $dtable=new Gtk2::Table(2,2,FALSE);
$dvbox->pack_start($dtable,FALSE,FALSE,0);
my $label=new Gtk2::Label("IP or hostname");
$dtable->attach($label,0,1,0,1,["fill"],["fill"],0,0);
my $etoip=new Gtk2::Entry();
$dtable->attach($etoip,1,2,0,1,["fill"],["fill"],0,0);
my $label=new Gtk2::Label("Port number");
$dtable->attach($label,0,1,1,2,["fill"],["fill"],0,0);
my $etoport=new Gtk2::Entry();
$dtable->attach($etoport,1,2,1,2,["fill"],["fill"],0,0);
$druid_connect->append_item("",$dvbox,"");
$druid_connect->show_all;
# add page to the druid
$druid->append_page($druid_connect);
# Finishing and adding connection
my $druid_finish = new Gnome2::DruidPageEdge("GNOME_EDGE_FINISH");
$druid_finish->set_title("Configuration Finished.");
$druid_finish->set_text("The configuration has been finished. Click to either save or cancel");
# $druid_finish->set_logo($logo2);
$druid_finish->signal_connect("finish", sub {
my $acip=$eip->get_text();
my $acport=$eport->get_text();
my $coip=$etoip->get_text();
my $coport=$etoport->get_text();
my $dslist = $list->{data};
push @$dslist, [ $ename->get_text(), $acip.":".$acport, $coip.":".$coport ];
$win->destroy;
});
$druid_finish->show;
$druid->append_page($druid_finish);
$druid->show;
$win->show;
}
sub load_config_file
{
my $con=$list->{data};
my $name="";
my $accept="";
my $connect="";
if (! -s $cfgfile) {
print "Config file not found. Starting from scratch!\n";
return (0);
}
open F, "<$cfgfile" or die "$cfgfile: $!\n";
while (<F>) {
$_=~s/\n//g;
if ($_=~/^cert.*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
$ecert->set_text($value);
} elsif ($_=~/^key.*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
$ekey->set_text($value);
} elsif ($_=~/^verify.*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
if ($value==1) {
$verify->entry->set_text("verify peer certificate if present");
} elsif ($value==2) {
$verify->entry->set_text("verify peer certificate");
} elsif ($value==3) {
$verify->entry->set_text("verify peer with locally installed certificate");
} else {
$verify->entry->set_text("no verify");
}
} elsif ($_=~/^client.*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
$clientmode->entry->set_text($value);
} elsif ($_=~/^(capath|CApath).*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
$capath->set_text($value);
} elsif ($_=~/^debug.*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
$debuglevel->entry->set_text($value);
} elsif ($_=~/^output.*=.*/) {
(undef,my $value) = split "=",$_;
$value=~s/(\ |\t)//g;
$elog->set_text($value);
} elsif ($_=~/^\[.*/) {
$_=~s/\[//g;
$_=~s/\]//g;
$name=$_;
} elsif ($_=~/^accept.*=.*/) {
(undef,$accept) = split "=",$_;
$accept=~s/(\ |\t)//g;
} elsif ($_=~/^connect.*=.*/) {
(undef,$connect) = split "=",$_;
$connect=~s/(\ |\t)//g;
}
# load connection
if (($accept) && ($name) && ($connect)) {
push @$con, [ $name, $accept, $connect ];
$name=$connect=$accept="";
}
}
close F;
}
sub save_config_file
{
if ($backup_cfg) {
chdir ($base_cfg_dir);
rename($cfgfile,$cfgfile.".$$") or
print "Error at \n$cfgfile: $!\nNo backup made!\n";
}
open O, ">$cfgfile" or
mydie "Cannot open config file: $!\n";
print "Saving $cfgfile\n\n\n";
print O "# Configuration file created by \"stunnelconf\" by ".
"Sergio Rua <srua\@debian.org>\n\n";
if ($ekey->get_text()) {
print O "key = ".$ekey->get_text()."\n";
}
if ($ecert->get_text()) {
print O "cert = ".$ecert->get_text()."\n";
}
print O "verify = ".$verify->entry->get_text()."\n";
print O "output = ".$elog->get_text()."\n";
print O "client = ".$clientmode->entry->get_text()."\n";
print O "debug = ".$debuglevel->entry->get_text()."\n";
print O "CApath = ".$capath->get_text()."\n";
print O "\n\n"; # just some spaces
my @rowref = @{$list->{data}};
my $i=0;
for $i (0 .. $#rowref) {
print O "[".$rowref[$i][0] . "]\n";
# if no hostname, ugly ":" to be removed
$rowref[$i][1]=~s/^://g;
$rowref[$i][2]=~s/^://g;
print O "accept = ".$rowref[$i][1] . "\n";
print O "connect = ".$rowref[$i][2] . "\n";
print O "\n"; # just some spaces
}
close O;
Gtk2->main_quit;
return 0;
}
sub create_main_win
{
$app = Gnome2::App->new ("stunnel-conf");
$app->set_default_size(470,410);
$app->signal_connect( 'destroy' => sub { Gtk2->main_quit; } );
$app->set_title("Stunnel Configuration");
my $vbox=Gtk2::VBox->new(FALSE,0);
my $frame=Gtk2::Frame->new("Common options");
$vbox->pack_start($frame,TRUE, TRUE, 0);
my $table=Gtk2::Table->new(6, 2, FALSE);
$frame->add($table);
my $label0=Gtk2::Label->new("Private Key");
$table->attach($label0,0,1,0,1,["fill"],["fill"],0,0);
my $label1=Gtk2::Label->new("Certificate");
$table->attach($label1,0,1,1,2,["fill"],["fill"],0,0);
my $label2=Gtk2::Label->new("Verify level");
$table->attach($label2,0,1,2,3,["fill"],["fill"],0,0);
my $label3=Gtk2::Label->new("Log output");
$table->attach($label3,0,1,3,4,["fill"],["fill"],0,0);
my $label4=Gtk2::Label->new("Client mode");
$table->attach($label4,0,1,4,5,["fill"],["fill"],0,0);
my $label5=Gtk2::Label->new("Debug level");
$table->attach($label5,0,1,5,6,["fill"],["fill"],0,0);
my $label6=Gtk2::Label->new("Certificates path");
$table->attach($label6,0,1,6,7,["fill"],["fill"],0,0);
# Private Key
my $hbox0=Gtk2::HBox->new(FALSE,0);
$table->attach($hbox0,1,2,0,1,["fill"],["fill"],0,0);
$ekey=Gtk2::Entry->new();
$hbox0->pack_start($ekey,TRUE,TRUE,0);
my $bkey=Gtk2::Button->new_from_stock("gtk-open");
$bkey->signal_connect("clicked",sub {
sel_file("Select private key",$ekey);
});
$hbox0->pack_start($bkey,FALSE,FALSE,0);
# Certificate
my $hbox1=Gtk2::HBox->new(FALSE,0);
$table->attach($hbox1,1,2,1,2,["fill"],["fill"],0,0);
$ecert=Gtk2::Entry->new();
$hbox1->pack_start($ecert,TRUE,TRUE,0);
my $bcert=Gtk2::Button->new_from_stock("gtk-open");
$bcert->signal_connect("clicked",sub {
sel_file("Select certificate",$ecert);
});
$hbox1->pack_start($bcert,FALSE,FALSE,0);
# Auth level - verify
$verify = Gtk2::Combo->new();
$verify->entry->set_text("no verify");
$verify->set_popdown_strings(("no verify",
"verify peer certificate if present",
"verify peer certificate",
"verify peer with locally installed certificate"));
$table->attach($verify,1,2,2,3,["fill"],["fill"],0,0);
# Log output
my $hbox2=Gtk2::HBox->new(FALSE,0);
$table->attach($hbox2,1,2,3,4,["fill"],["fill"],0,0);
$elog=Gtk2::Entry->new();
$hbox2->pack_start($elog,TRUE,TRUE,0);
my $blog=Gtk2::Button->new_from_stock("gtk-open");
$blog->signal_connect("clicked",sub {
sel_file("Select log file",$elog);
});
$hbox2->pack_start($blog,FALSE,FALSE,0);
# Client mode
$clientmode = Gtk2::Combo->new();
$clientmode->entry->set_text("no verify");
$clientmode->set_popdown_strings(("yes","no"));
$table->attach($clientmode,1,2,4,5,["fill"],["fill"],0,0);
# Debug level
$debuglevel = Gtk2::Combo->new();
$debuglevel->entry->set_text("no verify");
$debuglevel->set_popdown_strings(("0","1","5","7"));
$table->attach($debuglevel,1,2,5,6,["fill"],["fill"],0,0);
# CA path
my $hbox3=Gtk2::HBox->new(FALSE,0);
$table->attach($hbox3,1,2,6,7,["fill"],["fill"],0,0);
$capath=Gtk2::Entry->new();
$hbox3->pack_start($capath,TRUE,TRUE,0);
# my $bcapath=Gtk2::Button->new_from_stock("gtk-open");
# $bcapath->signal_connect("clicked",sub {
# sel_file("Select Certificates Path",$capath);
# });
# $hbox3->pack_start($bcapath,FALSE,FALSE,0);
# connections section
my $frame2=Gtk2::Frame->new("Connections");
$vbox->pack_start($frame2,TRUE, TRUE, 0);
my $hbox4=Gtk2::HBox->new(FALSE,0);
$list=Gtk2::SimpleList->new (
'Name' => 'text',
'Accept' => 'text',
'Connect' => 'text',
);
# $list->get_selection->set_mode ('multiple');
my $scwin = Gtk2::ScrolledWindow->new;
$scwin->set_policy (qw/automatic automatic/);
$scwin->add($list);
$hbox4->pack_start($scwin,TRUE,TRUE,0);
# list buttons
my $vbbox=Gtk2::VButtonBox->new();
$vbbox->set_layout('spread');
my $badd = Gtk2::Button->new_from_stock('gtk-add');
$badd->signal_connect( 'clicked' => sub { add_connection; } );
$vbbox->add($badd);
# my $bedit = Gtk2::Button->new_from_stock('gtk-properties');
# $bedit->signal_connect( 'clicked' => sub {
# print "Edit\n";
# } );
# $vbbox->add($bedit);
my $brem = Gtk2::Button->new_from_stock('gtk-remove');
$brem->signal_connect( 'clicked' => sub {
my @sel = $list->get_selected_indices;
print @sel;
foreach my $i (@sel) {
delete $list->{data}[$i];
}
} );
$vbbox->add($brem);
$hbox4->pack_start($vbbox,FALSE,FALSE,0);
# main buttons!!!
my $bbox=Gtk2::HButtonBox->new();
$bbox->set_layout('spread');
my $bok = Gtk2::Button->new_from_stock('gtk-ok');
$bok->signal_connect( 'clicked' => sub { save_config_file; } );
$bbox->add($bok);
my $bcancel = Gtk2::Button->new_from_stock('gtk-cancel');
$bcancel->signal_connect( 'clicked' => sub { Gtk2->main_quit;} );
$bbox->add($bcancel);
$vbox->pack_start($bbox,FALSE,FALSE,0);
$frame2->add($hbox4);
# App contents and show them
$app->set_contents($vbox);
$app->show_all;
}
#
# MAIN MAIN MAIN
#
#
Gnome2::Program->init ("stunnelconf", "0.1");
$app=create_main_win;
load_config_file;
Gtk2->main;
exit 0;

1324
debian/changelog vendored Normal file
View File

File diff suppressed because it is too large Load Diff

6
debian/clean vendored Normal file
View File

@ -0,0 +1,6 @@
build-stamp
debian/stunnel4.init
doc/stunnel.8
doc/stunnel.html
doc/stunnel4.8
doc/stunnel4.pl.8

1
debian/compat vendored Normal file
View File

@ -0,0 +1 @@
10

45
debian/control vendored Normal file
View File

@ -0,0 +1,45 @@
Source: stunnel4
Section: net
Priority: optional
Build-Depends:
debhelper (>= 10),
autoconf-archive,
libssl-dev,
libsystemd-dev [linux-any],
libwrap0-dev,
netcat-traditional,
openssl,
net-tools,
procps
Maintainer: Peter Pentchev <roam@ringlet.net>
Uploaders: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Standards-Version: 4.1.1
Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/stunnel.git
Vcs-Git: https://anonscm.debian.org/git/collab-maint/stunnel.git
Homepage: https://www.stunnel.org/
Rules-Requires-Root: no
Package: stunnel4
Architecture: any
Provides: stunnel
Depends:
${shlibs:Depends},
${misc:Depends},
${perl:Depends},
lsb-base,
netbase,
openssl
Pre-Depends: adduser
Suggests: logcheck-database
Description: Universal SSL tunnel for network daemons
The stunnel program is designed to work as SSL encryption
wrapper between remote client and local (inetd-startable) or
remote server. The concept is that having non-SSL aware daemons
running on your system you can easily setup them to
communicate with clients over secure SSL channel.
.
stunnel can be used to add SSL functionality to commonly
used inetd daemons like POP-2, POP-3 and IMAP servers
without any changes in the programs' code.
.
This package contains a wrapper script for compatibility with stunnel 3.x

59
debian/copyright vendored Normal file
View File

@ -0,0 +1,59 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: stunnel
Upstream-Contact: Michal Trojnara <Michal.Trojnara@stunnel.org>
Source: https://www.stunnel.org/downloads.html
License: GPL-2+-openssl
Files: *
Copyright:
(C) 1998-2017 Michal Trojnara <Michal.Trojnara@stunnel.org>
(c) 2014 Mark Theunissen
License: GPL-2+-openssl
Files: src/stunnel3.in
Copyright: (C) 2004-2012 Michal Trojnara <Michal.Trojnara@stunnel.org>
License: GPL-2+
Files: debian/*
Copyright:
(C) 1998-2001 Paolo Molaro <lupus@debian.org>
(C) 2003-2007 Julien Lemoine <speedblue@debian.org>
(C) 2007-2012 Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
(C) 2013 Salvatore Bonaccorso <carnil@debian.org>
(C) 2014-2017 Peter Pentchev <roam@ringlet.net>
License: GPL-2+-openssl
License: GPL-2+-openssl
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
On Debian systems, the complete text of the GNU General Public License
can be found in file "/usr/share/common-licenses/GPL-2".
.
Linking stunnel statically or dynamically with other modules is making
a combined work based on stunnel. Thus, the terms and conditions of the
GNU General Public License cover the whole combination.
.
In addition, as a special exception, the copyright holder of stunnel gives you
permission to combine stunnel with free software programs or libraries that
are released under the GNU LGPL and with code included in the standard release
of OpenSSL under the OpenSSL License (or modified versions of such code, with
unchanged license). You may copy and distribute such a system following the
terms of the GNU GPL for stunnel and the licenses of the other code concerned.
.
Note that people who make modified versions of stunnel are not obligated to
grant this special exception for their modified versions; it is their choice
whether to do so. The GNU General Public License gives permission to release
a modified version without this exception; this exception also makes it
possible to release a modified version which carries forward this exception.
License: GPL-2+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
On Debian systems, the complete text of the GNU General Public License
can be found in file "/usr/share/common-licenses/GPL-2".

1
debian/dirs vendored Normal file
View File

@ -0,0 +1 @@
etc/stunnel

10
debian/doc-base vendored Normal file
View File

@ -0,0 +1,10 @@
Document: stunnel4
Title: Stunnel documentation
Author: Michal Trojnara
Abstract: This manual documents stunnel, a SSL-enhanced client and
server wrapper.
Section: System/Security
Format: HTML
Index: /usr/share/doc/stunnel4/stunnel.html
Files: /usr/share/doc/stunnel4/stunnel*.html

4
debian/docs vendored Normal file
View File

@ -0,0 +1,4 @@
BUGS
NEWS
README
TODO

38
debian/patches/01-fix-paths.patch vendored Normal file
View File

@ -0,0 +1,38 @@
Description: Update the installation directories.
Change @prefix@/... to @localstatedir@ or @sysconfdir@ as appropriate
to comply with the FHS
Forwarded: not-needed
Author: Paolo Molaro <lupus@debian.org>
Author: Julien Lemoine <speedblue@debian.org>
Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
Last-Update: 2016-07-06
--- a/tools/stunnel.conf-sample.in
+++ b/tools/stunnel.conf-sample.in
@@ -64,7 +64,7 @@
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verifyChain = yes
-CApath = /etc/ssl/certs
+CApath = @sysconfdir/ssl/certs
checkHost = pop.gmail.com
OCSPaia = yes
@@ -73,7 +73,7 @@
accept = 127.0.0.1:143
connect = imap.gmail.com:993
verifyChain = yes
-CApath = /etc/ssl/certs
+CApath = @sysconfdir/ssl/certs
checkHost = imap.gmail.com
OCSPaia = yes
@@ -82,7 +82,7 @@
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
verifyChain = yes
-CApath = /etc/ssl/certs
+CApath = @sysconfdir/ssl/certs
checkHost = smtp.gmail.com
OCSPaia = yes

103
debian/patches/02-rename-binary.patch vendored Normal file
View File

@ -0,0 +1,103 @@
Description: Change references to the binary from stunnel to stunnel4
Forwarded: not-needed
Author: Julien Lemoine <speedblue@debian.org>
Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
Last-Update: 2017-09-23
--- a/src/stunnel3.in
+++ b/src/stunnel3.in
@@ -22,7 +22,7 @@
use Getopt::Std;
# Configuration - path to stunnel (version >=4.05)
-$stunnel_bin='@bindir@/stunnel';
+$stunnel_bin='@bindir@/stunnel4';
# stunnel3 script body begins here
($read_fd, $write_fd)=POSIX::pipe();
--- a/tools/stunnel.init.in
+++ b/tools/stunnel.init.in
@@ -1,6 +1,6 @@
#! /bin/sh -e
### BEGIN INIT INFO
-# Provides: stunnel
+# Provides: stunnel4
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $syslog
@@ -21,8 +21,8 @@
. /lib/lsb/init-functions
-DEFAULTPIDFILE="/var/run/stunnel.pid"
-DAEMON=@bindir@/stunnel
+DEFAULTPIDFILE="/var/run/stunnel4.pid"
+DAEMON=@bindir@/stunnel4
NAME=stunnel
DESC="TLS tunnels"
OPTIONS=""
@@ -49,9 +49,9 @@
startdaemons() {
local res file args pidfile warn status
- if ! [ -d /var/run/stunnel ]; then
- rm -rf /var/run/stunnel
- install -d -o stunnel -g stunnel /var/run/stunnel
+ if ! [ -d /var/run/stunnel4 ]; then
+ rm -rf /var/run/stunnel4
+ install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
fi
if [ -n "$RLIMITS" ]; then
ulimit $RLIMITS
@@ -141,9 +141,9 @@
OPTIONS="-- $OPTIONS"
fi
-[ -f @sysconfdir@/default/stunnel ] && . @sysconfdir@/default/stunnel
+[ -f @sysconfdir@/default/stunnel4 ] && . @sysconfdir@/default/stunnel4
if [ "$ENABLED" = "0" ] ; then
- echo "$DESC disabled, see @sysconfdir@/default/stunnel"
+ echo "$DESC disabled, see @sysconfdir@/default/stunnel4"
exit 0
fi
--- a/tools/script.sh
+++ b/tools/script.sh
@@ -2,7 +2,7 @@
REMOTE_HOST="www.mirt.net:443"
echo "client script connecting $REMOTE_HOST"
-/usr/local/bin/stunnel -fd 10 \
+/usr/bin/stunnel4 -fd 10 \
11<&0 <<EOT 10<&0 0<&11 11<&-
client=yes
connect=$REMOTE_HOST
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -15,11 +15,11 @@
.pod.in.8.in:
pod2man -u -n stunnel -s 8 -r $(VERSION) \
- -c "stunnel TLS Proxy" -d `date +%Y.%m.%d` $< $@
+ -c "stunnel4 TLS Proxy" -d `date +%Y.%m.%d` $< $@
.pod.in.html.in:
pod2html --index --backlink --header \
- --title "stunnel TLS Proxy" --infile=$< --outfile=$@
+ --title "stunnel4 TLS Proxy" --infile=$< --outfile=$@
rm -f pod2htmd.tmp pod2htmi.tmp
edit = sed \
--- a/doc/stunnel.pl.8.in
+++ b/doc/stunnel.pl.8.in
@@ -70,8 +70,8 @@
.rr rF
.\" ========================================================================
.\"
-.IX Title "stunnel 8"
-.TH stunnel 8 "2017.04.01" "5.42" "stunnel TLS Proxy"
+.IX Title "stunnel4 8"
+.TH stunnel 8 "2017.04.01" "5.42" "stunnel4 TLS Proxy"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

19
debian/patches/03-runas-user.patch vendored Normal file
View File

@ -0,0 +1,19 @@
Description: Change the default user the binary will run as to stunnel4
Forwarded: not-needed
Author: Julien Lemoine <speedblue@debian.org>
Author: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
Last-Update: 2015-06-13
--- a/tools/stunnel.conf-sample.in
+++ b/tools/stunnel.conf-sample.in
@@ -8,8 +8,8 @@
; **************************************************************************
; It is recommended to drop root privileges if stunnel is started by root
-;setuid = nobody
-;setgid = @DEFAULT_GROUP@
+;setuid = stunnel4
+;setgid = stunnel4
; PID file is created inside the chroot jail (if enabled)
;pid = @localstatedir@/run/stunnel.pid

44
debian/patches/04-restore-pidfile-default.patch vendored Normal file
View File

@ -0,0 +1,44 @@
Description: Temporarily restore the pid file creation by default.
The init script will not be able to monitor the automatically-started
instances of stunnel if there is no pid file. For the present for the
upgrade from 4.53 the "create the pid file by default" behavior is
restored and the init script warns about configuration files that have
no "pid" setting. The intention is that in a future version the init
script will refuse to start stunnel for these configurations.
Forwarded: not-needed
Author: Peter Pentchev <roam@ringlet.net>
Bug-Debian: https://bugs.debian.org/744851
Last-Update: 2017-07-03
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -44,6 +44,7 @@
stunnel_CPPFLAGS += -I$(SSLDIR)/include
stunnel_CPPFLAGS += -DLIBDIR='"$(pkglibdir)"'
stunnel_CPPFLAGS += -DCONFDIR='"$(sysconfdir)/stunnel"'
+stunnel_CPPFLAGS += -DPIDFILE='"$(localstatedir)/run/stunnel4.pid"'
# TLS library
stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto
--- a/src/options.c
+++ b/src/options.c
@@ -917,7 +917,7 @@
#ifndef USE_WIN32
switch(cmd) {
case CMD_BEGIN:
- new_global_options.pidfile=NULL; /* do not create a pid file */
+ new_global_options.pidfile=PIDFILE;
break;
case CMD_EXEC:
if(strcasecmp(opt, "pid"))
@@ -932,9 +932,10 @@
case CMD_FREE:
break;
case CMD_DEFAULT:
+ s_log(LOG_NOTICE, "%-22s = %s", "pid", PIDFILE);
break;
case CMD_HELP:
- s_log(LOG_NOTICE, "%-22s = pid file", "pid");
+ s_log(LOG_NOTICE, "%-22s = pid file (empty to disable creating)", "pid");
break;
}
#endif

16
debian/patches/05-author-tests.patch vendored Normal file
View File

@ -0,0 +1,16 @@
Description: Only build the Win32 executables if requested.
Author: Peter Pentchev <roam@ringlet.net>
Forwarded: not yet
Last-Update: 2015-11-11
--- a/configure.ac
+++ b/configure.ac
@@ -8,7 +8,7 @@
AC_CONFIG_SRCDIR([src/stunnel.c])
AM_INIT_AUTOMAKE
-AM_CONDITIONAL([AUTHOR_TESTS], [test -d ".git"])
+AM_CONDITIONAL([AUTHOR_TESTS], [test -n "$AUTHOR_TESTS"])
AC_CANONICAL_HOST
AC_SUBST([host])
AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description])

71
debian/patches/07-path-max.patch vendored Normal file
View File

@ -0,0 +1,71 @@
Description: Allocate the config filename dynamically.
Avoid the use of PATH_MAX which may not be defined.
Forwarded: not-yet
Author: Peter Pentchev <roam@ringlet.net>
Last-Update: 2017-07-03
--- a/src/common.h
+++ b/src/common.h
@@ -94,7 +94,6 @@
typedef int ssize_t;
#endif /* _WIN64 */
#endif /* !__MINGW32__ */
-#define PATH_MAX MAX_PATH
#define USE_IPv6
#define _CRT_SECURE_NO_DEPRECATE
#define _CRT_NONSTDC_NO_DEPRECATE
--- a/src/options.c
+++ b/src/options.c
@@ -211,7 +211,7 @@
NOEXPORT char **argalloc(char *);
#endif
-char configuration_file[PATH_MAX];
+char *configuration_file;
GLOBAL_OPTIONS global_options;
SERVICE_OPTIONS service_options;
@@ -289,17 +289,27 @@
}
#ifdef HAVE_REALPATH
+ char *nconf;
if(type==CONF_FILE) {
- if(!realpath(name, configuration_file)) {
+ nconf = realpath(name, NULL);
+ if(nconf == NULL) {
s_log(LOG_ERR, "Invalid configuration file name \"%s\"", name);
ioerror("realpath");
return 1;
}
- return options_parse(type);
- }
+ free(configuration_file);
+ } else
#endif
- strncpy(configuration_file, name, PATH_MAX-1);
- configuration_file[PATH_MAX-1]='\0';
+ {
+ size_t sz = strlen(name) + 1;
+ nconf = realloc(configuration_file, sz);
+ if(nconf == NULL) {
+ s_log(LOG_ERR, "Could not allocate memory");
+ return 1;
+ }
+ snprintf(nconf, sz, "%s", name);
+ }
+ configuration_file = nconf;
return options_parse(type);
}
--- a/src/prototypes.h
+++ b/src/prototypes.h
@@ -430,7 +430,7 @@
/**************************************** prototypes for options.c */
-extern char configuration_file[PATH_MAX];
+extern char *configuration_file;
extern unsigned number_of_sections;
int options_cmdline(char *, char *);

76
debian/patches/09-try-restart.patch vendored Normal file
View File

@ -0,0 +1,76 @@
Description: Implement try-restart in the SysV init script.
Forwarded: not-yet
Author: Peter Pentchev <roam@ringlet.net>
Last-Update: 2017-07-03
--- a/tools/stunnel.init.in
+++ b/tools/stunnel.init.in
@@ -137,6 +137,47 @@
exit "$res"
}
+restartrunningdaemons()
+{
+ local res file pidfile status args
+
+ res=0
+ for file in $FILES; do
+ echo -n " $file: "
+ pidfile=`get_pidfile "$file"`
+ if [ ! -e "$pidfile" ]; then
+ echo -n 'no pid file'
+ else
+ status=0
+ pidofproc -p "$pidfile" "$DAEMON" >/dev/null || status="$?"
+ if [ "$status" = 0 ]; then
+ echo -n 'stopping'
+ killproc -p "$pidfile" "$DAEMON" "$sig" || status="$?"
+ if [ "$status" -eq 0 ]; then
+ echo -n ' starting'
+ args="$file $OPTIONS"
+ start_daemon -p "$pidfile" "$DAEMON" $args || status="$?"
+ if [ "$status" -eq 0 ]; then
+ echo -n ' started'
+ else
+ echo ' failed'
+ res=1
+ fi
+ else
+ echo -n ' failed'
+ res=1
+ fi
+ elif [ "$status" = 4 ]; then
+ echo "cannot access the pid file $pidfile"
+ else
+ echo -n 'stopped'
+ fi
+ fi
+ done
+ echo ''
+ exit "$res"
+}
+
if [ "x$OPTIONS" != "x" ]; then
OPTIONS="-- $OPTIONS"
fi
@@ -194,6 +235,11 @@
killdaemons && startdaemons
res=$?
;;
+ try-restart)
+ echo -n "Restarting $DESC if running:"
+ restartrunningdaemons
+ res=$?
+ ;;
status)
echo -n "$DESC status:"
querydaemons
@@ -201,7 +247,7 @@
;;
*)
N=@sysconfdir@/init.d/$NAME
- echo "Usage: $N {start|stop|status|reload|reopen-logs|restart} [<stunnel instance>]" >&2
+ echo "Usage: $N {start|stop|status|reload|reopen-logs|restart|try-restart} [<stunnel instance>]" >&2
res=1
;;
esac

7
debian/patches/series vendored Normal file
View File

@ -0,0 +1,7 @@
01-fix-paths.patch
02-rename-binary.patch
03-runas-user.patch
04-restore-pidfile-default.patch
05-author-tests.patch
07-path-max.patch
09-try-restart.patch

67
debian/postinst vendored Normal file
View File

@ -0,0 +1,67 @@
#!/bin/sh
set -e
USER="stunnel4"
CHOWN="/bin/chown"
#USERDEL="/usr/sbin/userdel"
ADDUSER="/usr/sbin/adduser"
ID="/usr/bin/id"
GROUPMOD="/usr/sbin/groupmod"
#GROUPDEL="/usr/sbin/groupdel"
###
# 1. get current stunnel uid and gid if user exists.
set -e
if $ID $USER > /dev/null 2>&1; then
IUID=`$ID --user $USER`
IGID=`$ID --group $USER`
else
IUID="NONE"
IGID="NONE"
fi
###
# 2. Ensure that no standard account or group will remain before adding the
# new user
#if [ "$IUID" != "NONE" ]; then # remove existing user
# $USERDEL $USER
#fi
#if $GROUPMOD $USER > /dev/null 2>&1; then
# $GROUPDEL $USER;
#fi
if [ "$IUID" = "NONE" ]; then
$ADDUSER --system --disabled-password --disabled-login \
--home /var/run/stunnel4 \
--no-create-home --group $USER
fi
# /var/run/stunnel4 is not a directory, create it...
if ! test -d /var/run/stunnel4; then
rm -rf /var/run/stunnel4;
mkdir /var/run/stunnel4
fi
$CHOWN $USER:$USER /var/run/stunnel4 || true
# /var/log/stunnel4 is not a directory, create it...
if ! test -d /var/log/stunnel4; then
rm -rf /var/log/stunnel4;
mkdir /var/log/stunnel4
fi
$CHOWN -R $USER:$USER /var/log/stunnel4
# /var/lib/stunnel4 is not a directory, create it...
if ! test -d /var/lib/stunnel4; then
rm -rf /var/lib/stunnel4;
mkdir /var/lib/stunnel4
fi
$CHOWN -R $USER:$USER /var/lib/stunnel4
if ! test -f /var/log/stunnel4/stunnel.log; then
touch /var/log/stunnel4/stunnel.log
$CHOWN -R $USER:$USER /var/log/stunnel4/stunnel.log
fi
#DEBHELPER#

17
debian/postrm vendored Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh
set -e
if [ x$1 = "xpurge" ]; then
echo You may want to delete the generated stunnel.pem file
echo in /etc/ssl/certs.
# Remove chroot dir if present. It may contain logfiles
rm -rf /var/lib/stunnel4 || true
# Log files must be removed on purge (Policy 10.8)
rm -f /var/log/stunnel4/stunnel.log* || true
rmdir /var/log/stunnel4 || true
fi
#DEBHELPER#

79
debian/rules vendored Executable file
View File

@ -0,0 +1,79 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# debian/rules file for the Debian GNU/Linux stunnel package
# Copyright 2003 by Julien LEMOINE <speedblue@debian.org>
# Copyright 2014 by Peter Pentchev <roam@ringlet.net>
ifeq (,$(filter nodoc,$(DEB_BUILD_OPTIONS) $(DEB_BUILD_PROFILES)))
DEB_NODOC=0
else
DEB_NODOC=1
endif
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
export DEB_CFLAGS_MAINT_APPEND=-Wall
multiarch_path= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
override_dh_auto_configure:
dh_auto_configure -- \
--enable-ipv6 --with-threads=pthread
override_dh_auto_install:
dh_auto_install -- -C src
ifeq ($(DEB_NODOC),0)
dh_auto_install -- -C doc
endif
# .la file is useless
rm $(CURDIR)/debian/stunnel4/usr/lib/$(multiarch_path)/stunnel/libstunnel.la
# Rename binary
mv $(CURDIR)/debian/stunnel4/usr/bin/stunnel \
$(CURDIR)/debian/stunnel4/usr/bin/stunnel4
# Copy sample init script into place for dh_installinit
cp $(CURDIR)/tools/stunnel.init $(CURDIR)/debian/stunnel4.init
ifeq ($(DEB_NODOC),0)
ln doc/stunnel.8 doc/stunnel4.8
ln doc/stunnel.pl.8 doc/stunnel4.pl.8
# Manpages will be installed by dh_installman
rm -rf $(CURDIR)/debian/stunnel4/usr/share/man
# Move docs into proper dir
mv $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel \
$(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4
# Basic docs for the user on how to create an initial configuration
install -p -m 0644 $(CURDIR)/debian/stunnel4.conf.README \
$(CURDIR)/debian/stunnel4/etc/stunnel/README
endif
ifeq ($(DEB_NODOC),1)
override_dh_installdocs:
mkdir -p $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4
install -c -o root -g root -m 644 $(CURDIR)/debian/copyright $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4/
override_dh_installman:
override_dh_link:
dh_link
rm $(CURDIR)/debian/stunnel4/usr/share/man/man8/stunnel.8.gz
rmdir $(CURDIR)/debian/stunnel4/usr/share/man/man8
rmdir $(CURDIR)/debian/stunnel4/usr/share/man
endif
override_dh_installppp:
dh_installppp --name=0stunnel4
override_dh_compress:
dh_compress --exclude=StunnelConf-0.1.pl
%:
dh $@

1
debian/source/format vendored Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

510
debian/stunnel3.8 vendored Normal file
View File

@ -0,0 +1,510 @@
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
.\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "STUNNEL 1"
.TH STUNNEL 8 "2003-08-01" " " " "
.SH "NAME"
stunnel \- universal SSL tunnel
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBstunnel\fR [\-c\ |\ \-T] [\-D\ [facility.]level] [\-O\ a|l|r:option=value[:value]] [\-o\ file] [\-C\ cipherlist] [\-p\ pemfile] [\-v\ level] [\-A\ certfile] [\-S\ sources] [\-a\ directory] [\-t\ timeout] [\-u\ ident_username] [\-s\ setuid_user]
[\-g\ setgid_group] [\-n\ protocol] [\-P\ {\ filename\ |\ ''\ }\ ] [\-B\ bytes] [\-R\ randfile] [\-W] [\-E\ socket] [\-I\ host]
[\-d\ [host:]port\ [\-f]\ ] [\ \-r\ [host:]port\ |\ {\ \-l\ |\ \-L\ }\ program\ [\-\-\ progname\ args]\ ]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBstunnel\fR program is designed to work as \fI\s-1SSL\s0\fR encryption
wrapper between remote clients and local (\fIinetd\fR\-startable) or
remote servers. The concept is that having non-SSL aware daemons
running on your system you can easily set them up to communicate with
clients over secure \s-1SSL\s0 channels.
.PP
\&\fBstunnel\fR can be used to add \s-1SSL\s0 functionality to commonly used
\&\fIinetd\fR daemons like \s-1POP\-2\s0, \s-1POP\-3\s0, and \s-1IMAP\s0 servers, to standalone
daemons like \s-1NNTP\s0, \s-1SMTP\s0 and \s-1HTTP\s0, and in tunneling \s-1PPP\s0 over network
sockets without changes to the source code.
.PP
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com)
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-h\fR" 4
.IX Item "-h"
Print stunnel help menu
.IP "\fB\-D\fR level" 4
.IX Item "-D level"
Debugging level
.Sp
Level is a one of the syslog level names or numbers emerg (0), alert
(1), crit (2), err (3), warning (4), notice (5), info (6), or debug
(7). All logs for the specified level and all levels numerically less
than it will be shown. Use \-D debug or \-D 7 for greatest debugging
output. The default is notice (5).
.Sp
The syslog facility 'daemon' will be used unless a facility name is
supplied. (Facilities are not supported on windows.)
.Sp
Case is ignored for both facilities and levels.
.IP "\fB\-O\fR a|l|r:option=value[:value]" 4
.IX Item "-O a|l|r:option=value[:value]"
Set an option on accept/local/remote socket
.Sp
The values for linger option are l_onof:l_linger. The values for time
are tv_sec:tv_usec.
.Sp
\&\fBExamples:\fR
.Sp
\&\fB\-O l:SO_LINGER=1:60\fR \- set one minute timeout for closing local
socket
.Sp
\&\fB\-O r:TCP_NODELAY=1\fR \- turn off the Nagle algorithm for remote
sockets
.Sp
\&\fB\-O r:SO_OOBINLINE=1\fR \- place out-of-band data directly into the
receive data stream for remote sockets
.Sp
\&\fB\-O a:SO_REUSEADDR=0\fR \- disable address reuse (enabled by default)
.Sp
\&\fB\-O a:SO_BINDTODEVICE=lo\fR \- only accept connections on loopback
interface
.Sp
The available options and their defaults are:
Option Accept Local Remote OS default
SO_DEBUG -- -- -- 0
SO_DONTROUTE -- -- -- 0
SO_KEEPALIVE -- -- -- 0
SO_LINGER -- -- -- 0:0
SO_OOBINLINE -- -- -- 0
SO_RCVBUF -- -- -- 87380
SO_SNDBUF -- -- -- 16384
SO_RCVLOWAT -- -- -- 1
SO_SNDLOWAT -- -- -- 1
SO_RCVTIMEO -- -- -- 0:0
SO_SNDTIMEO -- -- -- 0:0
SO_REUSEADDR 1 -- -- 0
SO_BINDTODEVICE -- -- -- --
IP_TOS -- -- -- 0
IP_TTL -- -- -- 64
TCP_NODELAY -- -- -- 0
.IP "\fB\-o\fR file" 4
.IX Item "-o file"
Append log messages to a file.
.IP "\fB\-C\fR cipherlist" 4
.IX Item "-C cipherlist"
Select permitted \s-1SSL\s0 ciphers
.Sp
A colon delimited list of the ciphers to allow in the \s-1SSL\s0 connection.
For example \s-1DES\-CBC3\-SHA:IDEA\-CBC\-MD5\s0
.IP "\fB\-c\fR" 4
.IX Item "-c"
client mode (remote service uses \s-1SSL\s0)
.Sp
default: server mode
.IP "\fB\-T\fR" 4
.IX Item "-T"
transparent proxy mode
.Sp
Re-write address to appear as if wrapped daemon is connecting from the
\&\s-1SSL\s0 client machine instead of the machine running stunnel. Available
only on some operating systems (Linux only, we believe) and then only
in server mode. Note that this option will not combine with proxy mode
(\-r) unless the client's default route to the target machine lies
through the host running stunnel, which cannot be localhost.
.IP "\fB\-p\fR pemfile" 4
.IX Item "-p pemfile"
private key and certificate chain \s-1PEM\s0 file name
.Sp
A \s-1PEM\s0 is always needed in server mode (by default located in
\fI/etc/stunnel/stunnel.pem\fR). Specifying this flag in client mode
will use this key and certificate chain as a client side certificate
chain. Using client side certs is optional. The certificates must be
in \s-1PEM\s0 format and must be sorted starting with the certificate
to the highest level (root \s-1CA\s0).
.IP "\fB\-v\fR level" 4
.IX Item "-v level"
verify peer certificate
.RS 4
.IP "\(bu" 8
level 1 \- verify peer certificate if present
.IP "\(bu" 8
level 2 \- verify peer certificate
.IP "\(bu" 8
level 3 \- verify peer with locally installed certificate
.IP "\(bu" 8
default \- no verify
.RE
.RS 4
.RE
.IP "\fB\-a\fR directory" 4
.IX Item "-a directory"
client certificate directory
.Sp
This is the directory in which stunnel will look for certificates when
using the \fI\-v\fR options. Note that the certificates in this directory
should be named \s-1XXXXXXXX\s0.0 where \s-1XXXXXXXX\s0 is the hash value of the
cert.
.IP "\fB\-A\fR certfile" 4
.IX Item "-A certfile"
Certificate Authority file
.Sp
This file contains multiple \s-1CA\s0 certificates, used with the \fI\-v\fR
options.
.IP "\fB\-t\fR timeout" 4
.IX Item "-t timeout"
session cache timeout
.Sp
default: 300 seconds.
.IP "\fB\-N\fR servicename" 4
.IX Item "-N servicename"
Service name to use for tcpwrappers. If not specified then a
tcpwrapper service name will be generated automatically for you. This
will also be used when auto-generating pid filenames.
.IP "\fB\-u\fR ident_username" 4
.IX Item "-u ident_username"
Use \s-1IDENT\s0 (\s-1RFC\s0 1413) username checking
.IP "\fB\-n\fR proto" 4
.IX Item "-n proto"
Negotiate \s-1SSL\s0 with specified protocol
.Sp
currently supported: smtp, pop3, nntp
.IP "\fB\-E\fR socket" 4
.IX Item "-E socket"
Entropy Gathering Daemon socket to use to feed OpenSSL random number
generator. (Available only if compiled with OpenSSL 0.9.5a or higher)
.IP "\fB\-R\fR filename" 4
.IX Item "-R filename"
File containing random input. The \s-1SSL\s0 library will use data from this
file first to seed the random number generator.
.IP "\fB\-W\fR" 4
.IX Item "-W"
Do not overwrite the random seed files with new random data.
.IP "\fB\-B\fR bytes" 4
.IX Item "-B bytes"
Number of bytes of data read from random seed files. With \s-1SSL\s0
versions less than 0.9.5a, also determines how many bytes of data are
considered sufficient to seed the \s-1PRNG\s0. More recent OpenSSL versions
have a builtin function to determine when sufficient randomness is
available.
.IP "\fB\-I\fR host" 4
.IX Item "-I host"
\&\s-1IP\s0 of the outgoing interface is used as source for remote connections.
Use this option to bind a static local \s-1IP\s0 address, instead.
.IP "\fB\-d\fR [host:]port" 4
.IX Item "-d [host:]port"
daemon mode
.Sp
Listen for connections on [host:]port. If no host specified, defaults
to all \s-1IP\s0 addresses for the local host.
.Sp
default: inetd mode
.IP "\fB\-f\fR" 4
.IX Item "-f"
foreground mode
.Sp
Stay in foreground (don't fork) and log to stderr instead of via
syslog (unless \-o is specified).
.Sp
default: background in daemon mode
.IP "\fB\-l\fR program [\-\- programname [arg1 arg2 arg3...] ]" 4
.IX Item "-l program [-- programname [arg1 arg2 arg3...] ]"
execute local inetd-type program.
.IP "\fB\-L\fR program [\-\- programname [arg1 arg2 arg3...] ]" 4
.IX Item "-L program [-- programname [arg1 arg2 arg3...] ]"
open local pty and execute program.
.IP "\fB\-s\fR username" 4
.IX Item "-s username"
\&\fIsetuid()\fR to username in daemon mode
.IP "\fB\-g\fR groupname" 4
.IX Item "-g groupname"
\&\fIsetgid()\fR to groupname in daemon mode. Clears all other groups.
.IP "\fB\-P\fR { file | '' }" 4
.IX Item "-P { file | '' }"
Pid file location
.Sp
If the argument is a filename, then that filename will be used for the
pid. If the argument is empty ('', not missing), then no pid file will
be created.
.IP "\fB\-r\fR [host:]port" 4
.IX Item "-r [host:]port"
connect to remote service
.Sp
If no host specified, defaults to localhost.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
In order to provide \s-1SSL\s0 encapsulation to your local \fIimapd\fR service,
use
.PP
.Vb 1
\& stunnel \-d 993 \-l /usr/sbin/imapd \-\- imapd
.Ve
.PP
In order to let your local e-mail client connect to a \s-1SSL\s0-enabled
\fIimapd\fR service on another server, configure the e-mail client to connect to
localhost on port 119 and use:
.PP
.Vb 1
\& stunnel \-c \-d 143 \-r servername:993
.Ve
.PP
If you want to provide tunneling to your \fIpppd\fR daemon on port 2020,
use something like
.PP
.Vb 1
\& stunnel \-d 2020 \-L /usr/sbin/pppd \-\- pppd local
.Ve
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
If Stunnel is used to create local processes using the \fB\-l\fR or \fB\-L\fR
options, it will set the following environment variables
.IP "\s-1REMOTE_HOST\s0" 4
.IX Item "REMOTE_HOST"
The \s-1IP\s0 address of the remote end of the connection.
.IP "\s-1SSL_CLIENT_DN\s0" 4
.IX Item "SSL_CLIENT_DN"
The \s-1DN\s0 (Distinguished Name, aka subject name) of the peer certificate,
if a certificate was present and verified.
.IP "\s-1SSL_CLIENT_I_DN\s0" 4
.IX Item "SSL_CLIENT_I_DN"
The Issuer's \s-1DN\s0 of the peer's certificate, if a certificate was
present and verified.
.SH "CERTIFICATES"
.IX Header "CERTIFICATES"
.IP "\(bu" 4
Each \s-1SSL\s0 enabled daemon needs to present a valid X.509 certificate to
the peer. It also needs a private key to decrypt the incoming data.
The easiest way to obtain a certificate and a key is to generate them
with the free \fIopenssl\fR package. You can find more information on
certificates generation on pages listed below.
.Sp
Two things are important when generating certificate-key pairs for
\&\fBstunnel\fR. The private key cannot be encrypted, because the server
has no way to obtain the password from the user. To produce an
unencrypted key add the \fI\-nodes\fR option when running the \fBreq\fR
command from the \fIopenssl\fR kit.
.Sp
The order of contents of the \fI.pem\fR file is also important. It should
contain the unencrypted private key first, then a signed certificate
(not certificate request). There should be also empty lines after
certificate and private key. Plaintext certificate information
appended on the top of generated certificate should be discarded. So
the file should look like this:
.Sp
.Vb 8
\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
\& [encoded key]
\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
\& [empty line]
\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
\& [encoded certificate]
\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
\& [empty line]
.Ve
.SH "RANDOMNESS"
.IX Header "RANDOMNESS"
.IP "\(bu" 4
\&\fIstunnel\fR needs to seed the \s-1PRNG\s0 (pseudo random number generator) in
order for \s-1SSL\s0 to use good randomness. The following sources are
loaded in order until sufficient random data has been gathered:
.RS 4
.IP "\(bu" 8
The file specified with the \fI\-R\fR flag.
.IP "\(bu" 8
The file specified by the \s-1RANDFILE\s0 environment variable, if set.
.IP "\(bu" 8
The file .rnd in your home directory, if \s-1RANDFILE\s0 not set.
.IP "\(bu" 8
The file specified with '\-\-with\-random' at compile time.
.IP "\(bu" 8
The contents of the screen if running on Windows.
.IP "\(bu" 8
The egd socket specified with the \fI\-E\fR flag.
.IP "\(bu" 8
The egd socket specified with '\-\-with\-egd\-sock' at compile time.
.IP "\(bu" 8
The /dev/urandom device.
.RE
.RS 4
.Sp
With recent (>=OpenSSL 0.9.5a) version of \s-1SSL\s0 it will stop loading
random data automatically when sufficient entropy has been gathered.
With previous versions it will continue to gather from all the above
sources since no \s-1SSL\s0 function exists to tell when enough data is
available.
.Sp
Note that on Windows machines that do not have console user
interaction (mouse movements, creating windows, etc) the screen
contents are not variable enough to be sufficient, and you should
provide a random file for use with the \fI\-R\fR flag.
.Sp
Note that the file specified with the \fI\-R\fR flag should contain random
data \*(-- that means it should contain different information each time
\&\fIstunnel\fR is run. This is handled automatically unless the \fI\-W\fR
flag is used. If you wish to update this file manually, the \fIopenssl
rand\fR command in recent versions of OpenSSL, would be useful.
.Sp
One important note \*(-- if /dev/urandom is available, OpenSSL has a
habit of seeding the \s-1PRNG\s0 with it even when checking the random state,
so on systems with /dev/urandom you're likely to use it even though
it's listed at the very bottom of the list above. This isn't
stunnel's behaviour, it's OpenSSLs.
.RE
.SH "LIMITATIONS"
.IX Header "LIMITATIONS"
.IP "\(bu" 4
\&\fIstunnel\fR cannot be used for the \s-1FTP\s0 daemon because of the nature of
the \s-1FTP\s0 protocol which utilizes multiple ports for data transfers.
There are available \s-1SSL\s0 enabled versions of \s-1FTP\s0 and telnet daemons,
however.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
.RS 4
.IP "\fItcpd\fR\|(8)" 8
.IX Item "tcpd"
access control facility for internet services
.IP "\fIinetd\fR\|(8)" 8
.IX Item "inetd"
internet ``super\-server''
.IP "\fIhttps://www.stunnel.org/\fR" 8
.IX Item "https://www.stunnel.org/"
Stunnel homepage
.IP "\fIhttps://www.openssl.org/\fR" 8
.IX Item "https://www.openssl.org/"
OpenSSL project website
.RE
.RS 4
.RE
.SH "AUTHOR"
.IX Header "AUTHOR"
.RS 4
.IP "Michal Trojnara" 8
.IX Item "Michal Trojnara"
<\fIMichal.Trojnara@stunnel.org\fR>
.RE
.RS 4
.RE

9
debian/stunnel4.0stunnel4.ppp.ip-down vendored Normal file
View File

@ -0,0 +1,9 @@
#!/bin/sh
# if this script gets called, we assume that the machine has lost
# IPv4 connectivity -> restart stunnel (do not stop it, it is possible
# to have a eth connection)
test -f /etc/default/stunnel4 && . /etc/default/stunnel4
test "$PPP_RESTART" != "0" || exit 0
invoke-rc.d stunnel4 restart

7
debian/stunnel4.0stunnel4.ppp.ip-up vendored Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
test -f /etc/default/stunnel4 && . /etc/default/stunnel4
test "$PPP_RESTART" != "0" || exit 0
invoke-rc.d stunnel4 restart

96
debian/stunnel4.NEWS vendored Normal file
View File

@ -0,0 +1,96 @@
stunnel4 (3:5.06-1) unstable; urgency=medium
There are two major changes in this version of stunnel.
First, the /usr/bin/stunnel symlink has been switched from stunnel3
to stunnel4. This should not affect any tools that invoke stunnel
using the stunnel4 name, and it should not affect any Debian packages
that use stunnel. However, any local tools that invoke stunnel with
3.x-style command-line options instead of a 4.x-style configuration
file should make sure that they use the stunnel3 executable name and
not simply stunnel any more, or they should be converted to use
a 4.x-style configuration file (there is no need to create an actual
file on the filesystem, the configuration may be passed to stunnel
on its standard input using the "-fd 0" command-line option).
Second, this version DISABLES support for the SSLv2 and SSLv3 protocols!
If needed, it may be re-enabled by editing the stunnel configuration
file and adding "-NO_SSLv2" or "-NO_SSLv3" respectively to
the "options" setting; see /etc/stunnel/README for an example.
-- Peter Pentchev <roam@ringlet.net> Thu, 16 Oct 2014 13:56:35 +0300
stunnel4 (3:5.01-3) unstable; urgency=medium
This version temporarily brings back the creation of a default pid
file, /var/run/stunnel4.pid, if there is no "pid" setting in
the configuration file. The reason for this is that the init script
cannot monitor the started stunnel processes if there is no pid file
at all.
The init script now warns about configuration files that have no
"pid" setting and will thus use the default pid file location.
In the future it will refuse to start with such configurations, so
it would be best to add the "pid" setting to all the *.conf files in
the /etc/stunnel/ directory.
-- Peter Pentchev <roam@ringlet.net> Fri, 18 Apr 2014 14:37:42 +0300
stunnel (3:5.01-2) unstable; urgency=medium
This version DISABLES the RLE compression method, too. This means
that stunnel currently has no compression methods available at all,
since the underlying OpenSSL library does not have any, either.
Tunnel configurations that explicitly set "compression" will NEED
to be modified.
-- Peter Pentchev <roam@ringlet.net> Mon, 14 Apr 2014 15:04:56 +0300
stunnel (3:5.01-1) unstable; urgency=medium
This version DISABLES the creation of the process ID file and
the use of TCP wrappers for access control by default!
Tunnel configurations that use PID files (e.g. for monitoring) or
TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) will NEED to be
modified to explicitly specify the 'pidfile' global option or
the 'libwrap' service-level option respectively.
This version also DISABLES the "zlib" and "deflate" compression
algorithms because they are not supported in the Debian OpenSSL
package since version 1.0.1e-5. The only supported compression
algorithm is "rle". Tunnel configurations that explicitly set
"compression" to something other than "rle" will NEED to be modified.
-- Peter Pentchev <roam@ringlet.net> Tue, 25 Mar 2014 18:05:11 +0200
stunnel (3:4.33-1) experimental; urgency=low
This version introduces support for reloading the configuration file
and for closing/reopening log files. The init script has been
updated to provide these options, and the default logrotate
configuration has been updated to take advantage of them.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 04 Feb 2010 19:52:23 -0800
stunnel (3:4.28-1) unstable; urgency=low
The default behaviour of the logrotate configuration for stunnel4
has been changed. Instead of restarting stunnel after rotating the
log files we now use the 'copytruncate' keyword. This avoids the
problems associated with the restart, but introduces the possibility
of loosing small amounts of log data. Please see Debian bugs
#535915, #535924 and #323171 for more info.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 25 Nov 2009 17:12:42 -0800
stunnel (2:4.140-5) unstable; urgency=low
stunnel/stunnel4 binaries are located in /usr/bin instead of
/usr/sbin in order to be FHS compliant (they can be used by normal
user). You need to update your scripts to refer to this new location
-- Julien Lemoine <speedblue@debian.org> Sun, 19 Feb 2006 17:31:24 +0100

13
debian/stunnel4.conf.README vendored Normal file
View File

@ -0,0 +1,13 @@
Stunnel 4 configuration files.
Files found under the /etc/stunnel directory that end with .conf are
used by the stunnel4 service as configuration files, and each will be
used to start a daemon process setting up a tunnel with the given
configuration. Note that this directory is initially empty, as the
settings you may want for your tunnels are completely system dependent.
In order to have the tunnels start up automatically on system boot you
must *also* set ENABLED to 1 in /etc/default/stunnel4
A sample configuration file with defaults may be found at
/usr/share/doc/stunnel4/examples/stunnel.conf-sample

18
debian/stunnel4.default vendored Normal file
View File

@ -0,0 +1,18 @@
# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003
# Change to one to enable stunnel automatic startup
ENABLED=0
FILES="/etc/stunnel/*.conf"
OPTIONS=""
# Change to one to enable ppp restart scripts
PPP_RESTART=0
# Change to enable the setting of limits on the stunnel instances
# For example, to set a large limit on file descriptors (to enable
# more simultaneous client connections), set RLIMITS="-n 4096"
# More than one resource limit may be modified at the same time,
# e.g. RLIMITS="-n 4096 -d unlimited"
RLIMITS=""

6
debian/stunnel4.examples vendored Normal file
View File

@ -0,0 +1,6 @@
tools/ca.html
tools/ca.pl
tools/importCA.html
tools/importCA.sh
tools/openssl.cnf
tools/stunnel.conf-sample

1
debian/stunnel4.install vendored Normal file
View File

@ -0,0 +1 @@
debian/StunnelConf-0.1.pl usr/share/doc/stunnel4/contrib

2
debian/stunnel4.links vendored Normal file
View File

@ -0,0 +1,2 @@
/usr/bin/stunnel4 /usr/bin/stunnel
/usr/share/man/man8/stunnel4.8.gz /usr/share/man/man8/stunnel.8.gz

5
debian/stunnel4.lintian-overrides vendored Normal file
View File

@ -0,0 +1,5 @@
# No character arrays anywhere in this .so
stunnel4: hardening-no-stackprotector usr/lib/stunnel/libstunnel.so
# Not a typo at all.
stunnel4: spelling-error-in-manpage usr/share/man/man8/stunnel4.8.gz CAs Case

13
debian/stunnel4.logrotate vendored Normal file
View File

@ -0,0 +1,13 @@
/var/log/stunnel4/*.log {
daily
missingok
rotate 365
compress
delaycompress
notifempty
create 640 stunnel4 stunnel4
sharedscripts
postrotate
/etc/init.d/stunnel4 reopen-logs > /dev/null
endscript
}

3
debian/stunnel4.manpages vendored Normal file
View File

@ -0,0 +1,3 @@
doc/stunnel4.8
doc/stunnel4.pl.8
debian/stunnel3.8

21
debian/tests/certs/certificate.pem vendored Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIJAPFcHvXjRYbZMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
BAYTAkJHMQ4wDAYDVQQIDAVTb2ZpYTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoM
B1JpbmdsZXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzA2MTIyMzAzMjdaFw0y
NzA2MTAyMzAzMjdaMFMxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2ZpYTEOMAwG
A1UEBwwFU29maWExEDAOBgNVBAoMB1JpbmdsZXQxEjAQBgNVBAMMCWxvY2FsaG9z
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp0QYS6IZ1To2h68NcZ
zmnAQfzodFcD7Lhp2CcDOBXRrKfPq1NUqUXMGvcHcPbmT84W2OGGfh11MKvksuof
4+juU4+1uujPJoOmREi7WjVzEVWUftvFUqeTigFz96EMsVui4UbTUxX6ACIsXXwg
v1b/rpyVZJvTucKsyP5ml5OXaPFe5mXUQtdaJsjpV4ikq4O9vcYdMt0Y8IVbxpCO
5CryW3KUHzBUS7uqO2nbLXZBOkJHCgxDawAlTeDRW/uJOl7nnSUgo0HiojG4qhY6
spYmQ9ijtj1vX5H2tsf97rZCbU5JMFqX8XcJgTWKTYHlxkBYbB6QkPyhiOXDo/M/
oJ8CAwEAAaNTMFEwHQYDVR0OBBYEFPwfXq4qd8stmvstPC3QdFL716XRMB8GA1Ud
IwQYMBaAFPwfXq4qd8stmvstPC3QdFL716XRMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBADkuMAUB2Uyx23oN9ZxZsAWOdJoSUIWs4qxc5eQ/qjj7
64zm62ZaVc8F6AyMYxHZvOKxvN/Pg19dSZelvTpgSqXLbirstRgsBCIXO2q6UYo2
BUpZovZ4DOll+sAbmrZJRDiVO1XeCqqjr0v0I7NfJ5r31K1tfaZxGovUdC+M3xJ6
yRrFWfF+EdlvVRFQt97mZXtcTDFWk7+CT6fgfLnCxTuMcSNtzM60FCBS5wz0MPSA
BGje1qXUMzwN2T0aDyxWNRdvFGMHC8Z23EOa3roK+NybS2PVAu7MpxDTBZdHSGtG
5wqY6fq5kww8OI9AlPNYVtqXrFrF6Lj5m/jhUHcAIUU=
-----END CERTIFICATE-----

28
debian/tests/certs/key.pem vendored Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKdEGEuiGdU6No
evDXGc5pwEH86HRXA+y4adgnAzgV0aynz6tTVKlFzBr3B3D25k/OFtjhhn4ddTCr
5LLqH+Po7lOPtbrozyaDpkRIu1o1cxFVlH7bxVKnk4oBc/ehDLFbouFG01MV+gAi
LF18IL9W/66clWSb07nCrMj+ZpeTl2jxXuZl1ELXWibI6VeIpKuDvb3GHTLdGPCF
W8aQjuQq8ltylB8wVEu7qjtp2y12QTpCRwoMQ2sAJU3g0Vv7iTpe550lIKNB4qIx
uKoWOrKWJkPYo7Y9b1+R9rbH/e62Qm1OSTBal/F3CYE1ik2B5cZAWGwekJD8oYjl
w6PzP6CfAgMBAAECggEAf+TrUuamv5WLoEAyDyCdVg7/YL6UaDfxfhpXU2XkM1xu
vuAg8haEjLRAwJdx1HdwKNgkEGx/FSroIV7ra53Tw11zalC6j8H1KauKbYv1k9hq
Ne8GKN3Btl0tDHfvEk1LaYE+4Rg036g8F1qBgB3L4jDJZN+3W/1n10SCALxcuv4G
XMJOcrhW3KBlEJpIBhz+ROPeiZX8VwB2iK7jg0Bebh7XuNFCFOiFqq6UfFRNeGBi
Ca9rZdUP0YmxNPEXzGu1TEv1edX0Nf3jRKERQrZ3Sg6ogPcqQSQ1VP052Hc0Tqpl
akrRrVMfbbQQIMc9JrxJmXb7/OHeS1R50Ci5x7weoQKBgQDwYSGSypJl6lWpgrm6
5HuIem0AK9gmOAyiR0UdjMwVybeHhcldK8ABFcsdUt7v84+kCKkRhEX//QWjowMF
0OJ2i7Y1VbdyNd7exPW5zmYAiBX+oR3JKMekjPRCUamg5P2fSrVqDHvz7WU7hoQb
0jcIu8kwtPjw5uz13OWWbmEjTwKBgQDXnDZ0nQoXUO8VkNYaWQzukIcKdB71v2DZ
KiaJvPFjTGPUwwd/kEcU7/wMet4UKff4XjOaX+f2tFZm+vrYs6RfqnLlRFlkhKJZ
HColltm8KV6w+LnwkPUuY4HnDJepU6eBC2wtGPU1n1YXCwgDL+MTIpLFuveQ9w/N
wTRP3USZsQKBgDy9Tm55IWT/QYYDskq3UT+7L6/LZGLD5u1adOxyl18qCWYFOEyC
sZGUoC5YslyPfsxEI/R5J/b3SGWA21Ks5Yxu4Su47RG+6wH/YtgAf2XC/UvKCmy6
EThTJaVcXTB6rFuD1TNm1Cte4SWZZ+hfxeg/CydzkzPMJjQ6DQll+sWhAoGBAKJj
tV//JyqIeonznE4b4/GKSStGaksM6RSm+n+jHut7DXWhrnQVZnQOi/eaUsk9Etat
nJAYy8yz5p+JSIUOSC8FYaPr5qgefWhAHj5Rb4yYXAlOTD0z8HYP3Db49QFDUFWR
FNiig4zvhRe150L/PjebQpBKUUuNyQlfCtdb/98BAoGARMZNl+0FEzw714ataoWk
1IPoe7oIzaoYTqPcpQT0AGOdfYRS3ffJFe2Foa0K7MVyxNA/OjyheYVtD2IgmoTv
WkRr6xM4nphza595yB5q+psKwOdQvP5XsyiJOXDixzn+yFIqrdQlmBNZHT1z/jwr
oBRWtTVO2aX5pBUjvBu3eQ0=
-----END PRIVATE KEY-----

6
debian/tests/control vendored Normal file
View File

@ -0,0 +1,6 @@
Test-Command: env TEST_STUNNEL=/usr/bin/stunnel4 debian/tests/runtime
Depends: @, perl, libanyevent-perl, libnet-ssleay-perl, libpath-tiny-perl
Restrictions: allow-stderr
Test-Command: debian/tests/upstream
Depends: @, netcat-traditional

647
debian/tests/runtime vendored Executable file
View File

@ -0,0 +1,647 @@
#!/usr/bin/perl
use v5.14;
use strict;
use warnings;
use AnyEvent;
use AnyEvent::Handle;
use AnyEvent::Socket qw(tcp_connect tcp_server);
use AnyEvent::Util qw(portable_socketpair);
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
use IO::Handle;
use Path::Tiny 0.097;
use POSIX qw(WNOHANG);
use Socket;
# AnyEvent's TLS support seems to require this...
use threads;
my %children;
my $child_reaper_w;
my $greeting = 'Well hello there!';
sub reap_leftover_children();
sub child_reaper();
sub register_child_reaper()
{
$child_reaper_w = AnyEvent->signal(
signal => 'CHLD',
cb => \&child_reaper,
);
$SIG{__DIE__} = sub {
my ($msg) = @_;
warn "__DIE__ handler invoked: ".($msg =~ s/[\r\n]*$//sr)."\n";
reap_leftover_children;
};
}
sub unregister_child_reaper()
{
undef $child_reaper_w;
}
sub child_reaper()
{
while (1) {
my $pid = waitpid -1, WNOHANG;
my $status = $?;
if (!defined $pid) {
die "Could not waitpid() in a SIGCHLD handler: $!\n";
} elsif ($pid == 0 || $pid == -1) {
last;
} else {
$children{$pid}{cv} //= AnyEvent->condvar;
$children{$pid}{cv}->send($status);
}
}
}
sub register_child($ $)
{
my ($pid, $desc) = @_;
# Weird, but we want it to be at least reasonably atomic-like
$children{$pid}{cv} //= AnyEvent->condvar;
my $ch = $children{$pid};
$ch->{pid} = $pid;
$ch->{desc} = $desc;
}
sub dump_children()
{
join '', map {
my $ch = $children{$_};
"\t$ch->{pid}\t".
($ch->{cv}->ready
? $ch->{cv}->recv
: '(none)'
).
"\t$ch->{desc}\n"
} sort { $a <=> $b } keys %children
}
sub wait_for_child($)
{
my ($pid) = @_;
if (!defined $children{$pid}) {
die "Internal error: wait_for_child() invoked for ".
"unregistered pid $pid\n".dump_children;
}
my $status = $children{$pid}{cv}->recv;
delete $children{$pid};
return $status;
}
sub reap_leftover_children()
{
say 'Oof, let us see if there are any children left';
if (!%children) {
say 'Everyone has been accounted for; great!';
return;
}
for my $pid (keys %children) {
my $ch = $children{$pid};
if ($ch->{cv}->ready) {
my $status = wait_for_child $pid;
say "Hm, child $pid seems to have finished already, status $status";
}
}
if (!%children) {
say 'Everyone has actually been accounted for; great!';
return;
}
for my $pid (keys %children) {
say "Pffth, sending a SIGKILL to $pid";
kill 'KILL', $pid;
}
for my $pid (keys %children) {
my $ch = $children{$pid};
if ($ch->{cv}->ready) {
wait_for_child $pid;
say "OK, $pid done";
}
}
# Bah, figure out some way to let the loop run even if we're within the loop...
if (%children) {
say 'Some children remaining, laying low for a second...';
sleep 1;
for my $pid (keys %children) {
say "- waiting for $pid ($children{$pid}{desc})";
wait_for_child $pid;
say "- OK, $pid done";
}
}
if (%children) {
say 'Something really weird happened, why are there still children around?';
say dump_children;
}
}
sub close_on_exec($ $)
{
my ($fh, $close) = @_;
my $flags = fcntl $fh, F_GETFD, 0 or
die "Could not obtain a file descriptor's flags: $!\n";
my $nflags = $close
? ($flags | FD_CLOEXEC)
: ($flags & ~FD_CLOEXEC);
fcntl $fh, F_SETFD, $nflags or
die "Could not set a file descriptor's flags: $!\n";
}
sub anyevent_socketpair($)
{
my ($name) = @_;
my ($fh1, $fh2) = portable_socketpair;
if (!defined $fh1) {
die "Could not create the $name socketpair: $!\n";
}
$fh1->autoflush(1);
$fh2->autoflush(1);
return (AnyEvent::Handle->new(fh => $fh1), AnyEvent::Handle->new(fh => $fh2));
}
sub find_listening_port($ $ $ $ $)
{
my ($address, $port_start, $step, $count, $cb) = @_;
my $res;
my $port = $port_start;
for (1..$count) {
eval {
$res = tcp_server $address, $port, $cb;
};
last if $res;
say "Could not listen on $address:$port: $@";
$port += $step;
}
if (!defined $res) {
die "Could not find a listening port on $address\n";
}
return ($port, $res);
}
my %conns;
sub register_client_connection($)
{
my ($fh) = @_;
my $sockaddr = getsockname $fh;
if (!defined $sockaddr) {
die "Could not obtain the local address of the just-connected socket: $!\n";
}
my ($port, $addr_num) = sockaddr_in $sockaddr;
if (!defined $port || !defined $addr_num) {
die "Could not decode the address and port from a sockaddr_in structure: $!\n";
}
my $addr = inet_ntoa $addr_num;
if (!defined $addr) {
die "Could not decode a numeric address: $!\n";
}
my $id = "$addr:$port";
$conns{$id}{cv} //= AnyEvent->condvar;
$conns{$id}{fh} //= $fh;
return $id;
}
sub await_client_connection($ $; $)
{
my ($lis_main, $cv, $skip_register) = @_;
my $die = sub {
warn "@_";
$cv->send(undef);
};
$lis_main->rtimeout(10);
$lis_main->on_rtimeout(sub { $die->("The listener's accept message timed out\n") });
$lis_main->push_read(line => sub {
my ($handle, $line) = @_;
if ($line !~ m{^ accept \s+ (?<id> \S+ ) $}x) {
return $die->("The accept server did not send an 'accept' message: $line\n");
}
my ($id) = $+{id};
$conns{$id}{cv} //= AnyEvent->condvar unless $skip_register;
$lis_main->rtimeout(10);
$lis_main->on_rtimeout(sub { $die->("The listener's close message timed out\n") });
$lis_main->push_read(line => sub {
my ($handle, $line) = @_;
if ($line !~ m{^ close \s+ (?<id> \S+ ) $}x) {
return $die->("The accept server did not send an 'close' message: $line\n");
}
my ($cid) = $+{id};
if ($cid ne $id) {
return $die->("The accept server's 'close' message had id '$cid' instead of the accepted one '$id'\n");
}
$lis_main->rtimeout(0);
$cv->send($id);
});
});
}
sub adopt_client_connection($ $)
{
my ($id, $opts) = @_;
my $w;
my $do_close = sub {
my ($err) = @_;
$w->push_shutdown;
$w->destroy;
undef $w;
undef $conns{$id}{handle};
#close $conns{$id}{fh};
if (defined $err) {
warn "$err\n";
$conns{$id}{cv}->send(undef);
} else {
$conns{$id}{cv}->send(1);
}
};
$w = AnyEvent::Handle->new(
fh => $conns{$id}{fh},
%{$opts}, # TLS or something?
on_error => sub {
my ($handle, $fatal, $message) = @_;
if (!$fatal) {
warn "A non-fatal error occurred reading from the $id connection: $message\n";
} else {
$do_close->("A fatal error occurred reading from the $id connection: $message");
}
},
rtimeout => 10,
on_rtimeout => sub {
$do_close->("Reading from the $id connection timed out");
},
);
$w->push_read(line => sub {
my ($handle, $line) = @_;
$w->rtimeout(0);
if ($line ne $greeting) {
$do_close->("The $id connection sent us a line that was not the greeting: expected '$greeting', got '$line'");
} else {
$do_close->(undef);
}
});
$conns{$id}{handle} = $w;
}
sub client_connect($ $ $)
{
my ($address, $port, $cv) = @_;
return tcp_connect $address, $port, sub {
my ($fh) = @_;
if (!defined $fh) {
die "Could not connect to the cleartext listening socket on $address:$port: $!\n";
}
my $id = register_client_connection $fh;
say "Connected to $address:$port, local $id";
$cv->send($id);
adopt_client_connection($id, {});
};
}
MAIN:
{
my $stunnel = $ENV{TEST_STUNNEL} // 'stunnel4';
my $test_done = AnyEvent->condvar;
my ($certsdir, $certfile, $keyfile);
for my $name (qw(certs debian/tests/certs)) {
my $dir = path($name);
if (-d $dir) {
$certfile = $dir->child('certificate.pem');
$keyfile = $dir->child('key.pem');
if (-f $certfile && -f $keyfile) {
$certsdir = path($dir);
last;
}
}
}
die "Could not locate the test certificates directory\n" unless defined $certsdir;
say "Found the certificate at $certfile and the private key at $keyfile";
my $tempdir = Path::Tiny->tempdir;
say "Using the $tempdir temporary directory";
register_child_reaper;
{
say 'About to get the stunnel version information';
pipe my $s_in, my $s_out or die "Could not create an fd pair: $!\n";
close_on_exec $s_in, 0;
close_on_exec $s_out, 0;
my $pid = fork;
if (!defined $pid) {
die "Could not fork for stunnel: $!\n";
} elsif ($pid == 0) {
open STDERR, '>&', $s_out or
die "Could not reopen stderr in the child process: $!\n";
close STDIN or
die "Could not close stdin in the child process: $!\n";
close STDOUT or
die "Could not close stdout in the child process: $!\n";
close $s_in or
die "Could not close the reader fd in the child process: $!\n";
exec $stunnel, '-version';
die "Could not execute '$stunnel': $!\n";
}
register_child $pid, "$stunnel -version";
close $s_out or
die "Could not close the writer fd in the parent process: $!\n";
my ($got_version, $before_version) = (undef, '');
my $eof = AnyEvent->condvar;
my $f_out = AnyEvent->io(
fh => $s_in,
poll => 'r',
cb => sub {
my $line = <$s_in>;
if (!defined $line) {
$eof->send($got_version);
} elsif (!$got_version) {
if ($line =~ m{^
stunnel \s+
(?<version> \d+ \. \S+)
\s+ on \s+
}x) {
$got_version = $+{version};
} else {
$before_version .= $line;
}
}
});
$eof->recv;
if ($before_version ne '') {
warn "stunnel produced output before the version number:\n$before_version\n";
}
if (!defined $got_version) {
die "Could not get the stunnel version number\n";
}
say "Got stunnel version $got_version";
my $status = wait_for_child $pid;
if ($status != 0) {
die "stunnel -version did not exit successfully, status $status\n";
}
}
my ($lis_listener, $lis_main) = anyevent_socketpair 'listener';
my $listen_address = '127.0.0.1';
my %listen_clear_conns;
my ($listen_clear_port, $listen_clear) = find_listening_port $listen_address, 6502, 200, 100, sub {
my ($fh, $host, $port) = @_;
my $id = "$host:$port";
say "Accepted a connection from $id";
$lis_listener->push_write("accept $id\n");
my $w;
my $do_close = sub {
$w->destroy;
delete $listen_clear_conns{$id};
};
$w = AnyEvent::Handle->new(
fh => $fh,
on_error => sub {
my ($handle, $fatal, $message) = @_;
warn "A ".($fatal ? 'fatal' : 'non-fatal').
"error occurred writing to the $id connection: $message\n";
$do_close->();
},
timeout => 10,
on_timeout => sub {
my ($handle) = @_;
warn "Writing to the $id connection timed out\n";
$do_close->();
},
on_read => sub {
my ($handle) = @_;
warn "The $id connection sent data to the server?!\n";
$do_close->();
},
on_eof => sub {
my ($handle) = @_;
say "Got an eof from $id, all seems well";
$do_close->();
$lis_listener->push_write("close $id\n");
},
);
$w->push_write("$greeting\n");
$w->push_shutdown;
$listen_clear_conns{$id} = $w;
};
say "Listening for cleartext connections on $listen_address:$listen_clear_port";
{
my $listener_test_id_cv = AnyEvent->condvar;
my $check_listen_clear = client_connect $listen_address, $listen_clear_port, $listener_test_id_cv;
my $id = $listener_test_id_cv->recv;
if (!defined $id) {
die "Could not connect to the cleartext server\n";
}
say "Got a local connection id $id";
my $listener_test_done = AnyEvent->condvar;
await_client_connection $lis_main, $listener_test_done;
say 'Waiting for the server to acknowledge a completed client connection';
my $sid = $listener_test_done->recv;
if (!defined $sid) {
die "The listener did not acknowledge the connection\n";
} elsif ($sid ne $id) {
die "The listener did not acknowledge the same connection: expected '$id', got '$sid'\n";
}
say 'Waiting for the client connection itself to report completion';
my $res = $conns{$id}{cv}->recv;
if (!defined $res) {
die "The client connection did not complete the chat with the cleartext server\n";
}
say 'Looks like we are done with the test cleartext connection!';
}
my $st_server_port;
{
my $dummy;
($st_server_port, $dummy) = find_listening_port $listen_address, 8086, 200, 100, sub {
my ($fh) = @_;
say "Eh, we really didn't expect a connection here, did we now...";
$fh->close;
};
say "Got listening port $st_server_port for the stunnel server";
undef $dummy;
say 'Let us hope this was enough to get stunnel to listen there...';
}
my ($st_pid, $st_logfile);
{
my $st_config = $tempdir->child('stunnel.conf');
$st_logfile = $tempdir->child('stunnel.log');
my $st_pidfile = $tempdir->child('stunnel.pid');
$st_config->spew_utf8(<<"EOCONF") or die "Could not create the $st_config stunnel config file: $!\n";
pid = $st_pidfile
foreground = yes
output = $st_logfile
cert = $certfile
key = $keyfile
[test]
accept = $listen_address:$st_server_port
connect = $listen_address:$listen_clear_port
EOCONF
say "Created the stunnel config file $st_config:\n======\n".$st_config->slurp_utf8.'======';
$st_pid = fork;
if (!defined $st_pid) {
die "Could not fork for the stunnel server: $!\n";
} elsif ($st_pid == 0) {
my @cmd = ($stunnel, $st_config);
exec { $cmd[0] } @cmd;
die "Could not execute '@cmd': $!\n";
}
say "Started the stunnel server, pid $st_pid";
register_child $st_pid, "stunnel server ($listen_address:$st_server_port)";
}
{
for my $iter (1..10) {
say "Trying a connection through stunnel, iteration $iter";
my $st_conn_cv = AnyEvent->condvar;
my $st_conn;
{
my $st_conn_attempts = 10;
my $st_conn_timer;
$st_conn_timer = AnyEvent->timer(after => 0.1, interval => 1, cb => sub {
say "Trying to connect to the stunnel server at $listen_address:$st_server_port";
$st_conn = tcp_connect $listen_address, $st_server_port, sub {
my ($fh) = @_;
if (!defined $fh) {
# FIXME: Eh, well, reschedule, right?
say "Could not connect to $listen_address:$st_server_port: $!";
if ($children{$st_pid}{cv}->ready) {
say 'Err, the stunnel process seems to have terminated';
undef $st_conn_timer;
$st_conn_cv->send(undef);
return;
}
$st_conn_attempts--;
if ($st_conn_attempts == 0) {
say 'Time after time...';
undef $st_conn_timer;
$st_conn_cv->send(undef);
return;
}
say 'Will retry in a little while';
return;
}
say '...connected!';
$st_conn_timer = undef;
$st_conn_cv->send($fh);
};
});
}
my $st_conn_fh = $st_conn_cv->recv;
if (!defined $st_conn_fh) {
my $log_text = (-f $st_logfile)
? "$st_logfile contents:\n".$st_logfile->slurp_utf8
: "(no log information)";
$log_text .= "\n" unless $log_text =~ /\n\Z/ms;
die "Could not connect to the stunnel service:\n$log_text";
}
my $id = register_client_connection $st_conn_fh;
say "Registered a client connection as $id";
adopt_client_connection $id, { tls => 'connect', };
say 'Waiting for the cleartext listener to receive this connection';
my $stunnel_test_done = AnyEvent->condvar;
await_client_connection $lis_main, $stunnel_test_done, 1;
my $sid = $stunnel_test_done->recv;
if (!defined $sid) {
die "The listener did not acknowledge the connection\n";
} elsif ($sid eq $id) {
die "The listener reported the same connection ID '$id'?!\n";
}
say "The server reported a completed connection: $sid";
my $res = $conns{$id}{cv}->recv;
if (!defined $res) {
die "The connection to stunnel did not report a successful chat\n";
}
say "The stunnel connection seems to have gone through for iteration $iter";
}
}
{
say "Trying to stop stunnel at pid $st_pid";
kill 'TERM', $st_pid or
die "Could not send a terminate signal to the stunnel at pid $st_pid: $!\n";
my $status = wait_for_child $st_pid;
if ($status != 0) {
die "The stunnel process terminated with exit status $status\n";
} else {
say 'The stunnel process terminated successfully';
}
}
{
say 'Checking for leftover children';
if (%children) {
# Our 'die' handler will kill and reap them.
die "Child processes left over:\n".
dump_children;
} else {
say 'No child processes left over';
}
unregister_child_reaper;
};
{
say 'Making sure the AnyEvent loop is still sane';
if ($test_done->ready) {
die "The AnyEvent loop raised the flag prematurely\n";
}
$test_done->send(42);
my $res = $test_done->recv;
if ($res != 42) {
die "The AnyEvent loop does not seem to be quite alive and sane, got a result of '$res' instead of 42\n";
}
say 'Fine!';
};
}

15
debian/tests/upstream vendored Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
set -e
ln -s /usr/bin/stunnel4 src/stunnel
cd tests
if ! ./make_test; then
printf '\n\n=== Some tests failed; here are all the logs...\n\n' 1>&2
for fname in logs/*.log; do
printf -- '\n\n=== %s\n\n' "$fname" 1>&2
cat -- "$fname" 1>&2
done
false
fi

5
debian/upstream/metadata vendored Normal file
View File

@ -0,0 +1,5 @@
Name: stunnel
Bug-Submit: https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Contact: https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
FAQ: https://www.stunnel.org/faq.html
Security-Contact: Michal Trojnara <Michal.Trojnara@stunnel.org>

111
debian/upstream/signing-key.asc vendored Normal file
View File

@ -0,0 +1,111 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0
hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf
ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S
fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY
kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX
1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8
rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn
RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN
Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E
sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk
4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB
tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+
iQI4BBMBAgAiBQJU1Q1lAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCx
BIky3Tqqo71TEACWO31ZIOrknCsgmE90Q0yBPYD8CA8aM9OLO9qVYRR+SKQ6VAFn
/qWCoG/z3aMOUJJFDMmBDTSiGZ43jReQVc1PvoNUKFXkD13vrDNGg+IMr+jefjy/
RkFC5rdIAOzl6nMRFH5D/KDtvuXUGfjaN9NorCyv5acOa6GinTFANHYW79DSvt0d
aTG0RFimVTKtAh8oxxBGGUvZ/60SJT5I3pwKKX5t6t+LaUgUz/55p5j36dyhZTmk
X6jVyczkfjBwy9i2jD8kZ1w+EQOPGy1hHCHaaN5ku3Bh4hiZrlh8ncpipOMeOJ5Y
71Cze/JROyu3jkR/59LuPJLbUkwNPZXuMM+D4EY19NWKqWFgcsjaF5juS36xgblQ
odAOXBZcnzH14bxlRElWNLhMib+piIL0BaK2cpplwJ+bzQRkyWzqrl5xu/AeE/fQ
BdeRxL1jg4e9Ozei4Pkz0acoxIg2mdR6b36UpOWKvBQYZ8m4TbsWBRrDjcxKeul7
ObsodFoGTteRxqN9glhNd+n5bJAesGzUN86e3NmCoxCUQMaKlrMEVUMwaaSOVWYN
CfwXSe42dK2ZrV4psIYIwfktTkF60N3KeBbTs7/HhS/R229+lQCL90bcKRiv2Szc
vqR6v78xnbnANm0SX/b6M7xNBf8lWXwS9TlR9AzA4XC7FqNLYTMGV56TmLQrTWlj
aGHFgiBUcm9qbmFyYSA8TWljaGFsLlRyb2puYXJhQG1pcnQubmV0PokCOAQTAQIA
IgUCVNTpjAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQsQSJMt06qqOP
9Q/+MNv7sHcx1y4xH4iysPmjL+ABTonZeUIW/j1Mlgve8jxta7ApuDm0WIgMQd/p
WgjG88g/2hSs1DRmuo67pP+v3l+HgmhQaqQe9XoaQHyygfrDwGEKAjA5++6hg88X
F5GNuchUoY2wHCLByuxdaaT9wDSUGHzj+VlQYcaVqry/u8+wRhuxr89avh7nebj2
Dw1qkIuR6+wuaYAU19mazzmdnDLh/3rYHT7vVJt751JHyx4fnJtKI7eDWxpSGfhc
K63SWtHToJKg4jbdIZMORVVvOetpRbPvF8qoR32LZSfF/rPJtNhWgcsLUCpZn6Ey
G6jigx8mhY2WupRNHutSES+qKNffCMi7fbpQfl4wJqzlNxJJK1zGu2ox255l+fXJ
eQJh7fvvcNieuQApKhOL+mOz1fyRnUhx/GjGncOmCgZldTLEF8DeHuuluXgFlDXJ
cX6poh7vyt3uJ14SCyiV1cLnXmCoxXRmQNlb4zTGoAvfOw/DFH3EzQ44dK/Z1HOI
fJeYILxe+JP2E8TNXUvr/wck12yQ8kaqFzHSQBcV+0S49+pIpoK475LVrOs6S9Jj
hMt4WVfX4PY+IE8wGnZyJw1gvPXdk1P98lHR/Fv0WG/kWiemrDXPM1tjnIas6EGm
zxT/iywGF4tdsVHviETVgRGpKHgEtB/hwsCeGUTAmHDbXQS0L01pY2hhxYIgVHJv
am5hcmEgPE1pY2hhbC5Ucm9qbmFyYUBtb2JpLWNvbS5uZXQ+iQI4BBMBAgAiBQJU
1Q03AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCxBIky3TqqoyVkEACt
MHa7x5PQ0ZNJ8TrvVd/VrT5USuHwwFwnnsYUNzSc95gSwSEaPC3xwgs9cX3VRmOw
b3IiCQQ7R0EamH/ydmZnlesbCsnamLl6dEmzS284lnnMd5X0wep2qq3SlS1z+5wW
4ZnoodX98E7RyecjMYPLH+uAqGqg3nHG8eOpoSDMvIOJtOIvDc9Y6tbNsBbeKbOC
yB7A08TMzVqayQvXzm6QShHTicra69oqIzhmu2zII3ZWVwkfEGweuN0vdocoXiqr
entcyF3KLUX/LooDzdCAxuoJdovg41E69rXEWF//IP5XBT0LUDTzqwmBe7nOfoJF
2RAHn3ySogdL6WNSGaH5B5NK1jGflj/Hr/HBHIYYx820P4aEXSyxbLQW1F0HWlAA
Q9+EmjJssbv7cIq2DV2Ls3AOeY0GAWhTdvUVdVpOG+TuWRUi61XwjWPfvrJDH8ME
oLRb2MhNRffle8hSdF8TP4CO1TCxtSFs0NXT1I/HazvacHzvbXspFDJvbYJsy+pR
vOsf2QCcY5xb633duU60+IHJ9GMOV/ZqQR744wAxu+e/ZHpa2+mpI9VpTMuBTMFC
OQKbiLacsDJtFqsenZAyhcTU4DPFa0bkMO67Gwl0skuk2x8/0R3EgJ9JvNlsEz6v
BaHpWhEddU1m6FMKKZkfo0xnyFr/WPT6zti9iKTnIbkCDQRU1OvDARAA8gIC641d
K6ap9W1K3EkqRn0z6zizdVGr/jvf8xFXeUq+auxixZ0tEY6NM5CBSya5BCK9IGVW
mJNbazyWUa4llA6EvmUxcTeGE7ppQA4Kl1bzvUq5upo+8+0VuqvLC/bVz0DUnFSW
JYHAZrPZ+yO0yMq8vaGTo5kwKixQ4Ni+N+1EiALKZex1g6UW9d0HAcYEa/lTWhz3
J0V1yyY4Vov30gtoo67KkSC/SswZzIR00CQGrz3twlGuB73Sm1YfqDqbY8dQLJey
U0ovIeU95VI5cQF6D1H8YdaMWQm6MtVAfIX5WMoH+eq4Ank9hilReGANkIWNSqM2
1Drdu3crbGIYiZPEadKfGxwquwvRDTEgD4gjqMvEdxA2W6s4WR36SwMkeOtESj21
MiR2YDcbIzIbUh9p0P8DZGvQcVh45jCgdOcL5th9R076npXHn8FIe2IfAZnX1Onp
sKn/YqJ0wNFhGYWxV/yZA10NbFKFXhD1FGqrOz6lSqmqDz00tXofF432ae+7PzTP
9n4cij4k0SYG1l/LThnOYL3SNUCG3rCASeWoXmhxCYRGi0Xw3IJrcpVNmNQD+SLL
TjVB94AlDjSlx1q0V+9ymhGHi51wsBSajMwDexaSI/WM1y9lROwl7eeAD41fPArz
TleAqT89akWLevTBLWvj59mku9vZAW26/1UAEQEAAYkCHwQYAQIACQUCVNTrwwIb
DAAKCRCxBIky3Tqqo2NCEACHJ7e0l8NhS4slfzej1AAXOwL1wDexn6thpgexAyqZ
LIaibqhIybhSo1LOL1NY/55ytscbOQL7NliRAXVN6F9lcer+qzxL5JgxzUU6drya
pNZYs06u3wfr8ZtSbvIAON/w89tm9tHxoNUIYZZUZROFBW6fn8RkhboQs0hJFxWf
WghOxhS0TXJ8/MZ4YcfDy+Ew6LIAym3A1XY+++2VMEHqKcyhU95W5sqAsfO5MkRW
a0E9JTS2dWTteNTWPonywJGX/mSVVMZgOZF6o32Vb9LTnB676YQaPiMlu2qg+vRk
RM/zyGjvPx7hilf68CWxZcIHslfp5gJV6RvtlK+muEvIkSmNYyi8hQp1Y5C6uWb9
JWt/9ISJ+Xz+n+5nAHEUzW/LeEDyhjVlS9vOoAAy18r47mQybzJ2q2zOHo9zl3fK
OJ2S4SFBKGHuIhPOxG2CruhxN9U5+RwTDqKECeuCZROMYQLzlmIP2vM/NuFVhQm8
iNhbTvEenh4mWD4IuOHJkqvzKKzAXllosuUK4B0kblh4GaOVmEjaXGw8789rOlQz
D5566SgKPDNUtom5/eIcy6/UYBoFd7lLltIVSSCA1VUMU4MWJgjwa9gk6MxoNe8d
cJ197oQMfhZNjJ80S5C+a2al4wrR2vL/3hXhy2M2kG73RLSzxEiVoJsG+hbzNtfI
a7kCDQRU1O5ZARAA1pGrQ1V3YMXF3DzwvA/uWb912pwqUvMAAKvYCDiELIOP07c3
2+z04N/bOXjiZ2Jb8AuICj4v92tXAygtf18zxwoU8AOXiuScP3wy1ZprBw8k71dN
y0XmEXbiX7tkLoe0OzWlCaNTajSXTELT+nYHTOkBsrC4T+y7AwYueQJYUaRkJR/5
Tc68UnRSO295pgJd7EoWWAky3bdH+TKN0MsagCJwa+RrXFGtIKjU0XAKsddTxQKx
2SUGF0QVdNZ/14Duo73btoXtHgB0oxewnsiJp5XKWYm57RSNLv1LKr26iSUtUM1C
AIZALuGMAyQXVEo7OmzuZmN0yRYM7FSnpG4rIDnDxYhDTaa+xWb738V8uLQDZAVn
AuBEhq1RQEDrRM/XLbibvVBzpd+JI9WneNEp0ehq5sEC6FbKYz0HqVk2SH1Dpb0t
grtxz3c7rPs7vRdmFMxTuYctSzuqNHpKX+C6rgyAW2sxEKD0ys8OYEa3hvrQFSAz
nM/j3X8dge1DriHIQd/Dt4+LMdPcsQk3vty7pYxZIDRa9hl7ngaesQSZ/7PV/cj7
U7qieTr1ulO1Gc5GcyS2Hu4P9109HX1tBEQvGHpbqe9Lc2d0VKgHVjG9vDLrE1h/
qXKbmn0LF1YR4djaM+sYCfYOO+WzZKUACPdMq3Lid/3oQ71p6eNgu6lQcgEAEQEA
AYkEPgQYAQIACQUCVNTuWQIbAgIpCRCxBIky3Tqqo8FdIAQZAQIABgUCVNTuWQAK
CRAu/H/w1BbgFNx6EACR7CKB3Mv2lNaRRraVRwjNrumyODqsnX/oe3lad04iCBb9
JxGyNyTGF0s6teoaocXxIeZ50bF7GuYcnepMGpniMCkE2ymlM6ruFNNTUYC02Fsr
owKQboC7S5DN2l7lb4nlgyDX7nOlOMmhTc3D/QsduMyS9H5kjFFKtzLYOwREV/RH
I/wQUyTyze8qs/BxpT3/HsSJuGZybLSd/fmeM43xghcdfDgKTaGkFkhhW7UWgtOh
QtYxr0VD4HEw4C+nMyksqKAIFMBjJAqtsuWeSgavVrbU8KrzlcJFHSrovZ7Pi0mK
MYHGomPstZcZxwr15t3BhDvogMSRscU1mLUigLEGiWxPVxtQlmHTZfMns4Cy04S7
jK4Gix0PN4Xi/9rOcLFCb5zddcLVrqiuT+dt/O/TPKUKHTvLL1gF4Dlypbu8TQWt
O7xDSPy7wSdPWUN5GBjsxbZfVlWpvvVMmGUuygIl0LkrJLKGxk36AnNpEPqsQ9e9
Rsgu5dP9lGPz3igxE3p+UlhWo5eqJqZwAfEFb+0PQzKSQ6zIFQAf50eSI/pWf+Xp
9XOT47d4y8aWzHA7T/ja9tbyd+eg71ZOqOFtVP8zFWvmPnoosxrBR7qK/RBY5/PX
KhfG10yEYXSjTap4dmsy430l8Mcuqo55iixgT5vxZfTeyFjTjHmjuHD1rTTfpXk4
D/9GI9cIfrWczhrbWN8BoP66ImMXpVhZzDt6S5u9dHSNJdqivDzCkktb/psXILvv
u3qLmb1nJbsNzN9GJm6LoduzCJ4SqaodjhMkNi/Tc95dx0n2cCP2Rh/jvzo7zrqQ
O09c8at/pFEiF8LgUlc5QaB/GNhXBqJog2yOzUPGKq0OMy/wttW42TCe7V+J8fnn
16xfGhnVwmiWRQaqdCiFDY2IiOHhnRwfJVANrddfuU/AJ8vY8XXzrxI7YZL43V53
0Wich1VB00XLFU8aj08FsjdFvR77AAxFU+Cd6sH6yq6jsRXppQ0BOO15aR+wopEv
tKwDdRu3TaweC1XMLLQ4XuN9Ql0bMH0d626uMG2zUfZGO1jNTOS4sUhEqJsImbsL
/hgNDKYvfo0wSHPWmQo9njw7aG8Mey77I3fL1ELj/Tfa86njPpJ/tmFMLV9ntWAC
cW/c3tojdcP278rTw/4zk+Sr2Zv+3bP1yjJd0z4B3gYYz2BUYTU7dyiA41Kgk4Zf
V1n2NUAxQJYzvEIAZcMEWA3rOTb+AjcBVXX89Gk0BEykVmA9G808tbmI+4DUd2c/
+d1xeufb43TGOiwKqwY+Os9iey3FbsnoYuzKPsd5LByJFEudbMB152h95u/NysaM
0AjC+yPtlpSLUIaDUW75VAlQKPWj1Ag5uVpc2ScMEjevQQ==
=muMw
-----END PGP PUBLIC KEY BLOCK-----

8
debian/watch vendored Normal file
View File

@ -0,0 +1,8 @@
version=4
# Latest version is directly at /stunnel
opts=pgpsigurlmangle=s/$/.asc/ \
https://www.stunnel.org/downloads.html downloads/stunnel-([\d.]+)@ARCHIVE_EXT@ debian
opts=pgpsigurlmangle=s/$/.asc/,pasv \
ftp://ftp.stunnel.org/stunnel/archive/5.x/stunnel-([\d.]+)@ARCHIVE_EXT@

23
doc/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -17,7 +17,17 @@
# by Michal Trojnara 2015-2017
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@ -81,7 +91,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = doc
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
@ -89,6 +98,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/src/config.h
CONFIG_CLEAN_FILES =
@ -145,6 +155,7 @@ NROFF = nroff
MANS = $(man_MANS)
DATA = $(doc_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@ -187,6 +198,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@ -295,7 +307,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@ -541,6 +552,8 @@ uninstall-man: uninstall-man8
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-docDATA uninstall-man uninstall-man8
.PRECIOUS: Makefile
.pod.in.8.in:
pod2man -u -n stunnel -s 8 -r $(VERSION) \

2522
m4/libtool.m4 vendored
View File

File diff suppressed because it is too large Load Diff

127
m4/ltoptions.m4 vendored
View File

@ -1,14 +1,14 @@
# Helper functions for option handling. -*- Autoconf -*-
#
# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# serial 7 ltoptions.m4
# serial 8 ltoptions.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
@ -29,7 +29,7 @@ m4_define([_LT_SET_OPTION],
[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
_LT_MANGLE_DEFUN([$1], [$2]),
[m4_warning([Unknown $1 option `$2'])])[]dnl
[m4_warning([Unknown $1 option '$2'])])[]dnl
])
@ -75,13 +75,15 @@ m4_if([$1],[LT_INIT],[
dnl
dnl If no reference was made to various pairs of opposing options, then
dnl we run the default mode handler for the pair. For example, if neither
dnl `shared' nor `disable-shared' was passed, we enable building of shared
dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
dnl archives by default:
_LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
_LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
_LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
_LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
[_LT_ENABLE_FAST_INSTALL])
[_LT_ENABLE_FAST_INSTALL])
_LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
[_LT_WITH_AIX_SONAME([aix])])
])
])# _LT_SET_OPTIONS
@ -112,7 +114,7 @@ AU_DEFUN([AC_LIBTOOL_DLOPEN],
[_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `dlopen' option into LT_INIT's first parameter.])
put the 'dlopen' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@ -148,7 +150,7 @@ AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
_LT_SET_OPTION([LT_INIT], [win32-dll])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `win32-dll' option into LT_INIT's first parameter.])
put the 'win32-dll' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@ -157,9 +159,9 @@ dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
# _LT_ENABLE_SHARED([DEFAULT])
# ----------------------------
# implement the --enable-shared flag, and supports the `shared' and
# `disable-shared' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-shared flag, and supports the 'shared' and
# 'disable-shared' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_SHARED],
[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([shared],
@ -172,14 +174,14 @@ AC_ARG_ENABLE([shared],
*)
enable_shared=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_shared=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
@ -211,9 +213,9 @@ dnl AC_DEFUN([AM_DISABLE_SHARED], [])
# _LT_ENABLE_STATIC([DEFAULT])
# ----------------------------
# implement the --enable-static flag, and support the `static' and
# `disable-static' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-static flag, and support the 'static' and
# 'disable-static' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_STATIC],
[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([static],
@ -226,14 +228,14 @@ AC_ARG_ENABLE([static],
*)
enable_static=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_static=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_static=]_LT_ENABLE_STATIC_DEFAULT)
@ -265,9 +267,9 @@ dnl AC_DEFUN([AM_DISABLE_STATIC], [])
# _LT_ENABLE_FAST_INSTALL([DEFAULT])
# ----------------------------------
# implement the --enable-fast-install flag, and support the `fast-install'
# and `disable-fast-install' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-fast-install flag, and support the 'fast-install'
# and 'disable-fast-install' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_FAST_INSTALL],
[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([fast-install],
@ -280,14 +282,14 @@ AC_ARG_ENABLE([fast-install],
*)
enable_fast_install=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_fast_install=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
@ -304,14 +306,14 @@ AU_DEFUN([AC_ENABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `fast-install' option into LT_INIT's first parameter.])
the 'fast-install' option into LT_INIT's first parameter.])
])
AU_DEFUN([AC_DISABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `disable-fast-install' option into LT_INIT's first parameter.])
the 'disable-fast-install' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@ -319,11 +321,64 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# _LT_WITH_AIX_SONAME([DEFAULT])
# ----------------------------------
# implement the --with-aix-soname flag, and support the `aix-soname=aix'
# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
m4_define([_LT_WITH_AIX_SONAME],
[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
shared_archive_member_spec=
case $host,$enable_shared in
power*-*-aix[[5-9]]*,yes)
AC_MSG_CHECKING([which variant of shared library versioning to provide])
AC_ARG_WITH([aix-soname],
[AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
[shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
[case $withval in
aix|svr4|both)
;;
*)
AC_MSG_ERROR([Unknown argument to --with-aix-soname])
;;
esac
lt_cv_with_aix_soname=$with_aix_soname],
[AC_CACHE_VAL([lt_cv_with_aix_soname],
[lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
with_aix_soname=$lt_cv_with_aix_soname])
AC_MSG_RESULT([$with_aix_soname])
if test aix != "$with_aix_soname"; then
# For the AIX way of multilib, we name the shared archive member
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
# and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
# Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
# the AIX toolchain works better with OBJECT_MODE set (default 32).
if test 64 = "${OBJECT_MODE-32}"; then
shared_archive_member_spec=shr_64
else
shared_archive_member_spec=shr
fi
fi
;;
*)
with_aix_soname=aix
;;
esac
_LT_DECL([], [shared_archive_member_spec], [0],
[Shared archive member basename, for filename based shared library versioning on AIX])dnl
])# _LT_WITH_AIX_SONAME
LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
# _LT_WITH_PIC([MODE])
# --------------------
# implement the --with-pic flag, and support the `pic-only' and `no-pic'
# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
# LT_INIT options.
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
@ -334,19 +389,17 @@ m4_define([_LT_WITH_PIC],
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for lt_pkg in $withval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
[pic_mode=m4_default([$1], [default])])
_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
])# _LT_WITH_PIC
@ -359,7 +412,7 @@ AU_DEFUN([AC_LIBTOOL_PICMODE],
[_LT_SET_OPTION([LT_INIT], [pic-only])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `pic-only' option into LT_INIT's first parameter.])
put the 'pic-only' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:

7
m4/ltsugar.m4 vendored
View File

@ -1,6 +1,7 @@
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
@ -33,7 +34,7 @@ m4_define([_lt_join],
# ------------
# Manipulate m4 lists.
# These macros are necessary as long as will still need to support
# Autoconf-2.59 which quotes differently.
# Autoconf-2.59, which quotes differently.
m4_define([lt_car], [[$1]])
m4_define([lt_cdr],
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
@ -44,7 +45,7 @@ m4_define([lt_unquote], $1)
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
# ------------------------------------------
# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
# Note that neither SEPARATOR nor STRING are expanded; they are appended
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
# No SEPARATOR is output if MACRO-NAME was previously undefined (different

12
m4/ltversion.m4 vendored
View File

@ -1,6 +1,6 @@
# ltversion.m4 -- version numbers -*- Autoconf -*-
#
# Copyright (C) 2004 Free Software Foundation, Inc.
# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004
#
# This file is free software; the Free Software Foundation gives
@ -9,15 +9,15 @@
# @configure_input@
# serial 3337 ltversion.m4
# serial 4179 ltversion.m4
# This file is part of GNU Libtool
m4_define([LT_PACKAGE_VERSION], [2.4.2])
m4_define([LT_PACKAGE_REVISION], [1.3337])
m4_define([LT_PACKAGE_VERSION], [2.4.6])
m4_define([LT_PACKAGE_REVISION], [2.4.6])
AC_DEFUN([LTVERSION_VERSION],
[macro_version='2.4.2'
macro_revision='1.3337'
[macro_version='2.4.6'
macro_revision='2.4.6'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])

7
m4/lt~obsolete.m4 vendored
View File

@ -1,6 +1,7 @@
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
@ -11,7 +12,7 @@
# These exist entirely to fool aclocal when bootstrapping libtool.
#
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
# which have later been changed to m4_define as they aren't part of the
# exported API, or moved to Autoconf or Automake where they belong.
#
@ -25,7 +26,7 @@
# included after everything else. This provides aclocal with the
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
# because those macros already exist, or will be overwritten later.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
#
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
# Yes, that means every name once taken will need to remain here until

2
src/Makefile.am
View File

@ -66,7 +66,7 @@ libstunnel_la_LDFLAGS = -avoid-version
if AUTHOR_TESTS
# Just check if the programs can be built, don't perform any actual tests
check-local: mingw mingw64
#check-local: mingw mingw64
endif
mingw:

33
src/Makefile.in
View File

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -23,7 +23,17 @@
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@ -88,8 +98,6 @@ build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = stunnel$(EXEEXT)
subdir = src
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(srcdir)/config.h.in $(top_srcdir)/auto/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
@ -97,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
@ -224,6 +233,8 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/auto/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@ -266,6 +277,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@ -401,7 +413,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@ -978,9 +989,7 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
@AUTHOR_TESTS_FALSE@check-local:
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) config.h
installdirs:
@ -1091,9 +1100,9 @@ ps-am:
uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
uninstall-pkglibLTLIBRARIES
.MAKE: all check-am install-am install-strip
.MAKE: all install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am check-local clean \
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \
clean-binPROGRAMS clean-generic clean-libtool clean-local \
clean-pkglibLTLIBRARIES cscopelist-am ctags ctags-am distclean \
distclean-compile distclean-generic distclean-hdr \
@ -1110,6 +1119,8 @@ uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
uninstall-binSCRIPTS uninstall-pkglibLTLIBRARIES
.PRECIOUS: Makefile
###############################################################################
# Generate a new set of DH parameters for each version #
@ -1130,7 +1141,7 @@ stunnel3: $(srcdir)/stunnel3.in
###############################################################################
# Just check if the programs can be built, don't perform any actual tests
@AUTHOR_TESTS_TRUE@check-local: mingw mingw64
#check-local: mingw mingw64
mingw:
$(MAKE) -f $(srcdir)/mingw.mk srcdir=$(srcdir) win32_targetcpu=i686 win32_mingw=mingw

38
src/client.c
View File

@ -85,6 +85,7 @@ CLI *alloc_client_session(SERVICE_OPTIONS *opt, SOCKET rfd, SOCKET wfd) {
c->local_rfd.fd=rfd;
c->local_wfd.fd=wfd;
c->seq=seq++;
c->opt->seq++;
return c;
}
@ -254,7 +255,8 @@ NOEXPORT void client_run(CLI *c) {
/* free the client context */
str_free(c->connect_addr.addr);
/* we currently don't make a local copy of c->connect_addr.session */
/* a client does not have its own local copy of
c->connect_addr.session and c->connect_addr.fd */
s_poll_free(c->fds);
c->fds=NULL;
}
@ -646,21 +648,18 @@ NOEXPORT void transfer(CLI *c) {
s_poll_err(c->fds, c->sock_rfd->fd)) {
err=get_socket_error(c->sock_rfd->fd);
if(err)
s_log(LOG_ERR, "socket fd: %s (%d)",
s_strerror(err), err);
log_error(LOG_INFO, err, "socket fd");
}
} else {
if(sock_can_rd && s_poll_err(c->fds, c->sock_rfd->fd)) {
err=get_socket_error(c->sock_rfd->fd);
if(err)
s_log(LOG_ERR, "socket rfd: %s (%d)",
s_strerror(err), err);
log_error(LOG_INFO, err, "socket rfd");
}
if(sock_can_wr && s_poll_err(c->fds, c->sock_wfd->fd)) {
err=get_socket_error(c->sock_wfd->fd);
if(err)
s_log(LOG_ERR, "socket wfd: %s (%d)",
s_strerror(err), err);
log_error(LOG_INFO, err, "socket wfd");
}
}
if(c->ssl_rfd->fd==c->ssl_wfd->fd) {
@ -668,22 +667,19 @@ NOEXPORT void transfer(CLI *c) {
s_poll_err(c->fds, c->ssl_rfd->fd)) {
err=get_socket_error(c->ssl_rfd->fd);
if(err)
s_log(LOG_ERR, "TLS fd: %s (%d)",
s_strerror(err), err);
log_error(LOG_INFO, err, "TLS fd");
}
} else {
if(ssl_can_rd && s_poll_err(c->fds, c->ssl_rfd->fd)) {
err=get_socket_error(c->ssl_rfd->fd);
if(err)
s_log(LOG_ERR, "TLS rfd: %s (%d)",
s_strerror(err), err);
log_error(LOG_INFO, err, "TLS rfd");
}
if(c->ssl_rfd->fd!=c->ssl_wfd->fd &&
ssl_can_wr && s_poll_err(c->fds, c->ssl_wfd->fd)) {
err=get_socket_error(c->ssl_wfd->fd);
if(err)
s_log(LOG_ERR, "TLS wfd: %s (%d)",
s_strerror(err), err);
log_error(LOG_INFO, err, "TLS wfd");
}
}
@ -736,6 +732,10 @@ NOEXPORT void transfer(CLI *c) {
SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
shutdown_wants_read=shutdown_wants_write=0;
break;
case SSL_ERROR_ZERO_RETURN: /* connection closed */
SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
shutdown_wants_read=shutdown_wants_write=0;
break;
case SSL_ERROR_WANT_WRITE:
s_log(LOG_DEBUG, "SSL_shutdown returned WANT_WRITE: retrying");
shutdown_wants_read=0;
@ -1109,6 +1109,7 @@ NOEXPORT void auth_user(CLI *c, char *accepted_address) {
#endif
SOCKADDR_UNION ident; /* IDENT socket name */
char *line, *type, *system, *user;
unsigned remote_port, local_port;
if(!c->opt->username)
return; /* -u option not specified */
@ -1136,9 +1137,10 @@ NOEXPORT void auth_user(CLI *c, char *accepted_address) {
if(s_connect(c, &ident, addr_len(&ident)))
longjmp(c->err, 1);
s_log(LOG_DEBUG, "IDENT server connected");
fd_printf(c, c->fd, "%u , %u",
ntohs(c->peer_addr.in.sin_port),
ntohs(c->opt->local_addr.in.sin_port));
remote_port=ntohs(c->peer_addr.in.sin_port);
local_port=(unsigned)(c->opt->local_addr.addr ?
ntohs(c->opt->local_addr.addr[0].in.sin_port) : 0);
fd_printf(c, c->fd, "%u , %u", remote_port, local_port);
line=fd_getline(c, c->fd);
closesocket(c->fd);
c->fd=INVALID_SOCKET; /* avoid double close on cleanup */
@ -1443,9 +1445,7 @@ NOEXPORT unsigned idx_cache_retrieve(CLI *c) {
}
if(c->opt->failover==FAILOVER_RR) {
/* the race condition here can be safely ignored */
i=c->connect_addr.parent->rr;
c->connect_addr.parent->rr=(i+1)%c->connect_addr.num;
i=(c->connect_addr.start+c->opt->seq)%c->connect_addr.num;
s_log(LOG_INFO, "failover: round-robin, starting at entry #%d", i);
} else {
i=0;

3
src/config.h.in
View File

@ -207,8 +207,7 @@
/* Host description */
#undef HOST
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Name of package */

52
src/dhparam.c
View File

@ -8,32 +8,32 @@
DH *get_dh2048()
{
static unsigned char dhp_2048[] = {
0xE5, 0x09, 0xEB, 0x6B, 0x7E, 0xFF, 0x06, 0x2E, 0xE9, 0x8E,
0xEB, 0xB8, 0x15, 0x2E, 0x83, 0xE9, 0x77, 0x6B, 0x98, 0x80,
0xC2, 0x5B, 0xC7, 0x99, 0xEF, 0xD2, 0x3B, 0x75, 0x23, 0xD1,
0xEF, 0x4D, 0x2C, 0xE6, 0xE5, 0xD3, 0x6A, 0x5E, 0x38, 0x4A,
0x05, 0x15, 0x57, 0xFF, 0x46, 0x22, 0x0F, 0xDC, 0xC9, 0xF0,
0xA0, 0x4C, 0x2B, 0x70, 0x91, 0x30, 0x32, 0x3A, 0x20, 0x38,
0xB6, 0x62, 0xAE, 0x8C, 0x9E, 0x9B, 0x7A, 0x04, 0xCF, 0x9C,
0x20, 0x0C, 0x9D, 0x34, 0xFC, 0xB5, 0x46, 0x9E, 0xB6, 0x56,
0x94, 0x7A, 0x8E, 0x7B, 0xEA, 0x77, 0x3D, 0x1F, 0x57, 0xAD,
0xB0, 0xB7, 0xD6, 0x2E, 0x95, 0x5B, 0xA7, 0x1E, 0xF1, 0x84,
0x04, 0x7C, 0x77, 0x9B, 0x10, 0x8D, 0x5F, 0xA5, 0x2B, 0x0D,
0xCB, 0xFB, 0xB9, 0x0A, 0xCB, 0xDD, 0x70, 0x9F, 0x85, 0xBA,
0xE3, 0x6A, 0xD1, 0xE4, 0x83, 0x7B, 0x89, 0x66, 0xAC, 0x58,
0x12, 0x43, 0x5B, 0xA8, 0x02, 0xC0, 0x5C, 0x27, 0x61, 0x97,
0x5D, 0xEC, 0x94, 0x71, 0xB2, 0x13, 0x13, 0xAB, 0x30, 0x0C,
0x54, 0x54, 0x8C, 0xE2, 0x9D, 0x07, 0xDE, 0xE7, 0x62, 0x70,
0xDE, 0x6C, 0x48, 0xD7, 0x69, 0xDA, 0xBC, 0xDA, 0xB1, 0x82,
0xE4, 0xD7, 0xE4, 0xFB, 0x6D, 0x36, 0x46, 0x55, 0x30, 0x63,
0x18, 0x42, 0x82, 0x60, 0xE2, 0x76, 0x23, 0x56, 0x34, 0x25,
0xA9, 0x6A, 0xF1, 0x06, 0xB1, 0x68, 0xAD, 0x7F, 0xCE, 0x06,
0xEE, 0x85, 0xA5, 0x83, 0x85, 0x08, 0x45, 0x45, 0x09, 0xA7,
0x3D, 0xC9, 0xAC, 0xE6, 0x3A, 0x98, 0x93, 0xBF, 0x98, 0x2E,
0x4D, 0x00, 0x3B, 0x74, 0x62, 0x7B, 0x8D, 0xBD, 0x18, 0x6C,
0xAC, 0x4B, 0xEF, 0xF5, 0xAD, 0x0E, 0x2E, 0x85, 0x60, 0xE6,
0xF4, 0x3F, 0x25, 0xFE, 0xAE, 0xC3, 0x18, 0x9B, 0x04, 0x7B,
0xC7, 0x48, 0xE8, 0xC1, 0x3C, 0x13
0xEF, 0xED, 0x5C, 0xA2, 0x8E, 0x37, 0xD8, 0xF4, 0xD1, 0xE9,
0x85, 0x06, 0x79, 0x0E, 0xC0, 0xBC, 0xD2, 0xF3, 0xBC, 0x26,
0xAE, 0x63, 0xB9, 0x06, 0xDF, 0x16, 0xDB, 0xE5, 0x76, 0x76,
0xD5, 0xBC, 0x4F, 0xC1, 0x55, 0x28, 0xC9, 0x7A, 0xC8, 0xD6,
0x1E, 0xB0, 0x5D, 0x85, 0x12, 0x39, 0x62, 0x06, 0x9D, 0x99,
0x4D, 0xCF, 0x79, 0x27, 0x94, 0xB6, 0xE1, 0xC2, 0x92, 0x06,
0xA3, 0xCF, 0x10, 0x25, 0xC4, 0x3D, 0x01, 0xD2, 0x34, 0x0C,
0x1F, 0xB2, 0xA3, 0x0D, 0xA8, 0xDC, 0xB6, 0x5F, 0xDB, 0x8C,
0xF6, 0x73, 0xC2, 0x07, 0x70, 0x4D, 0x01, 0x85, 0xE8, 0x49,
0xBC, 0xC1, 0x80, 0x6C, 0x77, 0x71, 0xFF, 0x5D, 0x25, 0x2F,
0x64, 0x5F, 0x0D, 0x33, 0xB3, 0x43, 0x24, 0xC0, 0xFC, 0xB3,
0x94, 0xEA, 0xF2, 0xB7, 0x24, 0x08, 0x12, 0x74, 0x9D, 0xEA,
0x20, 0x31, 0xD7, 0x0C, 0x0A, 0x84, 0x37, 0xCF, 0x34, 0x56,
0x85, 0xFB, 0xF4, 0x7C, 0xF4, 0x4E, 0x67, 0x0E, 0x63, 0xB2,
0x49, 0xAF, 0xA6, 0x43, 0xD3, 0x6E, 0x60, 0xA9, 0x96, 0xD6,
0xE8, 0x63, 0x7E, 0x23, 0x39, 0x91, 0xE1, 0xF6, 0xC3, 0x8B,
0x60, 0x92, 0x73, 0xB9, 0x5A, 0x69, 0xDF, 0x8A, 0xD4, 0x0E,
0x1C, 0x95, 0x82, 0x59, 0xE4, 0x3B, 0xA8, 0xAC, 0x46, 0x47,
0xE2, 0xFE, 0x98, 0xD7, 0xC2, 0xD4, 0xC6, 0x0A, 0xC5, 0x23,
0x98, 0xCA, 0x0C, 0x5A, 0x82, 0xE1, 0x17, 0xC8, 0xA4, 0x5C,
0x43, 0x2A, 0xE5, 0x5B, 0x20, 0x7C, 0x36, 0x90, 0x71, 0xB6,
0x02, 0x55, 0xF5, 0x26, 0x13, 0xCF, 0xB3, 0x4C, 0xB7, 0x89,
0x57, 0xC8, 0x27, 0x28, 0x72, 0x04, 0xF1, 0x78, 0x4B, 0xFF,
0xB3, 0x78, 0x60, 0x79, 0xEF, 0xDD, 0xDE, 0x34, 0x88, 0xE2,
0x00, 0x13, 0xED, 0x4B, 0x9F, 0xE7, 0x71, 0xBA, 0x68, 0xF6,
0xD2, 0x9E, 0xF3, 0x3B, 0x2D, 0x2B
};
static unsigned char dhg_2048[] = {
0x02

171
src/log.c
View File

@ -38,8 +38,8 @@
#include "common.h"
#include "prototypes.h"
NOEXPORT void log_raw(const SERVICE_OPTIONS *, const int,
const char *, const char *, const char *);
NOEXPORT void log_queue(SERVICE_OPTIONS *, int, char *, char *, char *);
NOEXPORT void log_raw(SERVICE_OPTIONS *, int, char *, char *, char *);
NOEXPORT void safestring(char *);
static DISK_FILE *outfile=NULL;
@ -115,34 +115,9 @@ void log_close(void) {
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_MODE]);
}
void log_flush(LOG_MODE new_mode) {
struct LIST *tmp;
stunnel_write_lock(&stunnel_locks[LOCK_LOG_MODE]);
/* prevent changing LOG_MODE_CONFIGURED to LOG_MODE_ERROR
* once stderr file descriptor is closed */
if(log_mode!=LOG_MODE_CONFIGURED)
log_mode=new_mode;
/* log_raw() will use the new value of log_mode */
stunnel_write_lock(&stunnel_locks[LOCK_LOG_BUFFER]);
while(head) {
log_raw(head->opt, head->level, head->stamp, head->id, head->text);
str_free(head->stamp);
str_free(head->id);
str_free(head->text);
tmp=head;
head=head->next;
str_free(tmp);
}
head=tail=NULL;
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_BUFFER]);
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_MODE]);
}
void s_log(int level, const char *format, ...) {
va_list ap;
char *text, *stamp, *id;
struct LIST *tmp;
#ifdef USE_WIN32
DWORD libc_error;
#else
@ -156,6 +131,9 @@ void s_log(int level, const char *format, ...) {
#endif
TLS_DATA *tls_data;
libc_error=get_last_error();
socket_error=get_last_socket_error();
tls_data=tls_get();
if(!tls_data) {
tls_data=tls_alloc(NULL, NULL, "log");
@ -164,68 +142,93 @@ void s_log(int level, const char *format, ...) {
}
/* performance optimization: skip the trivial case early */
if(log_mode==LOG_MODE_CONFIGURED && level>tls_data->opt->log_level)
return;
libc_error=get_last_error();
socket_error=get_last_socket_error();
/* format the id to be logged */
time(&gmt);
if(log_mode!=LOG_MODE_CONFIGURED || level<=tls_data->opt->log_level) {
/* format the id to be logged */
time(&gmt);
#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT)
timeptr=localtime_r(&gmt, &timestruct);
timeptr=localtime_r(&gmt, &timestruct);
#else
timeptr=localtime(&gmt);
timeptr=localtime(&gmt);
#endif
stamp=str_printf("%04d.%02d.%02d %02d:%02d:%02d",
timeptr->tm_year+1900, timeptr->tm_mon+1, timeptr->tm_mday,
timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec);
id=str_printf("LOG%d[%s]", level, tls_data->id);
stamp=str_printf("%04d.%02d.%02d %02d:%02d:%02d",
timeptr->tm_year+1900, timeptr->tm_mon+1, timeptr->tm_mday,
timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec);
id=str_printf("LOG%d[%s]", level, tls_data->id);
/* format the text to be logged */
va_start(ap, format);
text=str_vprintf(format, ap);
va_end(ap);
safestring(text);
/* format the text to be logged */
va_start(ap, format);
text=str_vprintf(format, ap);
va_end(ap);
safestring(text);
stunnel_read_lock(&stunnel_locks[LOCK_LOG_MODE]);
if(log_mode==LOG_MODE_BUFFER) { /* save the text to log it later */
stunnel_write_lock(&stunnel_locks[LOCK_LOG_BUFFER]);
tmp=str_alloc_detached(sizeof(struct LIST));
tmp->next=NULL;
tmp->opt=tls_data->opt;
tmp->level=level;
tmp->stamp=stamp;
str_detach(tmp->stamp);
tmp->id=id;
str_detach(tmp->id);
tmp->text=text;
str_detach(tmp->text);
if(tail)
tail->next=tmp;
/* either log or queue for logging */
stunnel_read_lock(&stunnel_locks[LOCK_LOG_MODE]);
if(log_mode==LOG_MODE_BUFFER)
log_queue(tls_data->opt, level, stamp, id, text);
else
head=tmp;
tail=tmp;
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_BUFFER]);
} else { /* ready log the text directly */
log_raw(tls_data->opt, level, stamp, id, text);
str_free(stamp);
str_free(id);
str_free(text);
log_raw(tls_data->opt, level, stamp, id, text);
stunnel_read_unlock(&stunnel_locks[LOCK_LOG_MODE]);
}
stunnel_read_unlock(&stunnel_locks[LOCK_LOG_MODE]);
set_last_error(libc_error);
set_last_socket_error(socket_error);
}
NOEXPORT void log_raw(const SERVICE_OPTIONS *opt,
const int level, const char *stamp,
const char *id, const char *text) {
NOEXPORT void log_queue(SERVICE_OPTIONS *opt,
int level, char *stamp, char *id, char *text) {
struct LIST *tmp;
/* make a new element */
tmp=str_alloc_detached(sizeof(struct LIST));
tmp->next=NULL;
tmp->opt=opt;
tmp->level=level;
tmp->stamp=stamp;
str_detach(tmp->stamp);
tmp->id=id;
str_detach(tmp->id);
tmp->text=text;
str_detach(tmp->text);
/* append the new element to the list */
stunnel_write_lock(&stunnel_locks[LOCK_LOG_BUFFER]);
if(tail)
tail->next=tmp;
else
head=tmp;
tail=tmp;
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_BUFFER]);
}
void log_flush(LOG_MODE new_mode) {
stunnel_write_lock(&stunnel_locks[LOCK_LOG_MODE]);
/* prevent changing LOG_MODE_CONFIGURED to LOG_MODE_ERROR
* once stderr file descriptor is closed */
if(log_mode!=LOG_MODE_CONFIGURED)
log_mode=new_mode;
/* log_raw() will use the new value of log_mode */
stunnel_write_lock(&stunnel_locks[LOCK_LOG_BUFFER]);
while(head) {
struct LIST *tmp=head;
head=head->next;
log_raw(tmp->opt, tmp->level, tmp->stamp, tmp->id, tmp->text);
str_free(tmp);
}
head=tail=NULL;
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_BUFFER]);
stunnel_write_unlock(&stunnel_locks[LOCK_LOG_MODE]);
}
NOEXPORT void log_raw(SERVICE_OPTIONS *opt,
int level, char *stamp, char *id, char *text) {
char *line;
/* build the line and log it to syslog/file */
if(log_mode==LOG_MODE_CONFIGURED) { /* configured */
/* NOTE: opt->log_level may have changed since s_log().
* It is important to use the new value and not the old one. */
/* build the line and log it to syslog/file if configured */
switch(log_mode) {
case LOG_MODE_CONFIGURED:
line=str_printf("%s %s: %s", stamp, id, text);
if(level<=opt->log_level) {
#if !defined(USE_WIN32) && !defined(__vms)
@ -233,15 +236,25 @@ NOEXPORT void log_raw(const SERVICE_OPTIONS *opt,
syslog(level, "%s: %s", id, text);
#endif /* USE_WIN32, __vms */
if(outfile)
file_putline(outfile, line); /* send log to file */
file_putline(outfile, line);
}
} else if(log_mode==LOG_MODE_ERROR) {
break;
case LOG_MODE_ERROR:
/* don't log the id or the time stamp */
if(level>=0 && level<=7) /* just in case */
line=str_printf("[%c] %s", "***!:. "[level], text);
else
line=str_printf("[?] %s", text);
} else /* LOG_MODE_INFO */
line=str_dup(text); /* don't log the time stamp in error mode */
break;
default: /* LOG_MODE_INFO */
/* don't log the level, the id or the time stamp */
line=str_dup(text);
}
/* free the memory */
str_free(stamp);
str_free(id);
str_free(text);
/* log the line to the UI (GUI, stderr, etc.) */
if(log_mode==LOG_MODE_ERROR ||

24
src/options.c
View File

@ -1151,21 +1151,20 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
/* accept */
switch(cmd) {
case CMD_BEGIN:
section->option.accept=0;
memset(&section->local_addr, 0, sizeof(SOCKADDR_UNION));
section->local_addr.in.sin_family=AF_INET;
section->fd=INVALID_SOCKET;
addrlist_clear(&section->local_addr, 1);
break;
case CMD_EXEC:
if(strcasecmp(opt, "accept"))
break;
section->option.accept=1;
if(!name2addr(&section->local_addr, arg, 1))
return "Failed to resolve accepting address";
name_list_append(&section->local_addr.names, arg);
return NULL; /* OK */
case CMD_END:
if(section->option.accept)
if(section->local_addr.names) {
if(!addrlist_resolve(&section->local_addr))
return "Cannot resolve accept target";
++endpoints;
}
break;
case CMD_FREE:
break;
@ -1728,6 +1727,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
switch(cmd) {
case CMD_BEGIN:
section->failover=FAILOVER_RR;
section->seq=0;
break;
case CMD_EXEC:
if(strcasecmp(opt, "failover"))
@ -3307,6 +3307,7 @@ SOCK_OPT *sock_opts=NULL, sock_opts_def[]= {
#ifdef SO_BINDTODEVICE
{"SO_BINDTODEVICE", SOL_SOCKET, SO_BINDTODEVICE, TYPE_STRING, {NULL, NULL, NULL}},
#endif
#ifdef SOL_TCP
#ifdef TCP_KEEPCNT
{"TCP_KEEPCNT", SOL_TCP, TCP_KEEPCNT, TYPE_INT, {NULL, NULL, NULL}},
#endif
@ -3316,6 +3317,7 @@ SOCK_OPT *sock_opts=NULL, sock_opts_def[]= {
#ifdef TCP_KEEPINTVL
{"TCP_KEEPINTVL", SOL_TCP, TCP_KEEPINTVL, TYPE_INT, {NULL, NULL, NULL}},
#endif
#endif /* SOL_TCP */
#ifdef IP_TOS
{"IP_TOS", IPPROTO_IP, IP_TOS, TYPE_INT, {NULL, NULL, NULL}},
#endif
@ -3655,6 +3657,14 @@ NOEXPORT char *engine_init(void) {
return "Selecting default engine failed";
}
#endif
/* engines can add new algorithms */
#if OPENSSL_VERSION_NUMBER>=0x10100000L
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|
OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#else
OpenSSL_add_all_algorithms();
#endif
s_log(LOG_INFO, "Engine #%d (%s) initialized",
current_engine+1, ENGINE_get_id(engines[current_engine]));
engine_initialized=1;

6
src/os2.mak
View File

@ -1,11 +1,11 @@
prefix=.
DEFS = -DPACKAGE_NAME=\"stunnel\" \
-DPACKAGE_TARNAME=\"stunnel\" \
-DPACKAGE_VERSION=\"5.42\" \
-DPACKAGE_STRING=\"stunnel\ 5.42\" \
-DPACKAGE_VERSION=\"5.44\" \
-DPACKAGE_STRING=\"stunnel\ 5.44\" \
-DPACKAGE_BUGREPORT=\"\" \
-DPACKAGE=\"stunnel\" \
-DVERSION=\"5.42\" \
-DVERSION=\"5.44\" \
-DSTDC_HEADERS=1 \
-DHAVE_SYS_TYPES_H=1 \
-DHAVE_SYS_STAT_H=1 \

10
src/prototypes.h
View File

@ -98,8 +98,9 @@ typedef struct name_list_struct {
typedef struct sockaddr_list { /* list of addresses */
struct sockaddr_list *parent; /* used by copies to locate their parent */
SOCKADDR_UNION *addr; /* array of resolved addresses */
SOCKET *fd; /* array of accepting file descriptors */
SSL_SESSION **session; /* array of cached client sessions */
unsigned rr; /* current address for round-robin */
unsigned start; /* initial address for round-robin failover */
unsigned num; /* how many addresses are used */
int passive; /* listening socket */
NAME_LIST *names; /* a list of unresolved names */
@ -125,7 +126,6 @@ typedef struct {
#ifdef HAVE_CHROOT
char *chroot_dir;
#endif
unsigned long dpid;
char *pidfile;
#endif
@ -238,7 +238,6 @@ typedef struct service_options_struct {
#endif /* !defined(OPENSSL_NO_ENGINE) */
/* service-specific data for client.c */
SOCKET fd; /* file descriptor accepting connections for this service */
SSL_SESSION *session; /* recently used session */
char *exec_name; /* program name for local mode */
#ifdef USE_WIN32
@ -246,13 +245,14 @@ typedef struct service_options_struct {
#else
char **exec_args; /* program arguments for local mode */
#endif
SOCKADDR_UNION local_addr, source_addr;
SOCKADDR_LIST connect_addr, redirect_addr;
SOCKADDR_UNION source_addr;
SOCKADDR_LIST local_addr, connect_addr, redirect_addr;
int timeout_busy; /* maximum waiting for data time */
int timeout_close; /* maximum close_notify time */
int timeout_connect; /* maximum connect() time */
int timeout_idle; /* maximum idle connection time */
enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
unsigned seq; /* sequential number for round-robin failover */
char *username;
/* service-specific data for protocol.c */

25
src/resolver.c
View File

@ -138,6 +138,7 @@ unsigned name2addr(SOCKADDR_UNION *addr, char *name, int passive) {
if(retval)
addrlist2addr(addr, addr_list);
str_free(addr_list->addr);
str_free(addr_list->fd);
str_free(addr_list->session);
str_free(addr_list);
return retval;
@ -154,6 +155,7 @@ unsigned hostport2addr(SOCKADDR_UNION *addr,
if(num)
addrlist2addr(addr, addr_list);
str_free(addr_list->addr);
str_free(addr_list->fd);
str_free(addr_list->session);
str_free(addr_list);
return num;
@ -196,6 +198,9 @@ unsigned name2addrlist(SOCKADDR_LIST *addr_list, char *name) {
(addr_list->num+1)*sizeof(SOCKADDR_UNION));
addr_list->addr[addr_list->num].un.sun_family=AF_UNIX;
strcpy(addr_list->addr[addr_list->num].un.sun_path, name);
addr_list->fd=str_realloc(addr_list->fd,
(addr_list->num+1)*sizeof(SOCKET));
addr_list->fd[addr_list->num]=INVALID_SOCKET;
addr_list->session=str_realloc(addr_list->session,
(addr_list->num+1)*sizeof(SSL_SESSION *));
addr_list->session[addr_list->num]=NULL;
@ -291,6 +296,9 @@ unsigned hostport2addrlist(SOCKADDR_LIST *addr_list,
(addr_list->num+1)*sizeof(SOCKADDR_UNION));
memcpy(&addr_list->addr[addr_list->num], cur->ai_addr,
(size_t)cur->ai_addrlen);
addr_list->fd=str_realloc(addr_list->fd,
(addr_list->num+1)*sizeof(SOCKET));
addr_list->fd[addr_list->num]=INVALID_SOCKET;
addr_list->session=str_realloc(addr_list->session,
(addr_list->num+1)*sizeof(SSL_SESSION *));
addr_list->session[addr_list->num]=NULL;
@ -312,8 +320,9 @@ void addrlist_clear(SOCKADDR_LIST *addr_list, int passive) {
NOEXPORT void addrlist_reset(SOCKADDR_LIST *addr_list) {
addr_list->num=0;
addr_list->addr=NULL;
addr_list->fd=NULL;
addr_list->session=NULL;
addr_list->rr=0; /* reset the round-robin counter */
addr_list->start=0;
addr_list->parent=addr_list; /* allow a copy to locate its parent */
}
@ -325,7 +334,8 @@ unsigned addrlist_dup(SOCKADDR_LIST *dst, const SOCKADDR_LIST *src) {
} else { /* delayed resolver */
addrlist_resolve(dst);
}
/* we currently don't make a local copy of src->session */
/* a client does not have its own local copy of
src->session and src->fd */
return dst->num;
}
@ -336,16 +346,13 @@ unsigned addrlist_resolve(SOCKADDR_LIST *addr_list) {
addrlist_reset(addr_list);
for(host=addr_list->names; host; host=host->next)
num+=name2addrlist(addr_list, host->name);
switch(num) {
case 0:
case 1:
addr_list->rr=0;
break;
default:
if(num<2) {
addr_list->start=0;
} else {
/* randomize the initial value of round-robin counter */
/* ignore the error value and the distribution bias */
RAND_bytes((unsigned char *)&rnd, sizeof rnd);
addr_list->rr=rnd%num;
addr_list->start=rnd%num;
}
return num;
}

3
src/ssl.c
View File

@ -53,8 +53,9 @@ int index_session_authenticated, index_session_connect_address;
int ssl_init(void) { /* init TLS before parsing configuration file */
#if OPENSSL_VERSION_NUMBER>=0x10100000L
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
#else
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
#endif

262
src/stunnel.c
View File

@ -64,7 +64,9 @@ struct sockaddr_un {
};
#endif
NOEXPORT int accept_connection(SERVICE_OPTIONS *);
NOEXPORT int accept_connection(SERVICE_OPTIONS *, unsigned);
NOEXPORT void unbind_port(SERVICE_OPTIONS *, unsigned);
NOEXPORT SOCKET bind_port(SERVICE_OPTIONS *, int, unsigned);
#ifdef HAVE_CHROOT
NOEXPORT int change_root(void);
#endif
@ -295,10 +297,13 @@ void daemon_loop(void) {
if(s_poll_canread(fds, signal_pipe[0]))
if(signal_pipe_dispatch()) /* SIGNAL_TERMINATE or error */
break; /* terminate daemon_loop */
for(opt=service_options.next; opt; opt=opt->next)
if(opt->option.accept && s_poll_canread(fds, opt->fd))
if(accept_connection(opt))
temporary_lack_of_resources=1;
for(opt=service_options.next; opt; opt=opt->next) {
unsigned i;
for(i=0; i<opt->local_addr.num; ++i)
if(s_poll_canread(fds, opt->local_addr.fd[i]))
if(accept_connection(opt, i))
temporary_lack_of_resources=1;
}
} else {
log_error(LOG_NOTICE, get_last_socket_error(),
"daemon_loop: s_poll_wait");
@ -313,15 +318,15 @@ void daemon_loop(void) {
}
/* return 1 when a short delay is needed before another try */
NOEXPORT int accept_connection(SERVICE_OPTIONS *opt) {
NOEXPORT int accept_connection(SERVICE_OPTIONS *opt, unsigned i) {
SOCKADDR_UNION addr;
char *from_address;
SOCKET s;
SOCKET s, fd=opt->local_addr.fd[i];
socklen_t addrlen;
addrlen=sizeof addr;
for(;;) {
s=s_accept(opt->fd, &addr.sa, &addrlen, 1, "local socket");
s=s_accept(fd, &addr.sa, &addrlen, 1, "local socket");
if(s!=INVALID_SOCKET) /* success! */
break;
switch(get_last_socket_error()) {
@ -356,8 +361,7 @@ NOEXPORT int accept_connection(SERVICE_OPTIONS *opt) {
return 0;
}
#endif
if(create_client(opt->fd, s,
alloc_client_session(opt, s, s), client_thread)) {
if(create_client(fd, s, alloc_client_session(opt, s, s), client_thread)) {
s_log(LOG_ERR, "Connection rejected: create_client failed");
closesocket(s);
return 0;
@ -370,37 +374,17 @@ NOEXPORT int accept_connection(SERVICE_OPTIONS *opt) {
/* clear fds, close old ports */
void unbind_ports(void) {
SERVICE_OPTIONS *opt;
#ifdef HAVE_STRUCT_SOCKADDR_UN
struct stat sb; /* buffer for lstat() */
#endif
s_poll_init(fds);
s_poll_add(fds, signal_pipe[0], 1, 0);
for(opt=service_options.next; opt; opt=opt->next) {
s_log(LOG_DEBUG, "Closing service [%s]", opt->servname);
if(opt->option.accept && opt->fd!=INVALID_SOCKET) {
if(opt->fd<(SOCKET)listen_fds_start ||
opt->fd>=(SOCKET)(listen_fds_start+systemd_fds))
closesocket(opt->fd);
s_log(LOG_DEBUG, "Service [%s] closed (FD=%ld)",
opt->servname, (long)opt->fd);
opt->fd=INVALID_SOCKET;
#ifdef HAVE_STRUCT_SOCKADDR_UN
if(opt->local_addr.sa.sa_family==AF_UNIX) {
if(lstat(opt->local_addr.un.sun_path, &sb))
sockerror(opt->local_addr.un.sun_path);
else if(!S_ISSOCK(sb.st_mode))
s_log(LOG_ERR, "Not a socket: %s",
opt->local_addr.un.sun_path);
else if(unlink(opt->local_addr.un.sun_path))
sockerror(opt->local_addr.un.sun_path);
else
s_log(LOG_DEBUG, "Socket removed: %s",
opt->local_addr.un.sun_path);
}
#endif
} else if(opt->exec_name && opt->connect_addr.names) {
unsigned i;
s_log(LOG_DEBUG, "Unbinding service [%s]", opt->servname);
for(i=0; i<opt->local_addr.num; ++i)
unbind_port(opt, i);
/* exec+connect service */
if(opt->exec_name && opt->connect_addr.names) {
/* create exec+connect services */
/* FIXME: this is just a crude workaround */
/* is it better to kill the service? */
@ -416,15 +400,44 @@ void unbind_ports(void) {
}
}
/* open new ports, update fds */
int bind_ports(void) {
SERVICE_OPTIONS *opt;
char *local_address;
int listening_section;
NOEXPORT void unbind_port(SERVICE_OPTIONS *opt, unsigned i) {
SOCKET fd=opt->local_addr.fd[i];
SOCKADDR_UNION *addr=opt->local_addr.addr+i;
#ifdef HAVE_STRUCT_SOCKADDR_UN
struct stat sb; /* buffer for lstat() */
#endif
if(fd==INVALID_SOCKET)
return;
opt->local_addr.fd[i]=INVALID_SOCKET;
if(fd<(SOCKET)listen_fds_start ||
fd>=(SOCKET)(listen_fds_start+systemd_fds))
closesocket(fd);
s_log(LOG_DEBUG, "Service [%s] closed (FD=%ld)",
opt->servname, (long)fd);
#ifdef HAVE_STRUCT_SOCKADDR_UN
if(addr->sa.sa_family==AF_UNIX) {
if(lstat(addr->un.sun_path, &sb))
sockerror(addr->un.sun_path);
else if(!S_ISSOCK(sb.st_mode))
s_log(LOG_ERR, "Not a socket: %s",
addr->un.sun_path);
else if(unlink(addr->un.sun_path))
sockerror(addr->un.sun_path);
else
s_log(LOG_DEBUG, "Socket removed: %s",
addr->un.sun_path);
}
#endif
}
/* open new ports, update fds */
int bind_ports(void) {
SERVICE_OPTIONS *opt;
int listening_section;
#ifdef USE_LIBWRAP
/* execute after options_cmdline() to know service_options.next,
* but as early as possible to avoid leaking file descriptors */
@ -438,82 +451,28 @@ int bind_ports(void) {
/* allow clean unbind_ports() even though
bind_ports() was not fully performed */
for(opt=service_options.next; opt; opt=opt->next)
if(opt->option.accept)
opt->fd=INVALID_SOCKET;
for(opt=service_options.next; opt; opt=opt->next) {
unsigned i;
for(i=0; i<opt->local_addr.num; ++i)
opt->local_addr.fd[i]=INVALID_SOCKET;
}
listening_section=0;
for(opt=service_options.next; opt; opt=opt->next) {
if(opt->option.accept) {
if(listening_section<systemd_fds) {
opt->fd=(SOCKET)(listen_fds_start+listening_section);
s_log(LOG_DEBUG,
"Listening file descriptor received from systemd (FD=%ld)",
(long)opt->fd);
} else {
opt->fd=s_socket(opt->local_addr.sa.sa_family,
SOCK_STREAM, 0, 1, "accept socket");
if(opt->fd==INVALID_SOCKET)
return 1;
s_log(LOG_DEBUG, "Listening file descriptor created (FD=%ld)",
(long)opt->fd);
}
if(set_socket_options(opt->fd, 0)<0) {
closesocket(opt->fd);
opt->fd=INVALID_SOCKET;
unsigned i;
s_log(LOG_DEBUG, "Binding service [%s]", opt->servname);
for(i=0; i<opt->local_addr.num; ++i) {
SOCKET fd;
fd=bind_port(opt, listening_section, i);
if(fd==INVALID_SOCKET)
return 1;
}
/* local socket can't be unnamed */
local_address=s_ntop(&opt->local_addr, addr_len(&opt->local_addr));
/* we don't bind or listen on a socket inherited from systemd */
if(listening_section>=systemd_fds) {
if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) {
sockerror("bind");
s_log(LOG_ERR, "Error binding service [%s] to %s",
opt->servname, local_address);
closesocket(opt->fd);
opt->fd=INVALID_SOCKET;
str_free(local_address);
return 1;
}
if(listen(opt->fd, SOMAXCONN)) {
sockerror("listen");
closesocket(opt->fd);
opt->fd=INVALID_SOCKET;
str_free(local_address);
return 1;
}
}
#ifdef HAVE_STRUCT_SOCKADDR_UN
/* chown the UNIX socket, errors are ignored */
if(opt->local_addr.sa.sa_family==AF_UNIX &&
(opt->uid || opt->gid)) {
/* fchown() does *not* work on UNIX sockets */
if(!lchown(opt->local_addr.un.sun_path, opt->uid, opt->gid))
s_log(LOG_DEBUG,
"Socket chown succeeded: %s, UID=%u, GID=%u",
opt->local_addr.un.sun_path,
(unsigned)opt->uid, (unsigned)opt->gid);
else if(lstat(opt->local_addr.un.sun_path, &sb))
sockerror(opt->local_addr.un.sun_path);
else if(sb.st_uid==opt->uid && sb.st_gid==opt->gid)
s_log(LOG_DEBUG,
"Socket chown unneeded: %s, UID=%u, GID=%u",
opt->local_addr.un.sun_path,
(unsigned)opt->uid, (unsigned)opt->gid);
else
s_log(LOG_ERR, "Socket chown failed: %s, UID=%u, GID=%u",
opt->local_addr.un.sun_path,
(unsigned)opt->uid, (unsigned)opt->gid);
}
#endif
s_poll_add(fds, opt->fd, 1, 0);
s_log(LOG_DEBUG, "Service [%s] (FD=%ld) bound to %s",
opt->servname, (long)opt->fd, local_address);
str_free(local_address);
s_poll_add(fds, fd, 1, 0);
opt->local_addr.fd[i]=fd;
}
if(opt->local_addr.num)
++listening_section;
} else if(opt->exec_name && opt->connect_addr.names) {
/* create exec+connect services */
/* create exec+connect services */
if(opt->exec_name && opt->connect_addr.names) {
/* FIXME: needs to be delayed on reload with opt->option.retry set */
create_client(INVALID_SOCKET, INVALID_SOCKET,
alloc_client_session(opt, INVALID_SOCKET, INVALID_SOCKET),
@ -529,6 +488,82 @@ int bind_ports(void) {
return 0; /* OK */
}
NOEXPORT SOCKET bind_port(SERVICE_OPTIONS *opt, int listening_section, unsigned i) {
SOCKET fd;
SOCKADDR_UNION *addr=opt->local_addr.addr+i;
char *local_address;
#ifdef HAVE_STRUCT_SOCKADDR_UN
struct stat sb; /* buffer for lstat() */
#endif
if(listening_section<systemd_fds) {
fd=(SOCKET)(listen_fds_start+listening_section);
s_log(LOG_DEBUG,
"Listening file descriptor received from systemd (FD=%ld)",
(long)fd);
} else {
fd=s_socket(addr->sa.sa_family, SOCK_STREAM, 0, 1, "accept socket");
if(fd==INVALID_SOCKET)
return INVALID_SOCKET;
s_log(LOG_DEBUG, "Listening file descriptor created (FD=%ld)",
(long)fd);
}
if(set_socket_options(fd, 0)<0) {
closesocket(fd);
return INVALID_SOCKET;
}
/* local socket can't be unnamed */
local_address=s_ntop(addr, addr_len(addr));
/* we don't bind or listen on a socket inherited from systemd */
if(listening_section>=systemd_fds) {
if(bind(fd, &addr->sa, addr_len(addr))) {
sockerror("bind");
s_log(LOG_ERR, "Error binding service [%s] to %s",
opt->servname, local_address);
str_free(local_address);
closesocket(fd);
return INVALID_SOCKET;
}
if(listen(fd, SOMAXCONN)) {
sockerror("listen");
str_free(local_address);
closesocket(fd);
return INVALID_SOCKET;
}
}
#ifdef HAVE_STRUCT_SOCKADDR_UN
/* chown the UNIX socket, errors are ignored */
if(addr->sa.sa_family==AF_UNIX &&
(opt->uid || opt->gid)) {
/* fchown() does *not* work on UNIX sockets */
if(!lchown(addr->un.sun_path, opt->uid, opt->gid))
s_log(LOG_DEBUG,
"Socket chown succeeded: %s, UID=%u, GID=%u",
addr->un.sun_path,
(unsigned)opt->uid, (unsigned)opt->gid);
else if(lstat(addr->un.sun_path, &sb))
sockerror(addr->un.sun_path);
else if(sb.st_uid==opt->uid && sb.st_gid==opt->gid)
s_log(LOG_DEBUG,
"Socket chown unneeded: %s, UID=%u, GID=%u",
addr->un.sun_path,
(unsigned)opt->uid, (unsigned)opt->gid);
else
s_log(LOG_ERR, "Socket chown failed: %s, UID=%u, GID=%u",
addr->un.sun_path,
(unsigned)opt->uid, (unsigned)opt->gid);
}
#endif
s_log(LOG_DEBUG, "Service [%s] (FD=%ld) bound to %s",
opt->servname, (long)fd, local_address);
str_free(local_address);
return fd;
}
#ifdef HAVE_CHROOT
NOEXPORT int change_root(void) {
if(!global_options.chroot_dir)
@ -801,7 +836,8 @@ void stunnel_info(int level) {
if(strcmp(OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION))) {
s_log(level, "Compiled with " OPENSSL_VERSION_TEXT);
s_log(level, "Running with %s", OpenSSL_version(OPENSSL_VERSION));
s_log(level, "Update OpenSSL shared libraries or rebuild stunnel");
if((OpenSSL_version_num()^OPENSSL_VERSION_NUMBER)&~0xfffu)
s_log(level, "Update OpenSSL shared libraries or rebuild stunnel");
} else {
s_log(level, "Compiled/running with " OPENSSL_VERSION_TEXT);
}

8
src/ui_unix.c
View File

@ -38,6 +38,8 @@
#include "common.h"
#include "prototypes.h"
NOEXPORT unsigned long dpid;
NOEXPORT int main_unix(int, char*[]);
#if !defined(__vms) && !defined(USE_OS2)
NOEXPORT int daemonize(int);
@ -184,7 +186,7 @@ NOEXPORT int create_pid(void) {
s_log(LOG_ERR, "Pid file (%s) must be full path name", global_options.pidfile);
return 1;
}
global_options.dpid=(unsigned long)getpid();
dpid=(unsigned long)getpid();
/* silently remove old pid file */
unlink(global_options.pidfile);
@ -194,7 +196,7 @@ NOEXPORT int create_pid(void) {
ioerror("create");
return 1;
}
pid=str_printf("%lu\n", global_options.dpid);
pid=str_printf("%lu\n", dpid);
if(write(pf, pid, strlen(pid))<(int)strlen(pid)) {
s_log(LOG_ERR, "Cannot write pid file %s", global_options.pidfile);
ioerror("write");
@ -208,7 +210,7 @@ NOEXPORT int create_pid(void) {
}
NOEXPORT void delete_pid(void) {
if((unsigned long)getpid()!=global_options.dpid)
if((unsigned long)getpid()!=dpid)
return; /* current process is not main daemon process */
s_log(LOG_DEBUG, "removing pid file %s", global_options.pidfile);
if(unlink(global_options.pidfile)<0)

7
src/vc.mak
View File

@ -10,8 +10,10 @@
!IF [ml64.exe /help >NUL 2>&1]
TARGET=win32
SSLLIBS=libeay32.lib ssleay32.lib
!ELSE
TARGET=win64
SSLLIBS=libcrypto.lib libssl.lib
!ENDIF
!MESSAGE Detected target: $(TARGET)
!MESSAGE
@ -53,7 +55,6 @@ LDFLAGS=/NOLOGO /DEBUG
SHAREDLIBS=ws2_32.lib user32.lib shell32.lib kernel32.lib
GUILIBS=advapi32.lib comdlg32.lib crypt32.lib gdi32.lib psapi.lib
CLILIBS=
SSLLIBS=/LIBPATH:"$(LIBDIR)" libeay32.lib ssleay32.lib
# static linking:
# /LIBPATH:"$(LIBDIR)\VC\static" libeay32MD.lib ssleay32MD.lib
@ -90,12 +91,12 @@ $(GUIOBJS): *.h vc.mak
$(CLIOBJS): *.h vc.mak
$(BIN)\stunnel.exe: $(SHAREDOBJS) $(GUIOBJS)
$(LINK) $(LDFLAGS) $(SHAREDLIBS) $(GUILIBS) $(SSLLIBS) /OUT:$@ $**
$(LINK) $(LDFLAGS) $(SHAREDLIBS) $(GUILIBS) /LIBPATH:"$(LIBDIR)" $(SSLLIBS) /OUT:$@ $**
IF EXIST $@.manifest \
mt -nologo -manifest $@.manifest -outputresource:$@;1
$(BIN)\tstunnel.exe: $(SHAREDOBJS) $(CLIOBJS)
$(LINK) $(LDFLAGS) $(SHAREDLIBS) $(CLILIBS) $(SSLLIBS) /OUT:$@ $**
$(LINK) $(LDFLAGS) $(SHAREDLIBS) $(CLILIBS) /LIBPATH:"$(LIBDIR)" $(SSLLIBS) /OUT:$@ $**
IF EXIST $@.manifest \
mt -nologo -manifest $@.manifest -outputresource:$@;1

2
src/version.h
View File

@ -65,7 +65,7 @@
/* START CUSTOMIZE */
#define VERSION_MAJOR 5
#define VERSION_MINOR 42
#define VERSION_MINOR 44
/* END CUSTOMIZE */
/* all the following macros are ABSOLUTELY NECESSARY to have proper string

10
tests/Makefile.am Normal file
View File

@ -0,0 +1,10 @@
## Process this file with automake to produce Makefile.in
# by Michal Trojnara 2017
EXTRA_DIST = make_test test_library recipes certs execute
check-local:
$(srcdir)/make_test
distclean-local:
rm -f logs/*.log

454
tests/Makefile.in Normal file
View File

@ -0,0 +1,454 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# by Michal Trojnara 2017
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = tests
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/src/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFAULT_GROUP = @DEFAULT_GROUP@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PTHREAD_CC = @PTHREAD_CC@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LIBS = @PTHREAD_LIBS@
RANDOM_FILE = @RANDOM_FILE@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSLDIR = @SSLDIR@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
ax_pthread_config = @ax_pthread_config@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = make_test test_library recipes certs execute
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu tests/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
all-am: Makefile
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-local
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: check-am install-am install-strip
.PHONY: all all-am check check-am check-local clean clean-generic \
clean-libtool cscopelist-am ctags-am distclean \
distclean-generic distclean-libtool distclean-local distdir \
dvi dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am
.PRECIOUS: Makefile
check-local:
$(srcdir)/make_test
distclean-local:
rm -f logs/*.log
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

20
tests/certs/CACert.pem Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQ
MA4GA1UECgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0Ff
Y2VydDEiMCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbTAeFw0xNzA0
MjYxODQxMDBaFw0xODA0MTMxNTQ1MDBaMGcxCzAJBgNVBAYTAnBsMRAwDgYDVQQK
DAdDQV9jZXJ0MRAwDgYDVQQLDAdDQV9jZXJ0MRAwDgYDVQQDDAdDQV9jZXJ0MSIw
IAYJKoZIhvcNAQkBFhNDQV9jZXJ0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAr8xh9XMrSTxiwLDWGw9eMtFJSAGyNTaoBKPgfuQd
+cv+EQrDLrE+h0ywctdzBLooxyu0ZxMOXQV/Z726f8WJsEjWIUvoOnCs3OT1Q8PJ
V39z8Tuw5aWQRJ9uwyr1q+YV897NRCNeT8LrRFls9XZGsHz8Wd8glwwPQ67fR/bS
eP3GvhHPJqGNh3QvybUbK52klUQMVN4MEtSNFFcxp6hwEWhuID12ychFUNVOL/Fu
eCUjBUVufREqs+iIbmgpLKLCPc9BULXhUY+O9DYP9ahjXikdtP5xQ9AqviossWLG
ubxNlYBOYOzpeZIZMZyyAHQ7oYBXtCJFyNMap0/2ABI1twIDAQABoxAwDjAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCXA7LBokSKKpwdPMthpvm8f08h
/GnY8zF7S+UrNEIZAxpAr/p+GJOZqHjLMhUjdW5Jbazuyl7W0mlatUoTzXx35PJt
oC1jL2K1viTuEtciPt3SVgeBysTPTCw2ZDJSsXZ2X8dFhrk0Gsc3DDjOiyCLcKEz
oOE97ZomwATnNcVBq735zBCNEj967rOjmDUJsuVfqiIWfhjfYaw9MEj3d0FcJb1v
3FPQ89fMM/Z3NpkL5I8+g+TKOlhvc1WDbqcBsiG/CVQo4+ClT73XZqL4woFvDaq6
b32pz28GqKKxWzv5e4m/9cTt8F7PZIc5hJBsyeBdtFSup2zntCop/qtiT5HQ
-----END CERTIFICATE-----

13
tests/certs/CACertCRL.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN X509 CRL-----
MIIB/jCB5wIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQMA4GA1UE
CgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0FfY2VydDEi
MCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbRcNMTcwNTI5MTQxMTAw
WhcNMjcwNjI4MTQxMTAwWjA8MDoCAQMXDTE3MDQyNjE5MDAxM1owJjAYBgNVHRgE
ERgPMjAxNzA0MjYxOTAwMDBaMAoGA1UdFQQDCgEGoA4wDDAKBgNVHRQEAwIBAjAN
BgkqhkiG9w0BAQUFAAOCAQEAKzIVMH126DHmfgLmm7jPBi4L6xs0N75zIiay8f2S
2/XjD7xU3r8vA0Qd06wEUhSe63tqEb+qForNEZwNJpKxM2OW0Z8fTM40793/8WY4
m6b5IE2SH8mrCUP4ASmB3Jo/uyFPJ+zXhI7Oj59noN+nu/T6DUloJcVMHh0rYeUR
QpXwdsllJgVVDnqvD4jOVPSVr2NHuMBPk1cw07HZe+V2/xbI/jFNRIKf+KVWE2h8
4hpiWRONQF9c0eLRskLCqcfyDulpk62hZJV61c4ckGeUyq7aG2N+Ypmm/stnRWGG
NkSLu99WGPRPjVGderIjBD9I6SNe0LbvUn6t2+DfFoBn4w==
-----END X509 CRL-----

41
tests/certs/PeerCerts.pem Normal file
View File

@ -0,0 +1,41 @@
-----BEGIN CERTIFICATE-----
MIIDZjCCAk6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQ
MA4GA1UECgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0Ff
Y2VydDEiMCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbTAeFw0xNzA0
MjYxODQ1MDBaFw0xODA0MTMxNTQ1MDBaMIGFMQswCQYDVQQGEwJwbDEPMA0GA1UE
CBMGY2xpZW50MQ8wDQYDVQQHEwZjbGllbnQxDzANBgNVBAoTBmNsaWVudDEPMA0G
A1UECxMGY2xpZW50MQ8wDQYDVQQDEwZjbGllbnQxITAfBgkqhkiG9w0BCQEWEmNs
aWVudEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANmjtYUKRiuc9zrC3skW6m9AdHI7fnDt7E0OPilNOQTVoxl7KNysDfQcezcdE7u9
1G9gnnlCpm3glmM7r28f3VHh9TXDjyJNO2h6se/Wmk7joZ6IBio5qtlHHQLZoS6P
DkgZvTEqvlGBCAt0uHTGiAxxSFRCHI1FWIC2Cr9pOyUh/aFVVa5tD8SpKZwWV8eT
hN46auWcvtcjELPhSc1X/fBa3swEEIqpSggwqVapJ2xoiZNF9pQ1nCJfJ6ppkr0n
r69lOhoJ7tXeOzeoBF+QZxAbEQAW29bHa39fHGxT/g6tvOcpdcBQ5qtnOyswqHEA
BE1CyWfUG5RuqpK7zK5ZqvkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAZO2G+h4X
UUMB0uVIiz/+iX9b/EifbLwLs87zEAzfYlWCr0pq2DGMxhEUq+vSxr3j3YV1I6Rz
y2Ao2CyWI/2NoS0Jvf2MpyX+lmGV1diFJWOl4BFf5MzTU1Smc0ryulVV2uOadbkt
ekwHYaoohAg9aQe1DXFJV7ZSwoM3KfaJmaGV+BlOSqD6TGs75jmUwG11GyTEebg9
DxXm39mEczVnxLIZNIv4zv0DYIof4sAzMhnGqSesqoUjJeSUUVysp7Mwmk4E48WA
wCiubahEe0boWHlrT2is5tF88Fwkjjcwqw2jQX1+LeWiB/RA3kNxU4WTx0BFLvyH
lfwzVP+lAnWMng==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQ
MA4GA1UECgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0Ff
Y2VydDEiMCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbTAeFw0xNzA0
MjYxODQzMDBaFw0xODA0MTMxNTQ1MDBaMHQxCzAJBgNVBAYTAnBsMQ8wDQYDVQQI
EwZzZXJ2ZXIxDzANBgNVBAoTBnNlcnZlcjEPMA0GA1UECxMGc2VydmVyMQ8wDQYD
VQQDEwZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEnNlcnZlckBleGFtcGxlLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3S0m42/yBrStPI8A8eV0ig
fehupIp0sDft/zBAf0r7bg7A1rAuJLkupIfm6Dnc0/vK43/pO8rCTQu7Xf9hMXyQ
TL3Hr7CamjAITJQ3CSwTBXrWfvwzzr+h2SG2U6DKBh9eBhb7f3ndVcwLIc4WCjJy
45gv5caKF9RSYUYVSun1tRzRI7xEiSMmQPbLJN1WGsP9nICFd4P2jj/cKJpPzU1O
wEf4V6wm0sdZ2ECJ8hG5PqfKlxCy1UtSpzMaFR+wqKk1Rujx9hR9CycaROe+0Csk
97DnygirND6V651tzuTheIrcL5tWAIShVgwxdisi1ui8mxSVUv6Q6DHAPLcx7+0C
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEAiPQrjJbTZ6NB+FO0lJtt5vEBLdepkl6x
mtopQRxHPZIuUqV8viP9EW2PlrrPkpdbYZtkD0AuCXiqGD9u31kIHKG05GiQYj8q
XPy55QuOntWfwJc4GEZ9uebYckHGSNLsyubdkneLeXlEZz2RbtCoZS5337nlaUCm
93Hp/bRCFZ7if9tiscxwTft92z2+Tc5bI4JGAJfex/VgyggpNRLSDDRibNvFrooO
1kSnDxySyCtysodXfonWpJFA9EAcUHXY6vlGvzLVJRfrqsS7vC/fuKOz684XDYIL
g/eJED4XR47T8gA85vM8LWl80lXvfFIYsirOnYmeQDSfTRDG9eZG6Q==
-----END CERTIFICATE-----

23
tests/certs/cafile.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgIJAJoOR3t6TXSbMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2Fsb2Zvcm5pYTESMBAGA1UEBwwJU2FjcmFtZXRv
MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxHDAaBgNVBAsME1RlY2hub2xvZ3kg
RGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNjA5MjkwODI5
MjNaFw0xNzA5MjkwODI5MjNaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs
b2Zvcm5pYTESMBAGA1UEBwwJU2FjcmFtZXRvMRgwFgYDVQQKDA9FeGFtcGxlIENv
bXBhbnkxHDAaBgNVBAsME1RlY2hub2xvZ3kgRGl2aXNpb24xGDAWBgNVBAMMD3d3
dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKi0
nOJAoZIimJkLQ3A6osD2ZgX635Esqwb819plRyDOc9Lyt2CKiVrLyHNXrZQE7FRC
6Uq5evb1EQYie0eTxzp8n0lOw/R4goapksLk+yLiVJXt76/ivLjATTC2B5uxUyiO
euZDFiVO9jjfTGeG0ASdkrL69Ngw6EdkzjvvFc1XCDMLy5UZ59d9x6PNncIUJk7l
FcxCGSh5qlggj3lHTc/9nHpz5gZpLbq4DFdsGMOfNSkjyes2dFbnHKAQrq6s49ns
7X3iYCmJF2mfVDCtca3+NYgvujdBGGO2FaX1P9VTtBUTomO9NGcphJGGayRwtpf6
14F4aY1KRjoq9Ln4fHkCAwEAAaNQME4wHQYDVR0OBBYEFA0sd/zjLicJm3nWXEqU
IPMpNB2VMB8GA1UdIwQYMBaAFA0sd/zjLicJm3nWXEqUIPMpNB2VMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAH+NDRfE44vMKv8Wfx8PZ08QlSTsyUt5
vvEnxum6j3Hj+LDiAEXzlZ5oxX/zNEVHPAkwcvhs7dgRFNJ8+SlebGzk+u//53rW
iOqMD1YKiFxmzVa+KlQIHBE/yO24/XG/pe7PVtZV8pF2w8Wi1ppTrZt1pzCRPiCM
ga7ijgizp+972wt33YRWnX486XuolYc3gMLIha9vADodRH+tYtkEY6TnCga+tz4u
LGY5eMbTTUIOEK4rGxr78FruEYOBZPKq0CtSwlGT2MMVngYg+ah51rIU6V0DXA+W
B9YmCA2mrCMtCVaUbiQ3Zc+dHTtmameVNtv7RQGnCDY7zWPyXjmZ1oU=
-----END CERTIFICATE-----

48
tests/certs/client_cert.pem Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA2aO1hQpGK5z3OsLeyRbqb0B0cjt+cO3sTQ4+KU05BNWjGXso
3KwN9Bx7Nx0Tu73Ub2CeeUKmbeCWYzuvbx/dUeH1NcOPIk07aHqx79aaTuOhnogG
Kjmq2UcdAtmhLo8OSBm9MSq+UYEIC3S4dMaIDHFIVEIcjUVYgLYKv2k7JSH9oVVV
rm0PxKkpnBZXx5OE3jpq5Zy+1yMQs+FJzVf98FrezAQQiqlKCDCpVqknbGiJk0X2
lDWcIl8nqmmSvSevr2U6Ggnu1d47N6gEX5BnEBsRABbb1sdrf18cbFP+Dq285yl1
wFDmq2c7KzCocQAETULJZ9QblG6qkrvMrlmq+QIDAQABAoIBACtVfloMDqa2bT+E
94kAiBM4uTbZg7aGmQtKr7PXjWfaBcyYCi3OEEUvupThtEEobfjzOvqX+71a/3ao
tqigppecLw/SbVh+GjsWWwGPMFBO4KpJGTklHFCA6VTc8kvr7gMLJPF6OkTONUTa
q7OMqCAaGjW0qCy0xwdxt7gfAsjEmtLNH7rLocQFk56y0Nz68jWLIMjnRxAq3NaQ
ZgGE0NRwxUPhgbYl0s3MmhDPulth8+FLryZ8pmIZkKphtIvSXSPQBivdLAUkkhFx
elUu9xHHXbqHhnCGjPjwK4CUGGp2m6mlCev/OlcHkzKWcBOJZKaAoWAQMGqCg0bu
OS0T79UCgYEA7279C7IW7EgI9co4exxZl41gMuZxEcQzXAaHwx2m//9sPm6CczZt
5OIAsenFU7b8hWCO5hJro7hhbp2YBTqtfQNM6KaY33W8iH6k7JcO+HfpLGHcNz1P
S4+31Kj4k5dnz1us90uv8A77Jji1OSTJTBCgyrgmfGhPzqQnbNWNV+8CgYEA6LKw
cYmzBUL//H2Y5HYafqOYlsC5YVGZTm//mp7DpGXdi2twmATskcnQ8BR5WtZ5Ca+2
VHEoEAUTRLbX+CoUKeE34mnIXTIEU0dzRmw3CMK4DZVRPnIYaqckJH6GLxwCEMZE
zlI8Hks+OrCSVgKYsKqMiOdTDdNoX4/9WaQ9A5cCgYEA6r8IfXUHoHUnw8OWCK3M
8Rd9H6prZR3VtP36EUR7PTYx7Cvw3gCZUfR69fPasa8Qebwnnk6lFglqDUeZilbz
TUP1HYxpCX2ncLOqAwQ/e0AlbowrmkUT/2NSur9Hp3ykHNsnA/ZC8rvdZKXol7QH
X/pViyttIEAtLs4mkT/2qiUCgYBJfbXQBecuMDzcp2YUMWCowk48vl1N6RF7/k9B
rAap8yoHEEWdHWEBojWEvVKeZ8IOVxpEjQBUHuY4+242CEQZ/fFCZppLJLLNAnHb
ue2frK+oSpJAIJSpimQVyofidPwKBDRS3RHzl1vt+ToeQ++pTBPaYQSQB0add8JR
/1btvQKBgG2uNFimmJ29DKSt8nRXm7wUkdQNORTZa0wygZbDaQgHxyiHOY9TgfhF
PQHI/7abb/9PrMhchTWjV7w/e0E6q9Sc4kG1tz5MV9pWreXY7Uolg532zUsYqZVW
0tQbWQR2fk+3ZoN9qHYZqYE/coqNdbtpLUIVWh3Yrh3V6L9Xw0us
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDZjCCAk6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQ
MA4GA1UECgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0Ff
Y2VydDEiMCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbTAeFw0xNzA0
MjYxODQ1MDBaFw0xODA0MTMxNTQ1MDBaMIGFMQswCQYDVQQGEwJwbDEPMA0GA1UE
CBMGY2xpZW50MQ8wDQYDVQQHEwZjbGllbnQxDzANBgNVBAoTBmNsaWVudDEPMA0G
A1UECxMGY2xpZW50MQ8wDQYDVQQDEwZjbGllbnQxITAfBgkqhkiG9w0BCQEWEmNs
aWVudEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANmjtYUKRiuc9zrC3skW6m9AdHI7fnDt7E0OPilNOQTVoxl7KNysDfQcezcdE7u9
1G9gnnlCpm3glmM7r28f3VHh9TXDjyJNO2h6se/Wmk7joZ6IBio5qtlHHQLZoS6P
DkgZvTEqvlGBCAt0uHTGiAxxSFRCHI1FWIC2Cr9pOyUh/aFVVa5tD8SpKZwWV8eT
hN46auWcvtcjELPhSc1X/fBa3swEEIqpSggwqVapJ2xoiZNF9pQ1nCJfJ6ppkr0n
r69lOhoJ7tXeOzeoBF+QZxAbEQAW29bHa39fHGxT/g6tvOcpdcBQ5qtnOyswqHEA
BE1CyWfUG5RuqpK7zK5ZqvkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAZO2G+h4X
UUMB0uVIiz/+iX9b/EifbLwLs87zEAzfYlWCr0pq2DGMxhEUq+vSxr3j3YV1I6Rz
y2Ao2CyWI/2NoS0Jvf2MpyX+lmGV1diFJWOl4BFf5MzTU1Smc0ryulVV2uOadbkt
ekwHYaoohAg9aQe1DXFJV7ZSwoM3KfaJmaGV+BlOSqD6TGs75jmUwG11GyTEebg9
DxXm39mEczVnxLIZNIv4zv0DYIof4sAzMhnGqSesqoUjJeSUUVysp7Mwmk4E48WA
wCiubahEe0boWHlrT2is5tF88Fwkjjcwqw2jQX1+LeWiB/RA3kNxU4WTx0BFLvyH
lfwzVP+lAnWMng==
-----END CERTIFICATE-----

1
tests/certs/psk1.txt Normal file
View File

@ -0,0 +1 @@
test1:oaP4EishaeSaishei6rio6xeeph3az

1
tests/certs/psk2.txt Normal file
View File

@ -0,0 +1 @@
test2:sah5uishaeSaishei6rio6r8iap3az

48
tests/certs/revoked_cert.pem Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA7VkojMNX9wmcnIJsRHist/phM9XN5Y5E3yfPzuOYj2ZaA7yE
yMtl8qMngQJBjYEgkBGr3GD02Xz+j/CDAYD7XbicuyxnR0UH1eADsIQok9ATCAyp
LJMN7yHix60B62GvdiWUFQC18K8ldhR3497uDf7FVUxcKEnG+pz+jRV+njDUYqGl
CpoNAfON+9Kf87qdV+Mkxb+Rt+VvNKqzSjrktqtF9kjAs1sibOCuaQq55HdPNJDu
RATtknx1jwwRnjVANirdYAlgD5J0psLM568B/eBgVlv6wnV+SJClNupNshX3FQox
vuVENqGEA2d6fXHoyWBD/Dyz6sTwbHst14p9twIDAQABAoIBABL4S0tk2YT/GatQ
qUKXuoZB1r8D2Z79TffgALXybuEXNx6RVLOPvig0bhXbjk23AllBcFD+1tMDMH1k
pbPbETweYzh6hg6mL8giTWkwRuX5fWvpRyQu5LA2Lx/ybfLYLePtgPZkxiXkecQE
QsjNqo0nzbHRlpQJwYOKRLYV/7a43PP6PVszOOz/gxHl4A5o2a6sDY8YDRbJz9BX
w+PhuhtJMYaTIPnHYD+4zbi3szftkFH/AXyJmKWpusyBUuyAEh07fETAOA7FD7QQ
TEg7vmLr50uNBt7+luVbfFTC156ehriU+/0DkEgnPORNLPfbv65iRoxAd+T6JxVj
fbU76OECgYEA/ttZoE+5MyPO+drefjB5OC4sJI/rgf9v8xZdD9MoJNVl/ewst7Pk
0gkW+t9mD9ZKyi5ecylU2U4vb/MGkrSzkimxEXMxGMMudmhjFcRvoDMBBj7klfsd
EoQ0YVs5yyJkehGX3+8hSAyIbkrMLQtJrduPVy8qGV7qeupZfKIjCpkCgYEA7mm0
D82FD2wl8ZqaTe44TNjkDQ6Nk6NmNPNprjwNeMSqNvHvF+irfLagSKAnQfkFs6vQ
XjGB+3mnBkg+/8BndB5iEYJ41nMkPSNMPy0FYznmLwMFf11p7E6ncqrCLwOEQ3vi
s3YONadV7ifv/MEBDlmJIgwq74QIAZo/QYu7zM8CgYBKPXWfWHn3pr+9Uv+rPM2j
Cvg68l3FcbaX1nTnjjhMeomKbYkdPl8yvAkgrYEare79dIJ5A5o+7yKsdtv8Un1Y
36JAFhFASGM5hPEQPzfRL+plel62Pf9bDH4BukRcozknwgY+6ncEePopPsq5eGdP
KP1ZhVi7KUYe5jOJNeYFSQKBgGgJ2pi2z+T+BcTb+ZAeb5UhZMtJ2YBe4sAipLBy
5lIYSEs34mVllEgVDfcDZH5GpDVWudQQ+K771GZKaquCk+K5S4RmkkLK9jpzx9cd
12cIoilLwT9mTU3guPOyDpEjkLk+O5yi3OqO/lGyPejndIWFjvE7rBTfYfsJC6eX
yblDAoGAWMZ3050vZXVOlaMJDVEBXT+TVm6lAS+GbAoW1A31Fv6fs+PSGgaRUz/l
tc1Da39UEBBbX/pudD5XVShnXhR1KeBG9nPRaP70NSXOQjHh0W1OzL9viSMvUx3f
EsK3y9WO1cr8C89e/9vNektU29irMzTwQQolb+tR9f9BIpae0XM=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDbDCCAlSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQ
MA4GA1UECgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0Ff
Y2VydDEiMCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbTAeFw0xNzA0
MjYxODQ1MDBaFw0xODA0MTMxNTQ1MDBaMIGLMQswCQYDVQQGEwJwbDEQMA4GA1UE
CBMHcmV2b2tlZDEQMA4GA1UEBxMHcmV2b2tlZDEQMA4GA1UEChMHcmV2b2tlZDEQ
MA4GA1UECxMHcmV2b2tlZDEQMA4GA1UEAxMHcmV2b2tlZDEiMCAGCSqGSIb3DQEJ
ARYTcmV2b2tlZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAO1ZKIzDV/cJnJyCbER4rLf6YTPVzeWORN8nz87jmI9mWgO8hMjLZfKj
J4ECQY2BIJARq9xg9Nl8/o/wgwGA+124nLssZ0dFB9XgA7CEKJPQEwgMqSyTDe8h
4setAethr3YllBUAtfCvJXYUd+Pe7g3+xVVMXChJxvqc/o0Vfp4w1GKhpQqaDQHz
jfvSn/O6nVfjJMW/kbflbzSqs0o65LarRfZIwLNbImzgrmkKueR3TzSQ7kQE7ZJ8
dY8MEZ41QDYq3WAJYA+SdKbCzOevAf3gYFZb+sJ1fkiQpTbqTbIV9xUKMb7lRDah
hANnen1x6MlgQ/w8s+rE8Gx7LdeKfbcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
TFyPHPwb3CwDvPVlC6pgaowXbDEiQ5vU2Oecq/RwMxhC1FJ5ks+VIQ+KBrDRs9Ao
k7dF5kuGc3ZAFHgWnzpyUobAyeZchaykLYy8yslwW6xFEbWXW599mjI3D5/N9xcy
v8IHwqTTQRaxPPdcu3vjDtdpgJY89lFE2mzdPNz24Z/qsTPdLG1668L2CxoplGl2
0THVrNHxpDF0QqINZpTc6TzsZgvROXmcAYzg2D4v5TmUzXQaLhnPTkcKWfwxpUu0
XDlFJuNKr+YLS9GY+0lE1kNHpiTEusnfTPRXneDZipD3Hr6LsXX0ahRgbA3loyTJ
B9Kk23ftqSr4oePTJytIAA==
-----END CERTIFICATE-----

2
tests/certs/secrets.txt Normal file
View File

@ -0,0 +1,2 @@
test1:oaP4EishaeSaishei6rio6xeeph3az
test2:yah5uS4aijooxilier8iaphuwah1Lo

BIN
tests/certs/server_cert.p12 Normal file
View File

Binary file not shown.

47
tests/certs/server_cert.pem Normal file
View File

@ -0,0 +1,47 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEArdLSbjb/IGtK08jwDx5XSKB96G6kinSwN+3/MEB/SvtuDsDW
sC4kuS6kh+boOdzT+8rjf+k7ysJNC7td/2ExfJBMvcevsJqaMAhMlDcJLBMFetZ+
/DPOv6HZIbZToMoGH14GFvt/ed1VzAshzhYKMnLjmC/lxooX1FJhRhVK6fW1HNEj
vESJIyZA9ssk3VYaw/2cgIV3g/aOP9womk/NTU7AR/hXrCbSx1nYQInyEbk+p8qX
ELLVS1KnMxoVH7CoqTVG6PH2FH0LJxpE577QKyT3sOfKCKs0PpXrnW3O5OF4itwv
m1YAhKFWDDF2KyLW6LybFJVS/pDoMcA8tzHv7QIDAQABAoIBAAbCvWaGAxRKuAVW
umeMIY70lxEURJgSA8yZGCTTTWAoOVafj3oYwVrmgoW6qGufuCsB8ClIdAfl2MNN
DVHigN88aY+0FZRD3x1hJUFahqPNNZhagWPjy/XOILjb85K8aNKNgKUiMQoXXr/p
6u2uE8V0jH+d1U0Mj/K1JY1pRJmm4W7Tp366z3goibOK6tWwSbGGiPWXvfy8fZdz
8Hs/pG3oGEciof5hg55wSfJ+XF24iu850GaIKSNAf6pLUoU6S4zKj01qpSOEY1vN
Sv5r8/yd3VQzoxk6wVDQvo7qIS7zqvvUqw0iCf3JsWGnQmEGQqwWmLiT8yE1CxFy
H8veha0CgYEA3lffU6HSXw5zHW3o3Bx6/pGGkPlNzUDi/NbOd2kr/wBOZvmJOR2d
U0CKoqjJpBTs7CEnpvbSkz4Hit/Y00UgQS1Zvfqo5m1yhWl1jiiHqoe0Alc/P5fa
YMkkV+++eUUQFNJCiQKMRElkEEEITw21EmflWW86/ln9GAO8YZ1Ne0cCgYEAyCK9
J4plfXEyTJpltg/7z/0DMuJwc3qRLMicaXcHHWK+C6ZSFOn6rzx/1GWa25Z3sXT8
XAe98ZCYDK2+twCLtM6z2uKj/xCkZWH8AmaKKbLsMYCHXkOi38EpuxT1uiXosjVf
ArZoAL472X5d4Eg/szGsfeMmvPm52V7OM3tHbSsCgYBydtR/DqDp1NuIfAvUPUlI
gwy+18mo8E2rEr7qFJfUyIiUVMTDRa63rFNy1+gu86LhEVSDjS/tI5LoeML8SOsJ
Atrfhgqrzg6WBivByrXFIeWXCumByKBhEUwHhWIOtnJH9dLRDCHACfRctc4cPJdK
aXhWKYA6b4NveITj0AKSgwKBgDYFen1j1AVKOsOGoZHFOrlnmCdyC9x/5xPpip7F
LDx4XMgUOu++QJZwhCi2zFgdg215IG1PAaxk1UYG2AXZtdw2N0IMDyxYN6fODRIw
z3Z1/19VTDTbmOlA4JzJCZMXjHoeAelfhy88KjeI7poNpnQeImtQlzJHTi0odAxd
aGhFAoGAfxHh4GhsIpIwxQMKINUXvwQAI3rUph5gMv0MS3CAwoVAFNzKZeJQsRVW
IsI830HC+sPEpekiGcYFsRIbZv+Eh/f4j9TJ7eqUrkxVluleFU6YFHuFepbmcH4L
nZKr5bR+kg4g0g3iqNey5pJIfTj+GoLmnv6GakqQNUdFSBAJ98g=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJwbDEQ
MA4GA1UECgwHQ0FfY2VydDEQMA4GA1UECwwHQ0FfY2VydDEQMA4GA1UEAwwHQ0Ff
Y2VydDEiMCAGCSqGSIb3DQEJARYTQ0FfY2VydEBleGFtcGxlLmNvbTAeFw0xNzA0
MjYxODQzMDBaFw0xODA0MTMxNTQ1MDBaMHQxCzAJBgNVBAYTAnBsMQ8wDQYDVQQI
EwZzZXJ2ZXIxDzANBgNVBAoTBnNlcnZlcjEPMA0GA1UECxMGc2VydmVyMQ8wDQYD
VQQDEwZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEnNlcnZlckBleGFtcGxlLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3S0m42/yBrStPI8A8eV0ig
fehupIp0sDft/zBAf0r7bg7A1rAuJLkupIfm6Dnc0/vK43/pO8rCTQu7Xf9hMXyQ
TL3Hr7CamjAITJQ3CSwTBXrWfvwzzr+h2SG2U6DKBh9eBhb7f3ndVcwLIc4WCjJy
45gv5caKF9RSYUYVSun1tRzRI7xEiSMmQPbLJN1WGsP9nICFd4P2jj/cKJpPzU1O
wEf4V6wm0sdZ2ECJ8hG5PqfKlxCy1UtSpzMaFR+wqKk1Rujx9hR9CycaROe+0Csk
97DnygirND6V651tzuTheIrcL5tWAIShVgwxdisi1ui8mxSVUv6Q6DHAPLcx7+0C
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEAiPQrjJbTZ6NB+FO0lJtt5vEBLdepkl6x
mtopQRxHPZIuUqV8viP9EW2PlrrPkpdbYZtkD0AuCXiqGD9u31kIHKG05GiQYj8q
XPy55QuOntWfwJc4GEZ9uebYckHGSNLsyubdkneLeXlEZz2RbtCoZS5337nlaUCm
93Hp/bRCFZ7if9tiscxwTft92z2+Tc5bI4JGAJfex/VgyggpNRLSDDRibNvFrooO
1kSnDxySyCtysodXfonWpJFA9EAcUHXY6vlGvzLVJRfrqsS7vC/fuKOz684XDYIL
g/eJED4XR47T8gA85vM8LWl80lXvfFIYsirOnYmeQDSfTRDG9eZG6Q==
-----END CERTIFICATE-----

52
tests/certs/stunnel.pem Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDOzXhuuDTB83n4
5gy6buWIi4umz40Qdw11SuQQt3xV1MlZGFl+MuX+Py8/PmvvzzCdwYLG0oTGCrzK
zdO08tbr0z9y50Q6i+YXP33myS75kMvoB/jVHGx7cVZq/xjwCE8gFJNPI52HUEOH
Prtqg51a1shWy+208uYK96iROUaoTeIFhhJ8SScsiMWZIKgEqalWjdeSwBrSEEUa
EM3ORd3huJ2FElDMeZ86ucAlAaOqIhw37M9OpunkOqE37GagnYxQdU8bxKLOuNGr
ShT2eU8fDDqw9ypSfwCrordSz0oBV6sjUYAEAIOXOpWfTBDXlk0CO5hnSDjDaikp
lTax3ze7AgMBAAECggEBALryujV1JpRSs2fTJ5x91dgbNlLE++Pvi+YFnqiSBr9c
zexR+8z+3DV8Dw0gM9klNvDV15A/DTIu0L6RVRoWET48yPXppR88CvPnPLyeEG4h
fIO0eTjGKjdpnNK662NKT6VTlFuNecGySGmBx1Ehy+Urlw4H6kqS7mzpt6QY4AwS
Qr1CHx43tyc7XyAWjb+7d+VUhAhoJPKobkF4J83KxDFN1q+7/gLaX+2Twh78aM8A
PBxEOG37FcJx2l81EK5UpxNXoJPo15uPzUD8mH+1p4z203eNYo4qB1ruo4wNJhLB
cO6kA4z5M6xQkgB4UafQh5R2/CseNHvvGmhB61R6eOkCgYEA+Pa8UASeDcNrnF/l
ObtSETEnJbijBabObbxRYlLdhwF6hp+ASdLt0agQGOTnhJUP7goQyJr6ww9ODoA8
dJw5utmIGGv1vBae5SwxEamBgMRkn3tSZy6MW06LfhHjPc7Ky1DMbuzGlIoYJzXs
W7ECAIGblgv2NFJHSRVJFB7aJccCgYEA1KWyXA2TGCLY4xY3QMjiprwbzQgcPRH/
w6mmOzh44nrT3YhQrDC+55KjXPoml8NKc+smW6cR8Yv01fLFc6Ec0mBWZqpOQvwM
P58JAFf/us/L5ZcdKuYwYxVYHW1s/t4SXZPD/A5TdspLrJvF6Ib8NrzFfu1ym7z8
N8Kg2uqxzm0CgYEAy8TnDHc7BfjUswCqFT6ERR399JnSlGWav6ZK1jcMqdtD9bvG
vKWvkNIFmtp/w7xddW83nXl7lPuJ38SFtsvHVG+HPLXgQzogg2JQJyydmk8kLIQ7
RciLiJAZC+6IF6aRxSc0q/WP8zOz4SP5eHLAOLncJktUEC7nuaF6VsWJtzECgYAM
Yo4t0FiV2km5iCy1qD2TKneQDH3gjLDRy4qz/kkEH9VBHNReAwTLZf3/x04CHsyy
TarRQbzIzbb30wjvAB42nofJuPeP7TAlcHTMwVNSpRGiEJgRTJDa5H5aUGo9ud9l
9do/TvJLg+K+beAr99ius3XpO5kmOu6RrNNDjNHITQKBgQDr0V+awa944XZLUCmD
uxCiheqiUKJKe5uYX8/jBFQ4onQFHlzGRtd3wpTZ3JHPPLOGYkAVognXy0LqM9zG
E1nozTRsSqfy2qfSgSGiSmxktoPWTen7YpA0+J+d+T6UcBfvWVbAFvBmk+2n1nXa
040QCD05eHlIWVrTIMgGqfRrgQ==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIJAIMM7qk8vX8HMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYD
VQQGEwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fy
c2F3MRswGQYDVQQKDBJTdHVubmVsIERldmVsb3BlcnMxFzAVBgNVBAsMDlByb3Zp
c2lvbmFsIENBMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTcwNDI3MTc1MzM5WhcN
MjEwNDI3MTc1MzM5WjCBgzELMAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEg
UHJvdmluY2UxDzANBgNVBAcMBldhcnNhdzEbMBkGA1UECgwSU3R1bm5lbCBEZXZl
bG9wZXJzMRcwFQYDVQQLDA5Qcm92aXNpb25hbCBDQTESMBAGA1UEAwwJbG9jYWxo
b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzs14brg0wfN5+OYM
um7liIuLps+NEHcNdUrkELd8VdTJWRhZfjLl/j8vPz5r788wncGCxtKExgq8ys3T
tPLW69M/cudEOovmFz995sku+ZDL6Af41Rxse3FWav8Y8AhPIBSTTyOdh1BDhz67
aoOdWtbIVsvttPLmCveokTlGqE3iBYYSfEknLIjFmSCoBKmpVo3XksAa0hBFGhDN
zkXd4bidhRJQzHmfOrnAJQGjqiIcN+zPTqbp5DqhN+xmoJ2MUHVPG8SizrjRq0oU
9nlPHww6sPcqUn8Aq6K3Us9KAVerI1GABACDlzqVn0wQ15ZNAjuYZ0g4w2opKZU2
sd83uwIDAQABo3gwdjARBglghkgBhvhCAQEEBAMCBkAwDwYDVR0TBAgwBgEB/wIB
ADALBgNVHQ8EBAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwLgYJYIZIAYb4QgEN
BCEWH3N0dW5uZWwgc2VsZi1zaWduZWQgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEF
BQADggEBAEVV6RJ4N+7Y4ImwrxalKnM+RX1c0tRXeX2NCLYeTypu1MNbyXJeWSrR
N7r49JuxrJSnIFHpTcZzGxOFI8flVeDXDFdt6hpvWX/p+RIVPj2TARNh0VrTni7O
imcTGlbakxiGk6whM9fh3I1Kxvz949DC6Y8prLuwnjBnQYsyHJC6WQsIKlT/+fnp
hyX1lRUVAWa6UHPAFq39RsUQLOA5w95A6fDkfXevx/PfjHEpymK0C6/C+amu5dhz
xNZQsGDEG749Ny+xI1azUG7pwOEZmXN+hZKMs8YPG6NpAf63xhNFBAYpjT4wlE1/
96h/XIphwPJAiVbc7lxcHpTTlZfcQi8=
-----END CERTIFICATE-----

3
tests/execute Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
printf "%-35s\t%s\n" "test $1" "success"

59
tests/make_test Executable file
View File

@ -0,0 +1,59 @@
#!/bin/sh
result=0
count=0
fail=0
skip=0
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
cd "${result_path}"
result_path="${result_path}/logs"
if [ -n "$(command -v ncat)" ]
then # ncat
mynetcat="ncat"
elif [ -n "$(command -v nc)" ]
then # nc
mynetcat="nc"
else # # netcat not found
mynetcat="null"
fi
if [ "$mynetcat" != "null" ] # netcat is required
then
rm -rf "${result_path}"
mkdir "${result_path}"
cd "${result_path}"
date > "results.log"
../../src/stunnel -version 2>> "results.log"
printf "\n%s\n" "Testing..." >> "results.log"
head -n5 "results.log"
for plik in ${script_path}/recipes/*
do
/bin/sh $plik $mynetcat
state=$?
if [ "$state" -eq 0 ]
then # $state=0
count=$((count + 1))
elif [ "$state" -eq 125 ]
then # $state=125
skip=$((skip + 1))
else # $state=1
fail=$((fail + 1))
result=1
fi
done
if [ $count -eq 0 ]
then # no test was done
result=1
fi
printf "%s\n" "summary: success $count, skip $skip, fail $fail"
printf "%s\n" "summary: success $count, skip $skip, fail $fail" >> "results.log"
printf "%s\n" "./make_test finished"
cd ..
else # netcat not found
printf "%s\n" "./make_test skipped: ncat (nc) not found in \$PATH"
#result=125
fi
exit $result

28
tests/recipes/010_require_cert Executable file
View File

@ -0,0 +1,28 @@
#!/bin/sh
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
[https client]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https}
cert = ${script_path}/certs/client_cert.pem
[https server]
accept = 127.0.0.1:${https}
connect = 127.0.0.1:${http2}
cert = ${script_path}/certs/server_cert.pem
requireCert = yes
EOT
}
check_ports "010_require_cert"
start 2> "error.log"
test_log_for "010_require_cert" "success" "$1" 2>> "stderr.log"
exit $?

29
tests/recipes/011_verify_peer Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
[https client]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https}
cert = ${script_path}/certs/client_cert.pem
[https server]
accept = 127.0.0.1:${https}
connect = 127.0.0.1:${http2}
cert = ${script_path}/certs/server_cert.pem
verifyPeer = yes
CAfile = ${script_path}/certs/PeerCerts.pem
EOT
}
check_ports "011_verify_peer"
start 2> "error.log"
test_log_for "011_verify_peer" "success" "$1" 2>> "stderr.log"
exit $?

28
tests/recipes/012_verify_chain Executable file
View File

@ -0,0 +1,28 @@
#!/bin/sh
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
[https client]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https}
verifyChain = yes
CAfile = ${script_path}/certs/CACert.pem
[https server]
accept = 127.0.0.1:${https}
connect = 127.0.0.1:${http2}
cert = ${script_path}/certs/server_cert.pem
EOT
}
check_ports "012_verify_chain"
start 2> "error.log"
test_log_for "012_verify_chain" "success" "$1" 2>> "stderr.log"
exit $?

29
tests/recipes/013_CRL_file Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
[https client]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https}
verifyChain = yes
CAfile = ${script_path}/certs/CACert.pem
CRLfile = ${script_path}/certs/CACertCRL.pem
[https server]
accept = 127.0.0.1:${https}
connect = 127.0.0.1:${http2}
cert = ${script_path}/certs/server_cert.pem
EOT
}
check_ports "013_CRL_file"
start 2> "error.log"
test_log_for "013_CRL_file" "success" "$1" 2>> "stderr.log"
exit $?

35
tests/recipes/014_PSK_secrets Executable file
View File

@ -0,0 +1,35 @@
#!/bin/sh
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
sslVersion = TLSv1
[https client]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https}
PSKsecrets = ${script_path}/certs/psk1.txt
[https server]
accept = 127.0.0.1:${https}
connect = 127.0.0.1:${http2}
ciphers = PSK
PSKsecrets = ${script_path}/certs/secrets.txt
EOT
}
check_ports "014_PSK_secrets"
if grep -q "OpenSSL 1" "results.log"
then
start 2> "error.log"
test_log_for "014_PSK_secrets" "success" "$1" 2>> "stderr.log"
exit $?
else
exit_logs "014_PSK_secrets" "skipped"
exit 125
fi

32
tests/recipes/015_p12_cert Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
[https client]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https}
[https server]
accept = 127.0.0.1:${https}
connect = 127.0.0.1:${http2}
cert = ${script_path}/certs/server_cert.p12
EOT
}
check_ports "015_p12_cert"
if grep -q "OpenSSL 1" "results.log"
then
start 2> "error.log"
test_log_for "015_p12_cert" "success" "$1" 2>> "stderr.log"
exit $?
else
exit_logs "015_p12_cert" "skipped"
exit 125
fi

Some files were not shown because too many files have changed in this diff Show More