CryptoPro
/
stunnel-msspi
зеркало из https://github.com/CryptoPro/stunnel-msspi.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

stunnel-5.56

This commit is contained in:
Michał Trojnara 2019-11-22 19:10:29 +01:00
Родитель f4166a127b
Коммит 0e158f6f00
60 изменённых файлов: 1068 добавлений и 1095 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
AUTHORS
Просмотреть файл

@ -1,4 +0,0 @@
stunnel authors
Michal Trojnara <Michal.Trojnara@stunnel.org>

4
AUTHORS.md Normal file
Просмотреть файл

@ -0,0 +1,4 @@
# stunnel authors
* Michal Trojnara <Michal.Trojnara@stunnel.org>

5
BUGS
Просмотреть файл

@ -1,5 +0,0 @@
stunnel known bugs
- Shared library for transparent proxy does not support IPv6.

4
BUGS.md Normal file
Просмотреть файл

@ -0,0 +1,4 @@
# stunnel known bugs
* Shared library for transparent proxy does not support IPv6.

5
COPYING → COPYING.md
Просмотреть файл

@ -1,6 +1,7 @@
stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
# stunnel license (see COPYRIGHT.md for detailed GPL conditions)
Copyright (C) 1998-2019 Michal Trojnara
_Copyright (C) 1998-2019 Michal Trojnara_
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software

195
COPYRIGHT.GPL → COPYRIGHT.md
Просмотреть файл

@ -1,73 +1,74 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
GNU General Public License
==========================
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
_Version 2, June 1991_
_Copyright © 1989, 1991 Free Software Foundation, Inc.,_
_51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA_
Preamble
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
The licenses for most software are designed to take away your
### Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
We protect your rights with two steps: **(1)** copyright the software, and
**(2)** offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
### TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
**0.** This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
under the terms of this General Public License. The “Program”, below,
refers to any such program or work, and a “work based on the Program”
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
the term “modification”.) Each licensee is addressed as “you”.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
@ -76,7 +77,7 @@ is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
**1.** You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
@ -87,30 +88,28 @@ along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
**2.** You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
* **a)** You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
* **b)** You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
* **c)** If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
@ -131,26 +130,24 @@ with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
**3.** You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
* **a)** Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
* **b)** Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
* **c)** Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
@ -168,8 +165,8 @@ access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
**4.** You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
@ -177,7 +174,7 @@ However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
**5.** You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
@ -186,7 +183,7 @@ Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
**6.** Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
@ -194,7 +191,7 @@ restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
**7.** If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
@ -225,8 +222,8 @@ impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
**8.** If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
@ -234,20 +231,20 @@ those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
**9.** The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
specifies a version number of this License which applies to it and any
later version, you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
**10.** If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
@ -255,19 +252,19 @@ make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
### NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
@ -277,63 +274,63 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Appendix: How to Apply These Terms to Your New Programs
END OF TERMS AND CONDITIONS
If you develop a new program, and you want it to be of the greatest
### How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
the “copyright” line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) 19yy <name of author>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
The hypothetical commands `show w` and `show c` should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
be called something other than `show w` and `show c`; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
school, if any, to sign a “copyright disclaimer” for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

2
CREDITS → CREDITS.md
Просмотреть файл

@ -1,4 +1,4 @@
stunnel code contributions
# stunnel code contributions
The code contributions are licensed as public domain unless stated otherwise.

370
INSTALL
Просмотреть файл

@ -1,370 +0,0 @@
Installation Instructions
*************************
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell command `./configure && make && make install'
should configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as
their prerequisites, which makes it generally unusable when shipped
generated files such as `configure' are involved. Use GNU `make'
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf limitation. Until the limitation is lifted, you can use
this workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

7
INSTALL.FIPS → INSTALL.FIPS.md
Просмотреть файл

@ -1,7 +1,7 @@
stunnel FIPS install notes
# stunnel FIPS install notes
Unix HOWTO:
### Unix HOWTO
* Only dynamic linking of the FIPS-enabled OpenSSL is currently supported,
i.e. FIPS-enabled OpenSSL has to be configured with "shared" parameter.
* FIPS mode is autodetected if possible. It can be forced with:
@ -9,7 +9,7 @@ Unix HOWTO:
or disable with:
./configure --disable-fips
WIN32 HOWTO:
### WIN32 HOWTO
* On 32-bit Windows install one of the following compilers:
- MSVC 8.0 (VS 2005) Standard or Professional Edition
- MSVC 9.0 (VS 2008) any edition including Express Edition
@ -22,4 +22,3 @@ WIN32 HOWTO:
Mingw build requires DLL stubs. Stubs can be built with:
dlltool --def ms/libeay32.def --output-lib libcrypto.a
dlltool --def ms/ssleay32.def --output-lib libssl.a

12
INSTALL.W32 → INSTALL.W32.md
Просмотреть файл

@ -1,7 +1,7 @@
stunnel Windows install notes
# stunnel Windows install notes
Cross-compiling 64-bit stunnel from source with MinGW (optional):
### Cross-compiling 64-bit stunnel from source with MinGW (optional):
1) Install the mingw64 cross-compiler on a Unix/Linux machine.
On Debian (and derivatives, including Ubuntu):
@ -35,7 +35,7 @@ Cross-compiling 64-bit stunnel from source with MinGW (optional):
make mingw64
Cross-compiling 32-bit stunnel from source with MinGW (optional):
### Cross-compiling 32-bit stunnel from source with MinGW (optional):
1) Install the mingw64 cross-compiler on a Unix/Linux machine.
On Debian (and derivatives, including Ubuntu):
@ -69,13 +69,13 @@ Cross-compiling 32-bit stunnel from source with MinGW (optional):
make mingw
Building stunnel from source with MinGW (optional):
### Building stunnel from source with MinGW (optional):
Building stunnel with MinGW on a Windows machine is possible,
but not currently supported.
Building stunnel from source with Visual Studio (optional):
### Building stunnel from source with Visual Studio (optional):
1) Build your own or download pre-built OpenSSL library and headers.
TODO
@ -87,7 +87,7 @@ Building stunnel from source with Visual Studio (optional):
nmake -f vc.mak
Installing stunnel:
### Installing stunnel:
1) Install stunnel.
Run installer to install the precompiled binaries.

9
INSTALL.WCE → INSTALL.WCE.md
Просмотреть файл

@ -1,14 +1,14 @@
stunnel Windows CE install notes
# stunnel Windows CE install notes
Two stunnel executables are available for Windows CE platform:
### Two stunnel executables are available for Windows CE platform:
1) stunnel.exe - version with interactive GUI
2) tstunnel.exe - non-iteractive version for headless devices
Building stunnel from source (optional):
### Building stunnel from source (optional):
1) install the following tools:
evt2002web_min.exe from http://www.microsoft.com/
@ -35,11 +35,10 @@ Building stunnel from source (optional):
5) type "makece" to build stunnel
Installing stunnel:
### Installing stunnel:
1) copy OpenSSL DLLs and stunnel.exe or tstunnel.exe into \stunnel directory
2) read the manual (stunnel.html)
3) create/edit stunnel.conf configuration file

12
Makefile.am
Просмотреть файл

@ -9,14 +9,12 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
libtool: $(LIBTOOL_DEPS)
$(SHELL) ./config.status libtool
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS
EXTRA_DIST += INSTALL.W32 INSTALL.WCE INSTALL.FIPS
EXTRA_DIST += build-android.sh .travis.yml
docdir = $(datadir)/doc/stunnel
doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog
doc_DATA += PORTS BUGS COPYRIGHT.GPL CREDITS
doc_DATA += INSTALL.W32 INSTALL.WCE INSTALL.FIPS
doc_DATA = README.md TODO.md COPYING.md AUTHORS.md NEWS.md
doc_DATA += PORTS.md BUGS.md COPYRIGHT.md CREDITS.md
doc_DATA += INSTALL.W32.md INSTALL.WCE.md INSTALL.FIPS.md
EXTRA_DIST = build-android.sh .travis.yml $(doc_DATA)
distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'

19
Makefile.in
Просмотреть файл

@ -194,8 +194,7 @@ DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/auto/compile \
$(top_srcdir)/auto/config.guess $(top_srcdir)/auto/config.sub \
$(top_srcdir)/auto/install-sh $(top_srcdir)/auto/ltmain.sh \
$(top_srcdir)/auto/missing AUTHORS COPYING ChangeLog INSTALL \
NEWS README TODO auto/compile auto/config.guess \
$(top_srcdir)/auto/missing auto/compile auto/config.guess \
auto/config.sub auto/depcomp auto/install-sh auto/ltmain.sh \
auto/missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@ -365,10 +364,10 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src doc tools tests
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE \
INSTALL.FIPS build-android.sh .travis.yml
doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog PORTS BUGS \
COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS
doc_DATA = README.md TODO.md COPYING.md AUTHORS.md NEWS.md PORTS.md \
BUGS.md COPYRIGHT.md CREDITS.md INSTALL.W32.md INSTALL.WCE.md \
INSTALL.FIPS.md
EXTRA_DIST = build-android.sh .travis.yml $(doc_DATA)
distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
all: all-recursive
@ -379,15 +378,15 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
$(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
$(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile
$(AUTOMAKE) --foreign Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \

1
NEWS
Просмотреть файл

@ -1 +0,0 @@
See the ChangeLog file for the latest news.

353
ChangeLog → NEWS.md
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

2
PORTS → PORTS.md
Просмотреть файл

@ -1,4 +1,4 @@
stunnel known port maintainers
# stunnel known port maintainers
* Cygwin

14
README → README.md
Просмотреть файл

@ -1,6 +1,7 @@
stunnel overview
# stunnel overview
Short description
### Short description
The stunnel program is designed to work as an SSL encryption
wrapper between remote client and local (inetd-startable) or
@ -11,20 +12,19 @@ Short description
used inetd daemons like POP-2, POP-3 and IMAP servers
without any changes in the programs' code.
Compile instructions
### Compile instructions
See INSTALL file.
License
### License
See COPYING file.
Other files you should read
### Other files you should read
Changelog What I did
TODO What I'm going to do
Reporting problems and other contacts
### Reporting problems and other contacts
See FAQ file.

9
TODO → TODO.md
Просмотреть файл

@ -1,7 +1,7 @@
stunnel TODO
# stunnel TODO
High priority features. They will likely be supported some day.
### High priority features. They will likely be supported some day.
A sponsor could allocate my time to get them faster.
* Extend session tickets and/or sessiond to also serialize application
data ("redirect" state and session persistence).
@ -20,7 +20,7 @@ A sponsor could allocate my time to get them faster.
* Add user-defined headers to CONNECT proxy requests.
This can be used to impersonate other software (e.g. web browsers).
Low priority features. They will unlikely ever be supported.
### Low priority features. They will unlikely ever be supported.
* Database and/or directory interface for retrieving PSK secrets.
* Support static FIPS-enabled build.
* Service-level logging destination.
@ -33,7 +33,7 @@ Low priority features. They will unlikely ever be supported.
* Add '-status' command line option reporting the number of clients
connected to each service.
Features I won't support, unless convinced otherwise by a wealthy sponsor.
### Features I won't support, unless convinced otherwise by a wealthy sponsor.
* Support for adding X-Forwarded-For to HTTP request headers.
This feature is less useful since PROXY protocol support is available.
* Support for adding X-Forwarded-For to SMTP email headers.
@ -43,4 +43,3 @@ Features I won't support, unless convinced otherwise by a wealthy sponsor.
- OU (Organizational Unit).
* Set processes title that appear on the ps(1) and top(1) commands.
I could not find a portable *and* non-copyleft library for it.

2
build-android.sh
Просмотреть файл

@ -1,6 +1,6 @@
#!/bin/sh
set -ev
VERSION=5.55
VERSION=5.56
DST=stunnel-$VERSION-android
# install Android NDK on Arch Linux:

23
configure поставляемый
Просмотреть файл

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for stunnel 5.55.
# Generated by GNU Autoconf 2.69 for stunnel 5.56.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='stunnel'
PACKAGE_TARNAME='stunnel'
PACKAGE_VERSION='5.55'
PACKAGE_STRING='stunnel 5.55'
PACKAGE_VERSION='5.56'
PACKAGE_STRING='stunnel 5.56'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@ -1338,7 +1338,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures stunnel 5.55 to adapt to many kinds of systems.
\`configure' configures stunnel 5.56 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1409,7 +1409,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of stunnel 5.55:";;
short | recursive ) echo "Configuration of stunnel 5.56:";;
esac
cat <<\_ACEOF
@ -1528,7 +1528,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
stunnel configure 5.55
stunnel configure 5.56
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2134,7 +2134,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by stunnel $as_me 5.55, which was
It was created by stunnel $as_me 5.56, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3003,7 +3003,7 @@ fi
# Define the identity of the package.
PACKAGE='stunnel'
VERSION='5.55'
VERSION='5.56'
cat >>confdefs.h <<_ACEOF
@ -15360,7 +15360,8 @@ fi
done
for ac_header in sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h \
sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h
sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h \
sys/param.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@ -16901,7 +16902,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by stunnel $as_me 5.55, which was
This file was extended by stunnel $as_me 5.56, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -16967,7 +16968,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
stunnel config.status 5.55
stunnel config.status 5.56
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

7
configure.ac
Просмотреть файл

@ -1,12 +1,12 @@
# Process this file with autoconf to produce a configure script.
AC_INIT([stunnel],[5.55])
AC_INIT([stunnel],[5.56])
AC_MSG_NOTICE([**************************************** initialization])
AC_CONFIG_AUX_DIR(auto)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([src/config.h])
AC_CONFIG_SRCDIR([src/stunnel.c])
AM_INIT_AUTOMAKE
AM_INIT_AUTOMAKE([foreign])
AC_CANONICAL_HOST
AC_SUBST([host])
@ -183,7 +183,8 @@ AC_MSG_NOTICE([**************************************** header files])
AC_CHECK_HEADERS([stdint.h inttypes.h malloc.h ucontext.h pthread.h poll.h \
tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h limits.h])
AC_CHECK_HEADERS([sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h \
sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h])
sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h \
sys/param.h])
AC_CHECK_HEADERS([linux/sched.h])
AC_CHECK_MEMBERS([struct msghdr.msg_control],
[AC_DEFINE([HAVE_MSGHDR_MSG_CONTROL], [1],

4
doc/Makefile.in
Просмотреть файл

@ -306,9 +306,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile
$(AUTOMAKE) --foreign doc/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \

4
src/Makefile.in
Просмотреть файл

@ -422,9 +422,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/Makefile
$(AUTOMAKE) --foreign src/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \

98
src/client.c
Просмотреть файл

@ -100,6 +100,18 @@ void *
size_t stack_size=c->opt->stack_size;
#endif
#ifdef USE_FORK
/* do not use signal pipe in child processes */
signal(SIGCHLD, SIG_IGN); /* ignore dead children */
signal(SIGHUP, SIG_DFL);
signal(SIGUSR1, SIG_DFL);
signal(SIGUSR2, SIG_DFL);
signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */
signal(SIGTERM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
#endif /* USE_FORK */
/* make sure c->thread_* values are initialized */
CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_THREAD_LIST]);
CRYPTO_THREAD_unlock(stunnel_locks[LOCK_THREAD_LIST]);
@ -485,6 +497,7 @@ NOEXPORT void remote_start(CLI *c) {
NOEXPORT void ssl_start(CLI *c) {
int i, err;
SSL_SESSION *sess;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int unsafe_openssl;
#endif /* OpenSSL version < 1.1.0 */
@ -601,11 +614,17 @@ NOEXPORT void ssl_start(CLI *c) {
throw_exception(c, 1);
}
print_cipher(c);
if(SSL_session_reused(c->ssl))
print_session_id(SSL_get_session(c->ssl));
/* SSL_SESS_CACHE_NO_INTERNAL_STORE prevented automatic caching */
if(!c->opt->option.client)
SSL_CTX_add_session(c->opt->ctx, SSL_get_session(c->ssl));
sess=SSL_get1_session(c->ssl);
if(sess) {
if(SSL_session_reused(c->ssl)) {
print_session_id(sess);
} else { /* a new session was negotiated */
/* SSL_SESS_CACHE_NO_INTERNAL_STORE prevented automatic caching */
if(!c->opt->option.client)
SSL_CTX_add_session(c->opt->ctx, sess);
}
SSL_SESSION_free(sess);
}
}
NOEXPORT void session_cache_retrieve(CLI *c) {
@ -1469,9 +1488,13 @@ NOEXPORT SOCKET connect_remote(CLI *c) {
if(!connect_init(c, c->connect_addr.addr[c->idx].sa.sa_family) &&
!s_connect(c, &c->connect_addr.addr[c->idx],
addr_len(&c->connect_addr.addr[c->idx]))) {
if(c->ssl)
idx_cache_save(SSL_get_session(c->ssl),
&c->connect_addr.addr[c->idx]);
if(c->ssl) {
SSL_SESSION *sess=SSL_get1_session(c->ssl);
if(sess) {
idx_cache_save(sess, &c->connect_addr.addr[c->idx]);
SSL_SESSION_free(sess);
}
}
print_bound_address(c);
fd=c->fd;
c->fd=INVALID_SOCKET;
@ -1521,30 +1544,34 @@ NOEXPORT unsigned idx_cache_retrieve(CLI *c) {
char *addr_txt;
if(c->ssl && SSL_session_reused(c->ssl)) {
CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_ADDR]);
ptr=SSL_SESSION_get_ex_data(SSL_get_session(c->ssl),
index_session_connect_address);
if(ptr) {
len=addr_len(ptr);
memcpy(&addr, ptr, (size_t)len);
CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
/* address was copied, ptr itself is no longer valid */
for(i=0; i<c->connect_addr.num; ++i) {
if(addr_len(&c->connect_addr.addr[i])==len &&
!memcmp(&c->connect_addr.addr[i],
&addr, (size_t)len)) {
addr_txt=s_ntop(&addr, len);
s_log(LOG_INFO, "persistence: %s reused", addr_txt);
str_free(addr_txt);
return i;
SSL_SESSION *sess=SSL_get1_session(c->ssl);
if(sess) {
CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_ADDR]);
ptr=SSL_SESSION_get_ex_data(sess, index_session_connect_address);
if(ptr) {
len=addr_len(ptr);
memcpy(&addr, ptr, (size_t)len);
CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
SSL_SESSION_free(sess);
/* address was copied, ptr itself is no longer valid */
for(i=0; i<c->connect_addr.num; ++i) {
if(addr_len(&c->connect_addr.addr[i])==len &&
!memcmp(&c->connect_addr.addr[i],
&addr, (size_t)len)) {
addr_txt=s_ntop(&addr, len);
s_log(LOG_INFO, "persistence: %s reused", addr_txt);
str_free(addr_txt);
return i;
}
}
addr_txt=s_ntop(&addr, len);
s_log(LOG_INFO, "persistence: %s not available", addr_txt);
str_free(addr_txt);
} else {
CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
SSL_SESSION_free(sess);
s_log(LOG_NOTICE, "persistence: No cached address found");
}
addr_txt=s_ntop(&addr, len);
s_log(LOG_INFO, "persistence: %s not available", addr_txt);
str_free(addr_txt);
} else {
CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
s_log(LOG_NOTICE, "persistence: No cached address found");
}
}
@ -1685,12 +1712,19 @@ NOEXPORT int connect_init(CLI *c, int domain) {
}
NOEXPORT int redirect(CLI *c) {
SSL_SESSION *sess;
void *ex_data;
if(!c->opt->redirect_addr.names)
return 0; /* redirect not configured */
if(!c->ssl)
return 1; /* TLS not established -> always redirect */
return !SSL_SESSION_get_ex_data(SSL_get_session(c->ssl),
index_session_authenticated);
sess=SSL_get1_session(c->ssl);
if(!sess)
return 1; /* no TLS session -> always redirect */
ex_data=SSL_SESSION_get_ex_data(sess, index_session_authenticated);
SSL_SESSION_free(sess);
return ex_data == NULL;
}
NOEXPORT void print_bound_address(CLI *c) {

3
src/common.h
Просмотреть файл

@ -315,6 +315,9 @@ typedef int SOCKET;
#include <sys/select.h> /* for aix */
#endif
#include <dirent.h>
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h> /* MAXPATHLEN */
#endif
#if defined(HAVE_POLL) && !defined(BROKEN_POLL)
#ifdef HAVE_POLL_H

3
src/config.h.in
Просмотреть файл

@ -150,6 +150,9 @@
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
/* Define to 1 if you have the <sys/poll.h> header file. */
#undef HAVE_SYS_POLL_H

7
src/ctx.c
Просмотреть файл

@ -994,12 +994,13 @@ NOEXPORT int generate_session_ticket_cb(SSL *ssl, void *arg) {
#if 0
SOCKADDR_UNION *addr;
#endif
int retval;
(void)arg; /* squash the unused parameter warning */
s_log(LOG_DEBUG, "Generate session ticket callback");
sess=SSL_get_session(ssl);
sess=SSL_get1_session(ssl);
if(!sess)
return 0;
memset(&ticket_data, 0, sizeof(TICKET_DATA));
@ -1016,8 +1017,10 @@ NOEXPORT int generate_session_ticket_cb(SSL *ssl, void *arg) {
CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
#endif
return SSL_SESSION_set1_ticket_appdata(sess,
retval=SSL_SESSION_set1_ticket_appdata(sess,
&ticket_data, sizeof(TICKET_DATA));
SSL_SESSION_free(sess);
return retval;
}
NOEXPORT int decrypt_session_ticket_cb(SSL *ssl, SSL_SESSION *sess,

54
src/dhparam.c
Просмотреть файл

@ -5,32 +5,32 @@
DH *get_dh2048(void)
{
static unsigned char dhp_2048[] = {
0xE3, 0xCD, 0xF3, 0x0E, 0x81, 0xA6, 0xDE, 0x0F, 0x38, 0xD4,
0x06, 0x26, 0x41, 0x71, 0x90, 0xCF, 0xDF, 0x00, 0xB0, 0x1B,
0xE9, 0x8B, 0x89, 0x8E, 0xB4, 0x9A, 0xCE, 0x4D, 0x7A, 0xBB,
0x19, 0x9B, 0x22, 0xBC, 0xBF, 0xDC, 0x2F, 0x3B, 0x9D, 0xE3,
0x96, 0xA8, 0x3F, 0xD4, 0xD0, 0x2F, 0xFA, 0x09, 0xC2, 0x52,
0x33, 0x5C, 0x22, 0xF0, 0xB3, 0xF9, 0xCF, 0xEA, 0xEF, 0xBF,
0xDF, 0x11, 0x83, 0x1E, 0xF0, 0x4C, 0x29, 0x96, 0x1B, 0x4C,
0x8E, 0x8E, 0x63, 0xDA, 0x78, 0x99, 0xC2, 0x40, 0xBB, 0x49,
0x93, 0x65, 0xF9, 0x1A, 0x13, 0x5D, 0xED, 0x6D, 0xB7, 0xDF,
0xCE, 0xC4, 0x3B, 0xFC, 0xB6, 0xF4, 0x0D, 0x00, 0x39, 0x38,
0x02, 0xE4, 0xFC, 0xE0, 0x9B, 0x52, 0x6E, 0xAB, 0xDD, 0x87,
0xF7, 0x28, 0x4C, 0x0C, 0x34, 0x9E, 0x6B, 0x58, 0x97, 0x9C,
0x2D, 0x75, 0xE6, 0xD5, 0xCA, 0xAE, 0x09, 0x42, 0x14, 0x38,
0x7D, 0x5A, 0x1C, 0x77, 0x49, 0x34, 0xB8, 0x71, 0xCA, 0x6C,
0x78, 0x6D, 0x75, 0x41, 0xC0, 0xA9, 0x88, 0x94, 0x8A, 0x2A,
0x45, 0xE7, 0x80, 0xBA, 0xD4, 0x00, 0xF5, 0xA3, 0xF4, 0x46,
0x89, 0xF2, 0xAC, 0xF9, 0x10, 0xB7, 0x5F, 0x8E, 0x0A, 0x4B,
0xD7, 0xDA, 0xB1, 0x66, 0xCF, 0x42, 0x88, 0x93, 0xB8, 0xA8,
0x8D, 0xC5, 0x95, 0x91, 0x36, 0x8C, 0x1E, 0x0D, 0x5C, 0xF2,
0xE1, 0x02, 0xC5, 0x0C, 0x8A, 0x50, 0xF7, 0xF5, 0x3F, 0xDE,
0x90, 0x75, 0x31, 0x96, 0x0F, 0xD0, 0xF9, 0x41, 0xC0, 0x2F,
0x3C, 0xF2, 0xB4, 0x17, 0xA2, 0x7C, 0xEA, 0x7C, 0xFF, 0x2F,
0x72, 0xE6, 0x2D, 0xB6, 0x33, 0x4C, 0x84, 0x66, 0x93, 0xBC,
0xE3, 0xA9, 0xC0, 0xF7, 0x7B, 0xF0, 0xE6, 0xFC, 0x9D, 0x6B,
0xDA, 0x68, 0xFB, 0x15, 0x55, 0xBA, 0x5C, 0x85, 0x48, 0x0C,
0x17, 0xE9, 0x59, 0x00, 0xF4, 0xA3
0xD5, 0x75, 0xF1, 0x23, 0xC1, 0x81, 0x4B, 0x44, 0x23, 0xBE,
0x97, 0x81, 0x7A, 0xDA, 0x97, 0x1F, 0x1F, 0x0D, 0xD5, 0xEC,
0xC5, 0x5F, 0x86, 0x42, 0x7F, 0x38, 0xA3, 0x95, 0xEE, 0xA0,
0x52, 0x2C, 0xB7, 0x20, 0x29, 0xC1, 0xC7, 0xE6, 0x8E, 0x6F,
0xE5, 0xC1, 0x0D, 0xDD, 0x8A, 0xEF, 0x8D, 0xE7, 0xA8, 0x63,
0xB4, 0xF7, 0x58, 0x32, 0x0E, 0x24, 0xAC, 0x30, 0x94, 0xF5,
0xC7, 0x02, 0x81, 0x1B, 0xC7, 0x68, 0xE5, 0x71, 0xD7, 0x1E,
0x3D, 0xE4, 0x2E, 0x2F, 0xC0, 0x0A, 0xED, 0x34, 0xAC, 0xC0,
0x1F, 0x0A, 0x56, 0xA4, 0x12, 0x02, 0xFD, 0x68, 0xD2, 0x4D,
0x5E, 0x0A, 0x5D, 0x78, 0xE3, 0xA0, 0x85, 0x75, 0xD2, 0xA9,
0xC1, 0xF2, 0xAD, 0x65, 0x11, 0xDE, 0xE8, 0x05, 0x68, 0x36,
0x4C, 0x92, 0x99, 0x21, 0xB9, 0x69, 0xD0, 0x6F, 0xD8, 0xA3,
0xEA, 0x35, 0x13, 0x93, 0xDC, 0x1B, 0x13, 0x16, 0xB2, 0x15,
0x8E, 0x10, 0x22, 0xCE, 0x01, 0x1F, 0x1C, 0x09, 0x86, 0xD5,
0xE7, 0xCB, 0xCF, 0xFA, 0xED, 0x2F, 0xE2, 0x3A, 0x65, 0x14,
0xC9, 0xFA, 0x70, 0x99, 0xF7, 0xE0, 0x30, 0xBF, 0x7F, 0xEA,
0x84, 0x14, 0x8A, 0x51, 0xC9, 0xE9, 0x85, 0x73, 0x7F, 0xA1,
0xB0, 0xC3, 0x33, 0x9A, 0xAB, 0x69, 0x4E, 0x75, 0xFB, 0x12,
0xB0, 0x9E, 0xB1, 0xD9, 0xD1, 0xB9, 0x32, 0x1D, 0xC6, 0xD9,
0x2C, 0xAA, 0xB0, 0xC5, 0x3E, 0x69, 0x56, 0xA2, 0xB3, 0xA2,
0x81, 0xCA, 0x9D, 0x77, 0xBB, 0x52, 0x44, 0xA2, 0xED, 0xE0,
0xF0, 0x2A, 0x81, 0x85, 0x90, 0xB6, 0x04, 0x60, 0xEB, 0x09,
0x72, 0x08, 0x44, 0xAF, 0x28, 0xF5, 0x15, 0x34, 0x87, 0x5C,
0x8A, 0xB4, 0x5B, 0x15, 0x6A, 0xAD, 0x27, 0x4E, 0xA0, 0xDE,
0x99, 0x22, 0xCF, 0xAB, 0x4C, 0xFD, 0x75, 0x10, 0x5D, 0xFF,
0xE8, 0x81, 0x50, 0xC4, 0xC0, 0x4B
};
static unsigned char dhg_2048[] = {
0x02
@ -52,4 +52,4 @@ DH *get_dh2048(void)
return dh;
}
#endif /* OPENSSL_NO_DH */
/* built for stunnel 5.55 */
/* built for stunnel 5.56 */

3
src/mingw.mk
Просмотреть файл

@ -24,7 +24,8 @@ win32_ldflags = -g -mthreads
#win32_ldflags += -fstack-protector
# -fstack-protector is broken (at least in x86_64-w64-mingw32-gcc 8.2.0)
win32_common_libs = -lws2_32 -lkernel32
# compiling with -D_FORTIFY_SOURCE=2 may require linking with -lssp
win32_common_libs = -lws2_32 -lkernel32 -lssp
win32_ssl_libs = -L$(win32_ssl_dir)/lib -lcrypto -lssl
win32_gui_libs = $(win32_common_libs) -lgdi32 -lpsapi $(win32_ssl_libs)
win32_cli_libs = $(win32_common_libs) $(win32_ssl_libs)

41
src/options.c
Просмотреть файл

@ -348,7 +348,12 @@ int options_cmdline(char *arg1, char *arg2) {
if(type==CONF_FILE) {
#ifdef HAVE_REALPATH
char *real_path=realpath(name, NULL);
char *real_path=NULL;
#ifdef MAXPATHLEN
/* a workaround for pre-POSIX.1-2008 4.4BSD and Solaris */
real_path=malloc(MAXPATHLEN);
#endif
real_path=realpath(name, real_path);
if(!real_path) {
s_log(LOG_ERR, "Invalid configuration file name \"%s\"", name);
ioerror("realpath");
@ -2398,14 +2403,6 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
return tmp_str;
}
endpoints+=section->option.protocol_endpoint;
#if defined(SSL_OP_NO_TICKET) && OPENSSL_VERSION_NUMBER<0x10101000L
/* disable RFC4507 support introduced in OpenSSL 0.9.8f */
/* OpenSSL 1.1.1 is required to serialize application data
* into session tickets */
/* this is needed for connect address session persistence */
if(!section->option.connect_before_ssl)
section->ssl_options_set|=SSL_OP_NO_TICKET;
#endif
break;
case CMD_PRINT_DEFAULTS:
break;
@ -2687,17 +2684,14 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
case CMD_SET_VALUE:
if(strcasecmp(opt, "redirect"))
break;
#if defined(SSL_OP_NO_TICKET) && OPENSSL_VERSION_NUMBER<0x10101000L
/* disable RFC4507 support introduced in OpenSSL 0.9.8f */
/* OpenSSL 1.1.1 is required to serialize application data
* into session tickets */
/* this is needed for preserving authentication status */
section->ssl_options_set|=SSL_OP_NO_TICKET;
#endif
name_list_append(&section->redirect_addr.names, arg);
return NULL; /* OK */
case CMD_INITIALIZE:
if(section->redirect_addr.names) {
if(section->option.client)
return "\"redirect\" is unsupported in client sections";
if(section->option.connect_before_ssl)
return "\"redirect\" is incompatible with the specified protocol negotiation";
if(!section->option.delayed_lookup &&
!addrlist_resolve(&section->redirect_addr)) {
s_log(LOG_INFO,
@ -3144,11 +3138,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
/* sslVersionMax */
switch(cmd) {
case CMD_SET_DEFAULTS:
#ifdef TLS1_3_VERSION
section->max_proto_version=0; /* highest supported */
#else /* prevent negotiating TLS 1.3 when linked against a newer OpenSSL */
section->max_proto_version=TLS1_2_VERSION;
#endif
break;
case CMD_SET_COPY:
section->max_proto_version=new_service_options.max_proto_version;
@ -3667,6 +3657,17 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
if(endpoints!=1)
return "Inetd mode must define one endpoint";
}
#ifdef SSL_OP_NO_TICKET
/* disable RFC4507 support introduced in OpenSSL 0.9.8f */
/* OpenSSL 1.1.1 is required to serialize application data
* into session tickets */
/* server mode sections need it for the "redirect" option
* and connect address session persistence */
if(OpenSSL_version_num()<0x10101000L &&
!section->option.client &&
!section->option.connect_before_ssl)
section->ssl_options_set|=SSL_OP_NO_TICKET;
#endif /* SSL_OP_NO_TICKET */
if(context_init(section)) /* initialize TLS context */
return "Failed to initialize TLS context";
break;

6
src/os2.mak
Просмотреть файл

@ -1,11 +1,11 @@
prefix=.
DEFS = -DPACKAGE_NAME=\"stunnel\" \
-DPACKAGE_TARNAME=\"stunnel\" \
-DPACKAGE_VERSION=\"5.55\" \
-DPACKAGE_STRING=\"stunnel\ 5.55\" \
-DPACKAGE_VERSION=\"5.56\" \
-DPACKAGE_STRING=\"stunnel\ 5.56\" \
-DPACKAGE_BUGREPORT=\"\" \
-DPACKAGE=\"stunnel\" \
-DVERSION=\"5.55\" \
-DVERSION=\"5.56\" \
-DSTDC_HEADERS=1 \
-DHAVE_SYS_TYPES_H=1 \
-DHAVE_SYS_STAT_H=1 \

7
src/ssl.c
Просмотреть файл

@ -260,6 +260,13 @@ NOEXPORT int compression_init(GLOBAL_OPTIONS *global) {
NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
int totbytes=0;
char filename[256];
const RAND_METHOD *meth=RAND_get_rand_method();
/* skip PRNG initialization when no seeding methods are available */
if(meth->status==NULL || meth->add==NULL) {
s_log(LOG_DEBUG, "No PRNG seeding methods");
return 0; /* success */
}
if(RAND_status()) {
s_log(LOG_DEBUG, "No PRNG seeding was required");

77
src/stunnel.c
Просмотреть файл

@ -81,6 +81,7 @@ NOEXPORT int change_root(void);
#endif
NOEXPORT int pipe_init(SOCKET [2], char *);
NOEXPORT int signal_pipe_dispatch(void);
NOEXPORT void reload_config();
NOEXPORT int process_connections(void);
NOEXPORT char *signal_name(int);
@ -808,39 +809,7 @@ NOEXPORT int signal_pipe_dispatch(void) {
return 1;
case SIGNAL_RELOAD_CONFIG:
s_log(LOG_DEBUG, "Processing SIGNAL_RELOAD_CONFIG");
if(options_parse(CONF_RELOAD)) {
s_log(LOG_ERR, "Failed to reload the configuration file");
} else {
#ifdef HAVE_CHROOT
struct stat sb;
#endif /* HAVE_CHROOT */
unbind_ports();
log_flush(LOG_MODE_BUFFER);
#ifdef HAVE_CHROOT
/* we don't close SINK_SYSLOG if chroot is enabled and
* there is no /dev/log inside it, which could allow
* openlog(3) to reopen the syslog socket later */
if(global_options.chroot_dir && stat("/dev/log", &sb))
log_close(SINK_OUTFILE);
else
#endif /* HAVE_CHROOT */
log_close(SINK_SYSLOG|SINK_OUTFILE);
/* there is no race condition here:
* client threads are not allowed to use global options */
options_free();
options_apply();
/* we hope that a sane openlog(3) implementation won't
* attempt to reopen /dev/log if it's already open */
log_open(SINK_SYSLOG|SINK_OUTFILE);
log_flush(LOG_MODE_CONFIGURED);
ui_config_reloaded();
if(bind_ports()) {
/* FIXME: handle the error */
}
if(exec_connect_start()) {
/* FIXME: handle the error */
}
}
reload_config();
return 0;
case SIGNAL_REOPEN_LOG:
s_log(LOG_DEBUG, "Processing SIGNAL_REOPEN_LOG");
@ -860,6 +829,48 @@ NOEXPORT int signal_pipe_dispatch(void) {
}
}
NOEXPORT void reload_config() {
static int delay=10; /* 10ms */
#ifdef HAVE_CHROOT
struct stat sb;
#endif /* HAVE_CHROOT */
if(options_parse(CONF_RELOAD)) {
s_log(LOG_ERR, "Failed to reload the configuration file");
return;
}
unbind_ports();
log_flush(LOG_MODE_BUFFER);
#ifdef HAVE_CHROOT
/* we don't close SINK_SYSLOG if chroot is enabled and
* there is no /dev/log inside it, which could allow
* openlog(3) to reopen the syslog socket later */
if(global_options.chroot_dir && stat("/dev/log", &sb))
log_close(SINK_OUTFILE);
else
#endif /* HAVE_CHROOT */
log_close(SINK_SYSLOG|SINK_OUTFILE);
/* there is no race condition here:
* client threads are not allowed to use global options */
options_free();
options_apply();
/* we hope that a sane openlog(3) implementation won't
* attempt to reopen /dev/log if it's already open */
log_open(SINK_SYSLOG|SINK_OUTFILE);
log_flush(LOG_MODE_CONFIGURED);
ui_config_reloaded();
/* we use "|" instead of "||" to attempt initialization of both subsystems */
if(bind_ports() | exec_connect_start()) {
s_poll_sleep(delay/1000, delay%1000); /* sleep to avoid log trashing */
signal_post(SIGNAL_RELOAD_CONFIG); /* retry */
delay*=2;
if(delay > 10000) /* 10s */
delay=10000;
} else {
delay=10; /* 10ms */
}
}
#ifdef __GNUC__
#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)
#pragma GCC diagnostic push

12
src/ui_unix.c
Просмотреть файл

@ -107,8 +107,20 @@ NOEXPORT int main_unix(int argc, char* argv[]) {
signal(SIGQUIT, signal_handler); /* fatal */
if(signal(SIGINT, SIG_IGN)!=SIG_IGN)
signal(SIGINT, signal_handler); /* fatal */
#endif
#ifdef USE_FORK
setpgid(0, 0); /* create a new process group if needed */
#endif
daemon_loop();
#ifdef USE_FORK
s_log(LOG_NOTICE, "Terminating service processes");
signal(SIGCHLD, SIG_IGN);
signal(SIGTERM, SIG_IGN);
kill(0, SIGTERM); /* kill the whole process group */
while(wait(NULL)!=-1)
;
s_log(LOG_NOTICE, "Service processes terminated");
#endif
#if !defined(__vms) && !defined(USE_OS2)
delete_pid();
#endif /* standard Unix */

13
src/verify.c
Просмотреть файл

@ -215,10 +215,15 @@ NOEXPORT int verify_callback(int preverify_ok, X509_STORE_CTX *callback_ctx) {
return 1; /* accept */
}
if(verify_checks(c, preverify_ok, callback_ctx)) {
if(!SSL_SESSION_set_ex_data(SSL_get_session(ssl),
index_session_authenticated, (void *)(-1))) {
sslerror("SSL_SESSION_set_ex_data");
return 0; /* reject */
SSL_SESSION *sess=SSL_get1_session(c->ssl);
if(sess) {
int ok=SSL_SESSION_set_ex_data(sess, index_session_authenticated,
(void *)(-1));
SSL_SESSION_free(sess);
if(!ok) {
sslerror("SSL_SESSION_set_ex_data");
return 0; /* reject */
}
}
return 1; /* accept */
}

2
src/version.h
Просмотреть файл

@ -65,7 +65,7 @@
/* START CUSTOMIZE */
#define VERSION_MAJOR 5
#define VERSION_MINOR 55
#define VERSION_MINOR 56
/* END CUSTOMIZE */
/* all the following macros are ABSOLUTELY NECESSARY to have proper string

4
tests/Makefile.in
Просмотреть файл

@ -322,9 +322,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu tests/Makefile
$(AUTOMAKE) --foreign tests/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \

34
tests/certs/CACert.pem
Просмотреть файл

@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDwTCCAqmgAwIBAgIUZWKfpQpNBAWupcviv+US6dFUB2swDQYJKoZIhvcNAQEL
MIIDwTCCAqmgAwIBAgIUXE+sARWPLGgknSpOyFlDQSWC7DswDQYJKoZIhvcNAQEL
BQAwaDELMAkGA1UEBhMCUEwxGzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQ
MA4GA1UECwwHUm9vdCBDQTELMAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNB
QGV4YW1wbGUuY29tMB4XDTE5MDMyMDE1MDA1NFoXDTIzMDMyMDE1MDA1NFowaDEL
QGV4YW1wbGUuY29tMB4XDTE5MTExMTIxNTgzMFoXDTIzMTExMTIxNTgzMFowaDEL
MAkGA1UEBhMCUEwxGzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UE
CwwHUm9vdCBDQTELMAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32hehjXr5g20
JSJHccUsnZr5j69sbpy0oXUI8tckoVokbXzjvhJhNw+nPIUT7h7+zavHQ4LLsV35
di4SCsYR+juPVswNpKfWwOCjz9alxK3gqd/UwoEDdL7Iw7Oph5ZTPJ6AihU9aQfi
V4hjVOVDJ47foeB3f+CrWN/LI4dt8D56TZ/vygL7RuzW/Rw5rFJq5y/meDEoRMBg
2Q3Bk5uJg68n3ZbogHGO3+p2cY/B2GAkJfmGas0stZ/4ZTAr0zECYdGaZ8Q7Y989
dqLm2ikewM5qD65nZpLyH5sJFjqWO79z6aaE5OOBdaGUuEBIt9FVXW3DTihlKrPH
WX+Pi4B/fQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ0R8NP
Eu47K82WYTfum/ccQzhI6DAfBgNVHSMEGDAWgBQ0R8NPEu47K82WYTfum/ccQzhI
6DAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAMSajxG20FdoEDvK
8D2aToZDn/47/9yb+LGoIrRRsBy9XACGSIZvW12UIQ1QD9iH3cNMeyyftqcXDla+
IDb5aYZ2d9FJil6CqccF+Zo/zGjvO5zxbmG22ScpRom9FlEB4toFTXf68Li+Gh2i
XW5iY4XWsT39kRmJwowpOKq9euhsjOiCPEHRPywI3UMlMJkMQqqcDPcrvuWxcCpv
M2RC+Mlmf6ouHTA74xbaBaNHpHUTrRgGKWHzyA9AU1ZvUUkPd+i0xUJLI1OEFe74
u45GqkTYW0hdQMyxmtf9PwlPylWO8YrdRLXPzr5bDY+piSiK5UrrXL/8CiDtIkKM
UO/dTL8=
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubPhK1yk1SJ5
EIJ1p2z/ujOh6BFOYeuKadoK8rUc8Yt8/tE7ah7qvHqD19szQ0fb84ZTIkhQNipp
4BhS5Cg358C6f3tWteLiM9zq9HaTePPuK+LzhJmLJb00Go4eHnm9SujBacO7SbqM
odySB1p7EL5HVd1YT64nIgFpYcyhYcTqhVE0e4+5Ud+irLk/rsiqmDtlrUABNc/E
krSozoZskk0YWR1RWh7qr23AKGr2sKqxdlrkjJqgPBx2VCEW9MTZrEX6jLn1SNF3
PuvUglPXADjjy/luFoDlKPuRpBXLsYVTx5j2Oi5hFsPPDJmqso2eFT39tJsqjGGh
25TZJiEdtQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS/mA7w
0d3k444hl5TfRCmXzsFSuzAfBgNVHSMEGDAWgBS/mA7w0d3k444hl5TfRCmXzsFS
uzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBADcEh1sUlM6AfrLC
ITX/hrGPRPbHkLjImXNdvf5TW3gsx5meGqp74mgbT9foq4VLhcEdDzXvcRcSkpJ7
Cfs5ZJkKNzkZgO2sJ3JPBMw143iMs05iyyQXXybjP9LJBpKD0TQ6Dl2HYiiP0pU8
c/lDUETXL14tp42kgQ6knHByQQi9E2EhKJnXPhkC9gUe1wcaVaP3WIoKxXfrHfwT
AsoeYVw+2CYdjyHj3XGBvZObqXKWU8zUkNbiqsntVxUg9bdQ9VFKKHw4o+yXyH6z
aStIXWdpMiUNTHnGk315X3E3Pea/XpiL9UW/1AbX80+yKog/hqJlt33QKTyIGaA4
ZdW+QoQ=
-----END CERTIFICATE-----

18
tests/certs/CACertCRL.pem
Просмотреть файл

@ -1,13 +1,13 @@
-----BEGIN X509 CRL-----
MIIB7TCB1gIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJQTDEbMBkGA1UE
CgwSU3R1bm5lbCBEZXZlbG9wZXJzMRAwDgYDVQQLDAdSb290IENBMQswCQYDVQQD
DAJDQTEdMBsGCSqGSIb3DQEJARYOQ0FAZXhhbXBsZS5jb20XDTE5MDMyMDE1MDA1
NFoXDTIzMDMyMDE1MDA1NFowFTATAgIQABcNMTkwMzIwMTUwMDU0WqAjMCEwHwYD
VR0jBBgwFoAUNEfDTxLuOyvNlmE37pv3HEM4SOgwDQYJKoZIhvcNAQELBQADggEB
ADGW3LrzF0ikvtOdQH87fe3WbYxaCUMdohmm2LVd4a37SJYksw8mei+MfbQTJIEG
CtNJWeDCP3iPKVXeA2Z6d+AU5SNfxqTOxhjLjx3F0XNHVtIXmE+SdeUuv1W9pZCN
G9YeEoWJzl5+A4KakMZsNCUQQzAx9d21xBO7qgESBRROjRuAxloU81q2B9XyPdMl
DnZckyEnvmxHHpepo5TlnT1G4eMHDpmPOmvP/yPo8G0hZq0D+c0XjOCMikZKFtYE
iRrMR7gBtS/AzhxW4EYFletxjkLt22Of726LgEIwdjy3ZnfUZ2goc84APwI1D9ps
lh+RL/aHOjERrSP1qRK8JYc=
DAJDQTEdMBsGCSqGSIb3DQEJARYOQ0FAZXhhbXBsZS5jb20XDTE5MTExMTIxNTgz
MFoXDTIzMTExMTIxNTgzMFowFTATAgIQABcNMTkxMTExMjE1ODMwWqAjMCEwHwYD
VR0jBBgwFoAUv5gO8NHd5OOOIZeU30Qpl87BUrswDQYJKoZIhvcNAQELBQADggEB
AER7D1Mf6+ASMOULNKQ8MB0lqjWAf8XN67Ez/spAbF5B7ySaFPJOuT+90oTpccrW
08KPZVrUkAsWSBty06jsZe8IB8YLdpkdDD59dwqIQ5CILbvx16l0nqrXqOQ3kRfT
pfzikaOSrt7PWuHRRGnLiK88r+s1S5JqYtHAnhO4xyQzDmpyID/i5vS/3rfHCmEM
drk4vkkUq0wRFRiq0fXECF8bgIr366oCmm09rKy4jgyDxSo81yJCRlkNFOY6zxjS
RH7ckNLxJb77vaJGkNnaIefgQB+OML/UphzW/IcnKV03nGT6OEPUpVHeMAA365tV
z5HRB+7G/oLzauOgrVVkjvE=
-----END X509 CRL-----

4
tests/certs/Makefile.in
Просмотреть файл

@ -264,9 +264,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/certs/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/certs/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu tests/certs/Makefile
$(AUTOMAKE) --foreign tests/certs/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \

60
tests/certs/PeerCerts.pem
Просмотреть файл

@ -2,43 +2,43 @@
MIIDoDCCAoigAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx
GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL
MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE5
MDMyMDE1MDA1NFoXDTIzMDMyMDE1MDA1NFowbzELMAkGA1UEBhMCUEwxGzAZBgNV
MTExMTIxNTgzMFoXDTIzMTExMTIxNTgzMFowbzELMAkGA1UEBhMCUEwxGzAZBgNV
BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGY2xpZW50MQ8wDQYDVQQD
DAZjbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYYxHm4rbou8JzqFlmHk8jPraqO
g6CBruiDcISq80SHLmButKxal8PcV7SNctWuhZtAoYMTakw2Eva+eVfN7e0qFOEX
tM+sNqpBW32Nt++BxLG8wwMi1/E/88ONUBUkJ5YrWMwJzauFXKc+t834BgxEUCw1
Xk7gzAwEJzMKrYPSiwm+A+P7VWVx1ZJqYvnqQqZB+LjWAayXahREgLExlD5U+HBL
A6WXr1J37LuiSJWSxazYb6cEpag+Wr67N9heJJper5vSvoE52UvTa/Hd3FAAQ3BN
AwOzbvDPOdC4BBnsXZGvfp4UFHf8H+D1mmlW7qD6vANU6BYN7r+kifY/bzcCAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUrvAZXfI5C9+mwps9kBhyS9Yldl8w
HwYDVR0jBBgwFoAUNEfDTxLuOyvNlmE37pv3HEM4SOgwDQYJKoZIhvcNAQELBQAD
ggEBAIZL7XtMb/+t0rkKOetRtKEHCudfQAL43F0NdsaAzd5H1KsD4ajldE9zR+i7
84vHCaf2saaP6G074+UG7KlqjAGvRG28EZG/ReBYX+SnxdWA1+EW8eb0IgbL7CAj
5TipjeQRg5WofBeACaCZroA2AlgTrhGSdXwWINFyyoY1XHFXt/6vFbb4ysQRc4LN
MoBf3yp9MaMVs5LkpAbkkcOyZFkVHzoXyoMTE0BNAeQXM5STSjdiOM6duZeO+QV1
kebxTKuuGeUybVDIGxKWgMK75/sprIlrW82t50RafphGEgNGfgdl//+2GPCMPfry
VZIW2zwNeZ1vi7q1AEHSWuANRT8=
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALq/uXUhshKi4zWQw4ElNpMTvdjl
+1hnq8xuVFmb/s5hMpZNKLm0st3tLtbiAt9RBC7yaNqRLN49AZsJpgcuagAc9U7k
oUukal7XtnCSu62cZmhylSgZEoqeZUfIsbpbipQzIokPUfTjpW2LvCSrjAYFj2Zf
yyadFe9deWFVzZs1OYyutMQnwzdWvsi27Syndm95y98ib8NddyP4GFjlJVdZTnoe
fqTzvyKJYuEehh6gzuRoPAEn9zQCuUjznEa0P+gB8meFLo4ehGtmWnAByugngu0T
w/huoVDnxVzQu2S8d/48bn4OTLX/BS4NoPc3faRW394Khi1jMhy/Y7iquu0CAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUXYHIEJEULLRMG3qTJJBls4L4Hd8w
HwYDVR0jBBgwFoAUv5gO8NHd5OOOIZeU30Qpl87BUrswDQYJKoZIhvcNAQELBQAD
ggEBABveCRNHqDZupucbNX0vgvGI3R0qBFUm3VWdTwn1OG+m8CDbcHdp1NQqY7zQ
4+dXZctbl2wnWVW+ENJ8nBhJklN4HZxHgDwSlYzHwNrHcUYoZKGh83tG6+G6dVQF
/4Yky5/4fOkt69pz7Z+0leZUcphJynvt4DW3nXL+FBSnlkbZDyvxQ+Zbr2jBeJ3r
Qib+4LIBngXSRwD/utcPC1HzzVPQ0gQcybd2Z+2ReZO4DR2AvYo0IiAEwT+vHXkZ
vzmO4YK55u9o3QZnSgA+pqOQkZJuPKpapITvkVNtM8DDqVr1tFB5h4NTff5byyGK
5KKKrVdvkXMZun1Jr3CoI32aXp4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx
GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL
MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE5
MDMyMDE1MDA1NVoXDTIzMDMyMDE1MDA1NVowbzELMAkGA1UEBhMCUEwxGzAZBgNV
MTExMTIxNTgzMFoXDTIzMTExMTIxNTgzMFowbzELMAkGA1UEBhMCUEwxGzAZBgNV
BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGc2VydmVyMQ8wDQYDVQQD
DAZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEnNlcnZlckBleGFtcGxlLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKRLRvKQlFlpKEqkAoJzVIUR5RFQ
T4eIc+bdb3M1cT1d49qMBLBscj1MlIN4fIHeJSVJ3Q8cQGfNjBSWc0att7C2y5bz
LkjZgAMjJz83JwHP5C7wm3nXVNsqTlzJrtmGg6NK5muuV7G4ja3hcmhZ/H7uF56G
C8F5929w+o9PLHRZTtOvMi89Va6SM/IWQuke2bS8omXsl2J42qyKs+AVJi6qhbRw
85WaAQV3EU5bVU6l/KIEh6ok2084KnMS++6Hu8VWk5ilx6JMXYiJBi40kjDAuk6v
GNdoRYhRr5XT7RgaVDG84pfNjAL5lC+Zkfrcko7sle44L7/d4lHTWNe97sECAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUbmDWMjJ0fBd1iMNB740er4d5vzkw
HwYDVR0jBBgwFoAUNEfDTxLuOyvNlmE37pv3HEM4SOgwDQYJKoZIhvcNAQELBQAD
ggEBAJcxqMpSvkyoHTyRyMo+8NTg2njJfxZ+RDTBOK0xyT2CdkV8NYuiKOb4sc0r
Emv37v5aN6bN1KReE+SCXvZPc1WHVmAYsuLnIGcbx6xQ/11C7vY2sv/zb3f7OMam
Ajz1F1onEKGstDFHXgsK6nRGacktDJWDXq9OJ89PjkiX3jS6lzXXzAEejQHxQawV
FfNYbg99PP4fRKcm16++iV7bI7d4AwJ9ni3q2SlsrP032wlgp9SiSN5r8QxiqtUm
MZEGWv5fEok3hwzR/sHayL1VNz1XPusTJolKJ2pp2EPzFhNM2CtyR2K7VCoLnGt4
28TKjgLadBIJmINdbM83GwWePd0=
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZxU5tDdyU9rl2OA+u3SKXWyLmy
vW+f+FEmzdQwRK+AjbZrj7hNcmmtKUDhiPobT/Y1NpwqXRn37mtZEstXi/Kv5P7m
TKWIlwRn21/o2xVFAmKg1zwlAmzBTipsoSawSV+yYLG0LgKId3jCMvYVmekH1qpN
XgQyAt2Z4DpE3JGKnGtLUIyokkB2DfE6uCvRL+ySrzzOAoiK1yELUtF4SanBkqwt
GKyc8JHFXZ3ZIVZnYSnTGe8OhEkaOqMVmGtPzLnxt/1bj0cEYSlCXbz6UAZfLUqx
muDxSBqgG2CqQyh+3YYgTrQ4RIT7r0vEzop/f+4xE6kJsiVNd5dKHTxISYsCAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUuBZiJEaBGeaketO4ZCodNbC8OrUw
HwYDVR0jBBgwFoAUv5gO8NHd5OOOIZeU30Qpl87BUrswDQYJKoZIhvcNAQELBQAD
ggEBAJ+0LcsCFTzVCo2VvbiGyYxJ9JPkYXMjCd9I+5zrzBx3RYH7V/cZrbx0DVOA
AsDJPz4GF0hoSWpCwMvtWfa5R4sGvQcfnc55ogsBZLkpQf1VVrPCQEjnWcrD5P9j
Ej3XImPSQrxWb4jvn7fQb0uqJTX/vpHNg2I7FCkbqxcrC99GnKn0fAm18HTT4iiF
y9LLFO7Oip8czCr3vozQZugZl10LW2M3GtOTyuCUJx1m6XQzW4U+jdtmJC6qmOiA
POo5bPcb7y97IbM6FxPpyKWzmn19iAXM3j/SSo+GlSypXAGN+L7mu2M8m5SITmRd
SjDkNyEZRi8WLaQB3SKzaC6iheo=
-----END CERTIFICATE-----

80
tests/certs/client_cert.pem
Просмотреть файл

@ -2,48 +2,48 @@
MIIDoDCCAoigAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx
GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL
MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE5
MDMyMDE1MDA1NFoXDTIzMDMyMDE1MDA1NFowbzELMAkGA1UEBhMCUEwxGzAZBgNV
MTExMTIxNTgzMFoXDTIzMTExMTIxNTgzMFowbzELMAkGA1UEBhMCUEwxGzAZBgNV
BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGY2xpZW50MQ8wDQYDVQQD
DAZjbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYYxHm4rbou8JzqFlmHk8jPraqO
g6CBruiDcISq80SHLmButKxal8PcV7SNctWuhZtAoYMTakw2Eva+eVfN7e0qFOEX
tM+sNqpBW32Nt++BxLG8wwMi1/E/88ONUBUkJ5YrWMwJzauFXKc+t834BgxEUCw1
Xk7gzAwEJzMKrYPSiwm+A+P7VWVx1ZJqYvnqQqZB+LjWAayXahREgLExlD5U+HBL
A6WXr1J37LuiSJWSxazYb6cEpag+Wr67N9heJJper5vSvoE52UvTa/Hd3FAAQ3BN
AwOzbvDPOdC4BBnsXZGvfp4UFHf8H+D1mmlW7qD6vANU6BYN7r+kifY/bzcCAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUrvAZXfI5C9+mwps9kBhyS9Yldl8w
HwYDVR0jBBgwFoAUNEfDTxLuOyvNlmE37pv3HEM4SOgwDQYJKoZIhvcNAQELBQAD
ggEBAIZL7XtMb/+t0rkKOetRtKEHCudfQAL43F0NdsaAzd5H1KsD4ajldE9zR+i7
84vHCaf2saaP6G074+UG7KlqjAGvRG28EZG/ReBYX+SnxdWA1+EW8eb0IgbL7CAj
5TipjeQRg5WofBeACaCZroA2AlgTrhGSdXwWINFyyoY1XHFXt/6vFbb4ysQRc4LN
MoBf3yp9MaMVs5LkpAbkkcOyZFkVHzoXyoMTE0BNAeQXM5STSjdiOM6duZeO+QV1
kebxTKuuGeUybVDIGxKWgMK75/sprIlrW82t50RafphGEgNGfgdl//+2GPCMPfry
VZIW2zwNeZ1vi7q1AEHSWuANRT8=
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALq/uXUhshKi4zWQw4ElNpMTvdjl
+1hnq8xuVFmb/s5hMpZNKLm0st3tLtbiAt9RBC7yaNqRLN49AZsJpgcuagAc9U7k
oUukal7XtnCSu62cZmhylSgZEoqeZUfIsbpbipQzIokPUfTjpW2LvCSrjAYFj2Zf
yyadFe9deWFVzZs1OYyutMQnwzdWvsi27Syndm95y98ib8NddyP4GFjlJVdZTnoe
fqTzvyKJYuEehh6gzuRoPAEn9zQCuUjznEa0P+gB8meFLo4ehGtmWnAByugngu0T
w/huoVDnxVzQu2S8d/48bn4OTLX/BS4NoPc3faRW394Khi1jMhy/Y7iquu0CAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUXYHIEJEULLRMG3qTJJBls4L4Hd8w
HwYDVR0jBBgwFoAUv5gO8NHd5OOOIZeU30Qpl87BUrswDQYJKoZIhvcNAQELBQAD
ggEBABveCRNHqDZupucbNX0vgvGI3R0qBFUm3VWdTwn1OG+m8CDbcHdp1NQqY7zQ
4+dXZctbl2wnWVW+ENJ8nBhJklN4HZxHgDwSlYzHwNrHcUYoZKGh83tG6+G6dVQF
/4Yky5/4fOkt69pz7Z+0leZUcphJynvt4DW3nXL+FBSnlkbZDyvxQ+Zbr2jBeJ3r
Qib+4LIBngXSRwD/utcPC1HzzVPQ0gQcybd2Z+2ReZO4DR2AvYo0IiAEwT+vHXkZ
vzmO4YK55u9o3QZnSgA+pqOQkZJuPKpapITvkVNtM8DDqVr1tFB5h4NTff5byyGK
5KKKrVdvkXMZun1Jr3CoI32aXp4=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1hjEebitui7wnOoWWYeTyM+tqo6DoIGu6INwhKrzRIcuYG60
rFqXw9xXtI1y1a6Fm0ChgxNqTDYS9r55V83t7SoU4Re0z6w2qkFbfY2374HEsbzD
AyLX8T/zw41QFSQnlitYzAnNq4Vcpz63zfgGDERQLDVeTuDMDAQnMwqtg9KLCb4D
4/tVZXHVkmpi+epCpkH4uNYBrJdqFESAsTGUPlT4cEsDpZevUnfsu6JIlZLFrNhv
pwSlqD5avrs32F4kml6vm9K+gTnZS9Nr8d3cUABDcE0DA7Nu8M850LgEGexdka9+
nhQUd/wf4PWaaVbuoPq8A1ToFg3uv6SJ9j9vNwIDAQABAoIBAD5D7cBIyZ3AURIR
snZPS9e3LpbP49AmZywQLgUngqCHgCFjkQAfSMwZpRhJmwAyRYElhtOMLfoEL/e6
5ad3qJ61AmWEc32CZFOXtngJY1kwsHfQohajZ5IuO0LAMm4zmZ++85BDuaEMpCmv
v90TKQ8gPwDcdJUUI8PK4Wuiy1vuszG/lEDVntIaxtdV3mWEmoBNGF+MiOBvs8xW
jU0lvZDgzFsdONF3NkVGm3mIaDehJUClhmQ2RX6PTce1Xb9h12Clh7QdlBeTjqmP
Xsrq4ejkI3nXIatATKGh7uUTpTaSDp5TijQ/FiKwex7RK8w21fmUpmVDicPhyBVQ
JW1MoyECgYEA+e3cLTnUf1gFprwKouXm+K6EQgAf3TFLvpLKFy9CHos3/KwgevXA
KExn69TWDV2B9ufHJd+5dnJYr0smkQ0JBMgpou5+PuF9yMJUh6E/p84gfkV16EgH
M6t8AE9a9i4Zbv4q1l5bcrWXKqukczpfcJvp7OeHQn/09cXfIQ1t0GUCgYEA20wX
DZ6u32d/guOG8kQAtbpkd6O/G99grF1lpvkcSKSTYICBTQQVGZRC0T7a0i+czavV
SkrbhVIXk2Va4KVoe2OTOZGyusJ/3Mjq7aHhrDW32PcfKAZgv9ad8vpDuBesZSRw
gNFMgUkaCnBpIg+cE5W2SFckv4sXCfcHL6w+MWsCgYEAlrgsyVFQpqMMdWp895Ox
YFLOC4dLr/akeP7IxIaJVyYZ01RyGfTNtv+sw/mMRG8Ziy5nWJ28mIOIm920GlFE
GRAkm887buxJEKKwm0JQwv95dOyqmDOntC88DmvMrR1L1TWN28z3VQvRZ7gu6hZP
q/c6cNWHKkFEFlsHnkUc7kkCgYEAhj6bMiw80ufxx/du6am1YYob7J1h5TcmX/3A
t6lxpgqRaZbhEHt6SzFWge9fVyHsdH9HT3Zp0cCCTCnUqwa24in/u1M0vV1Jlqes
IRJjKt+rjvcgrIjS+zzvbgnEINLlJvlaoZD+q3pLpa5QvZgerGKOttQZ2+PSk7gU
PxvK6scCgYBNMKPYxia0Fjgv2kuEgzkI6ZoYxnk8FVVONA9fPTGA3eCGYXeX2+fq
KgYq+DRnddPi9KSx/EDR1ooYUJhkqbwXLCfJrcQ2HNFpxLTRWbvLFlCnJkK4emRp
oKmhCPZfkM54tJb27a3AIuIh+oF89tL9XB3UPaNBrm35+pkgqo255g==
MIIEpQIBAAKCAQEAur+5dSGyEqLjNZDDgSU2kxO92OX7WGerzG5UWZv+zmEylk0o
ubSy3e0u1uIC31EELvJo2pEs3j0BmwmmBy5qABz1TuShS6RqXte2cJK7rZxmaHKV
KBkSip5lR8ixuluKlDMiiQ9R9OOlbYu8JKuMBgWPZl/LJp0V7115YVXNmzU5jK60
xCfDN1a+yLbtLKd2b3nL3yJvw113I/gYWOUlV1lOeh5+pPO/Ioli4R6GHqDO5Gg8
ASf3NAK5SPOcRrQ/6AHyZ4Uujh6Ea2ZacAHK6CeC7RPD+G6hUOfFXNC7ZLx3/jxu
fg5Mtf8FLg2g9zd9pFbf3gqGLWMyHL9juKq67QIDAQABAoIBAQC3Tcl0N4ba1BfB
VD8SXLyc0Rvf8p4rwFbZatJQwtXxLWbCMSpwXfXT8COxuFapbJR2oGpbX3RzD96r
l2ToV56kTchbj/7iiJgAUCw7g0vEtWevzgiqOzH/7knrlAsfqQr1PNwBPJBtl6Wh
SS97rwbaQkrnac+2LyqAsXebGuWeGYmeq/hS7osamqr13mqWzVhHlLiuJTsSfgHg
UaixgQlq5MDRR9Era+lCvDNcPtvSLLxIZLLjeToAJz+0wRNNT2OMBdftv1bfRwnm
hMlIfJmM5e7NAQeXWywtK6bImLyNLJxtAEKfSK31GlmR4HADO0xKKrGBRWS6jjxh
uWaf+ijhAoGBAO1Iz4zcyHJi3ElyN+sHmRN/ucr86oQGoXoabssurWhPmG0a/Knv
JI431iYQO+KhkYuSVU0UOzZojHe1/iYbNJVhKooQUGVeSIrZclGfHnKqpXHVM9Ks
msNsMkdwIEZugVUsRtOrj3sAjUpqNMmJQ6fTo3YyG8xOA6D/x0aKNrF7AoGBAMl6
g2f2wQfjIdWUGE0JOycYcw2C8GkUeOwzxQ4dii8mUvb/JD2hqxHJJ3s/CCyKv0uD
m7D4ZsszLm7MW4fAEgxpUrpOY+r4o5q0wZLnNtARcqzDggFvmejgMFWiUgIiesV/
/iN3v0y8MUPmu3LXoznrm2SoTrjanimMT7pCSNS3AoGBAOCFkL48+v4hRUfJ59dg
bRviM686+bzLeWfMMyHWnQaiqhwy+Pji67gWZW/G1KNxNgLXCBfTGOQ2sRNlBYKR
I4RlWJcjMK96MzIO5vkMkwb1KW84ybyCzj4z1q96DVAXqBErwCjxoOZGc2sCa8h3
NalLvNROPbdn6k8hNzIr/eyZAoGBAMhy3R2n/3ALZ3QH/Q1Xq8Q/rOe6Z9kDhzLo
ZpqehQZXyJ74RGQU3g+540/Y7Bb0i1FjxJgS6qIrb3zIUCAE1XAHsUiuCPaTHKIk
R5oR8xSa504+zK8FC0kHEs9/yLta9m5b4soCrw53BUSa389n/nr3jwhb8sYyqryH
XiLfI3qNAoGAbV1RPIOob8n08gT5scu6DerTvCSe9P6qZWRyYjElSV/CVnBFBG6e
64PDOJ6y1/R4999zGRji8eMWdz7mUmMOFzkHvm/us5j4ZpuZwxZDRte9f4vV+yDP
Iz2oFCMK9HJVMMecIaE9sqkKfGSVvqGV3t7ikihmgJBzeJi2YVL7/5Y=
-----END RSA PRIVATE KEY-----

2
tests/certs/psk1.txt
Просмотреть файл

@ -1 +1 @@
test1:oc0vZijCTtEXYIYwNFAmRyjcuA91TGD4OhL2PEzuLVBsKw362J
test1:kvix8aMfwWEdGjJslhocucTcvGCr2qWT3E1PfwpGFIe0qOmhyi

2
tests/certs/psk2.txt
Просмотреть файл

@ -1 +1 @@
test2:AKcwVXfz7TuEvbaX79wD6vXIwlppnniAWPkPBobH18xjGUEVWy
test2:wionOV9B956yI9rFjlyq46IWps8cBqTYTmz7sW1rROGhNkWgyF

80
tests/certs/revoked_cert.pem
Просмотреть файл

@ -2,48 +2,48 @@
MIIDozCCAougAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx
GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL
MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE5
MDMyMDE1MDA1NFoXDTIzMDMyMDE1MDA1NFowcjELMAkGA1UEBhMCUEwxGzAZBgNV
MTExMTIxNTgzMFoXDTIzMTExMTIxNTgzMFowcjELMAkGA1UEBhMCUEwxGzAZBgNV
BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHcmV2b2tlZDEQMA4GA1UE
AwwHcmV2b2tlZDEiMCAGCSqGSIb3DQEJARYTcmV2b2tlZEBleGFtcGxlLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSw9qYnxHpABxNWeZtgOZJS
OPEjvJ0ckAThj2hbTe3H2vd74qP/AQFkCl8CX8aY2xOyZfNrWBkksc54pFh1ez2C
bm4kgpwHUIPb+0MkcPiSnrgJP3MSNXpk30VFuBqStNxY8/5Gr97UTaMq2DjO9eVw
sgB25KL8z+YurMatiX5hE3tIX6lSD8f/KnBYebyscJ4PnHGXoZ8haTLuc3DzWr7w
PV5Bb+6LPqewF5ExpeScrS/MMswxBffMWGmlmQ5w4sDANUfZK/pX+P+0zmM9K8gz
8D9yoIH+gTo2swnyPBC0RkqxX3q8Rg3RUh4+R7z/qKjiqf1RugggwfHfNko63bMC
AwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUmUogVj39cYsCIGnvnI8yMObC
qW8wHwYDVR0jBBgwFoAUNEfDTxLuOyvNlmE37pv3HEM4SOgwDQYJKoZIhvcNAQEL
BQADggEBAIeanb0Ct/IVKX5h3Rcx77NpjoNmcnD0hH8JMtfNS4EDH3B7+cpqojR8
AydCx0Qn6gqqRyvkIQ5W4IMHLIAAkMNOqmkArEIWEnQYchQGLOBPaaYgQ1OoaoZ5
Qb8bMNDgV+wVpmCkGtuJLjddKo6/Uur1FoUZJaeLUW9cT02aWnbsguwDR3U5RFjn
XKOtAATF90l5XsCJFniJce+Cp7OjNv1XUN1i8rhBVu9bkbsa+inWLV9gNA6R4ReH
RfUxWIwkKFAq8/Canmgi5/wSfTGf2WQ7m4orQljZedhSPQqY1xXfN22QKHjqN67t
TjQHM6DCn85JB//NRI8XcIGG614dPQs=
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAObg8POTFshvLhXt/BhxBI8G
+yb/OeaohYdmtDtBfV4eXAubH6uewRIh4+4l3NHL5DG41hOSNueOf5WnSKVD1sYY
XoKlqukH7o1Z2x2x6IpHXGGnmVnIgMNJfBo3wuzBugeeepytYcQqYdmDugN6TB8f
hZUc90E1ZdER6jyJ+F31UmB1FWKpBILbsc8HZVmfEUMV0lFXRH+h7S/ncYY7WTQf
GglBlBzkOLfENTJRBKX7RRsh8ySf9LwjuxE58wOUwqFCzcgtyicLPg3JVNqbBqvW
+9iYDWcd3K1bD3az0quadfWDwRnMDGfMfU3Evp3nDSVB86Bru5cVPvf8UglbWiEC
AwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpAGy+3Vst01bjzeHY6vOJaAI
K60wHwYDVR0jBBgwFoAUv5gO8NHd5OOOIZeU30Qpl87BUrswDQYJKoZIhvcNAQEL
BQADggEBAELfKTDvo8X1AJrsZlkGS1QkdEbebVqMpvNO5AUnfH+DiUPUM8ejmSyL
WnWl+/F8TJu0o2ph+Jf1zMAyXXxm3gGWE7L64BSOtrnKz8Npvlg2CyJKp8LRQ69i
2XsHqbbzpmiwnn7y7FTHhOpVOWsg/lZfCrP82RD3HRz7Hpx1M+wyKMsFnoIphIz1
99Hj2H6cyHdw01xMjLz6eiKzBAV1N2IPzCaX/lNkWjlJjo+CNoT2nPYsOoBrUdGO
emu9o7jRLNqZK34roZW+ZbZGCL3lYuM1MYCkIDq8J6wyyquNNOShmk5pQBoaNtSb
kSMBXIHQEJHJOoxXzScOGMJH69hfhVc=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEApLD2pifEekAHE1Z5m2A5klI48SO8nRyQBOGPaFtN7cfa93vi
o/8BAWQKXwJfxpjbE7Jl82tYGSSxznikWHV7PYJubiSCnAdQg9v7QyRw+JKeuAk/
cxI1emTfRUW4GpK03Fjz/kav3tRNoyrYOM715XCyAHbkovzP5i6sxq2JfmETe0hf
qVIPx/8qcFh5vKxwng+ccZehnyFpMu5zcPNavvA9XkFv7os+p7AXkTGl5JytL8wy
zDEF98xYaaWZDnDiwMA1R9kr+lf4/7TOYz0ryDPwP3Kggf6BOjazCfI8ELRGSrFf
erxGDdFSHj5HvP+oqOKp/VG6CCDB8d82SjrdswIDAQABAoIBAHK3WXcvaCqHguYz
bA2Qn0mOwF8nt2/wv1jHDS9xufyRI7MTtjDppXekiZzYeIJLYv57W4yNDxaker4J
RuDfJHMZ8XYDNH8ekTTn/EMulQpwhuJGfs3Wty2EKgmEoNLRse1ygLJz5nlehJ3N
cENR1fJ152dvaZ8mXmJFzM+vfYBrXAFIzySqorHd0IC/F4hV6PWgMIp/UsGq2LoU
uI4sagpioVRjfqTsOItYRUwaRMXS/aizgM7+Iob36gF+XKwxF5a3x1EuXull39uI
ztWFIl4eCDJPh72EdnjgZ5vUJo8WTVpLO2iuSz3AHtBdm9OOLomTjngx8kWSURrK
b+aM54ECgYEA1GN4EkAW70LnDVoykdBx1inKCCKWUudJd2G2AdMMYehOTvxq7L/F
ASw0RShe/w7eCVqL2IgCcnw2PsNXQGEo/QRUBjYhgmcrC16+OeKkzTb0WPVX73UV
c+2CDGVxu1iwH3vrqeuE3d52iecahII/oD36QJP02tsXPEBN9JUBCBMCgYEAxoI2
kL4GAGJHD46hUp8ihAw0liTm4Eg3FfXjUAJj3qJGB96y0Wvt23V9aTQT2BU3UDid
2ZuAraG6i8X/752aPq2cL+qNv6BcYAhvqdr1+hQIhQ/Z4Bg/lOnJ8m0erTouf/hB
k+9e9EfrtYnUypG9Vy/1DTsEUhWPLUMjtVZEx+ECgYAw6McZzNB7QLjchkzm702H
uA/iV7SuWry8VTAIs4VCdrCx18b3xiGj534R/v4BVncjSEq0Dn4hxyDmyy0okjdS
LND8rTKCSSfMcoDz65FwAJu8cKNTbW8HR0aPfDz4m6/TUEIw2x+5yCUcFLAym5vz
VtJuVKQqUhHDujs5e6bFKQKBgARU1wf1fYAIpPBL9m0tF7213nfgOkFukfUitmEK
jE9RTyHg1BoJttjxCVmAT2aJn/laIueaowYm30EpgtohoDn548yP26PwxdM6m+Ui
5/ca9MyieeiP3uNK7qMhimfROy6DpjqqIHJIF3aQmVoKMA10+G3fecqoucUND/xm
831BAoGAQid2RRBipjc5q2CtdYYR3XB25X3mNesqFNxRp7mh75+YSD6p6XWSR/nk
NIpnCPh7HCc2cm3NT+uA+sI1/ybPVEvrbt6QzEevAf9K9qbM2iEflyZGpbw51e3s
I8y8CKxfKyxInHwTNkJQCPK7/2LXUqTM/yHcAtkO24HTJWJpMec=
MIIEpAIBAAKCAQEA5uDw85MWyG8uFe38GHEEjwb7Jv855qiFh2a0O0F9Xh5cC5sf
q57BEiHj7iXc0cvkMbjWE5I2545/ladIpUPWxhhegqWq6QfujVnbHbHoikdcYaeZ
WciAw0l8GjfC7MG6B556nK1hxCph2YO6A3pMHx+FlRz3QTVl0RHqPIn4XfVSYHUV
YqkEgtuxzwdlWZ8RQxXSUVdEf6HtL+dxhjtZNB8aCUGUHOQ4t8Q1MlEEpftFGyHz
JJ/0vCO7ETnzA5TCoULNyC3KJws+DclU2psGq9b72JgNZx3crVsPdrPSq5p19YPB
GcwMZ8x9TcS+necNJUHzoGu7lxU+9/xSCVtaIQIDAQABAoIBAQCFKw+v3pJQj9hM
K9Wxn1aazNMGXkZeZauHOtUQLKkMJYS/6Pyud8YzGDso/MvOcsUvbMaFyVtD2mx6
vF9pe6Sg5CN3Rek7uih9fWumSByxzZFaflo0cDLc8UDUun8DIoaTqHRedJ8kj7Ga
zaD4Ko1Hkl3xcSCoiw0sNyIdQxNv1Vz2JdTuzgNAj29fuQH9BJeIRBX3i9LSf8b4
z+A1fZdYecKaM/gYd8YU0klShwlTiz32poq0broU/ZD2+DkXea6kLgDo4TwRFYH/
gEhmq6sHkjBPOWOkrI31/VeUGF3yZUnktw04Xx81SU70v1ajfvwlgm4K3RMX3ARP
vb4R3KIxAoGBAPP3FwePhmqvdd8mKHALJgeOHQm0MyFVr8/+iWHLGvUiAPvwjXWn
u9Snb7D9HFVUBPNVvesS3UcFzYATgD5bLu4baRXXhH+8aXoz/QMVoJauy5VqmXiN
nKHLP2F2VKM41fOGB4giEK0APH6tckrpmwaPRiG5ltAaRGxsf6p1UoxNAoGBAPJE
lqEaxeM6GFrbQRq+YZodIerE4epNJqMJZ7LD2AXr9HlfuI2FQaXaTFWizLQtwqZp
fm8xBL0rJ53wC0jUxzqMcTwYfrojGwy7+k3VxeuU2eG+autAE6uLLT5DHrumdYPu
oQDc8DhHNSmtbKv2hOboj7CE3Nt4tETsjBqADt8lAoGAJowNDHnGAEdW9Xo++20X
hiwTNHxPc93pGJEcPeJskPzdcPFSOJvXFsOZ5zom5uiOm7AZgPILGnS1Qp5SLggU
QzT7hqL14YTwmYlrWbhqFkTqD+K2+xBNBldp3UloGB4b2A1+VSkkv2EBLfbTzzhX
8VJj/2ImjR0JYKRIC7Pb5iUCgYBW21BFohugQ4vHxyOoOukzH46xZLS6E77uZMjQ
xnYEaXvUqAS6eDP5CjKj4SIS1vUaRGgX5TMVvwsNDKp/CgoDa6aNLRsCEOP5xMsQ
bLvwogUbcfFTNj3XGqa108qI7DzleAAxFwToqF7e+lYjsNYlEuuxFXE5HiVDMKtq
NM8gIQKBgQCuXTirYre6mCuzdGGSHBmRkIUm/cOkQzF05N/iD+s6mtK3fRa3PgkY
coLEgzTZBT+54u/7HfmS3OB6iWx+5Wrb2j1bSaD8zp70K9W1FE4ocPpT4pmJdK2r
HCS59Ng2AqV5FvClfHHJ1SJHnnnQcjL7GYGvuV8FBR7M6Orky3pPcw==
-----END RSA PRIVATE KEY-----

4
tests/certs/secrets.txt
Просмотреть файл

@ -1,2 +1,2 @@
test1:oc0vZijCTtEXYIYwNFAmRyjcuA91TGD4OhL2PEzuLVBsKw362J
test2:fBg4EMg39tFiw7pW20U1OJIyOKbOnQHhR9Mx71qNrODTjzp1Yi
test1:kvix8aMfwWEdGjJslhocucTcvGCr2qWT3E1PfwpGFIe0qOmhyi
test2:W42xCIe3Zbp65qEBpo3ER4EvWkHSErEn0Ps8w0ikmMHr5tHuvY

Двоичные данные
tests/certs/server_cert.p12
Просмотреть файл

Двоичный файл не отображается.

80
tests/certs/server_cert.pem
Просмотреть файл

@ -2,48 +2,48 @@
MIIDoDCCAoigAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCUEwx
GzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEQMA4GA1UECwwHUm9vdCBDQTEL
MAkGA1UEAwwCQ0ExHTAbBgkqhkiG9w0BCQEWDkNBQGV4YW1wbGUuY29tMB4XDTE5
MDMyMDE1MDA1NVoXDTIzMDMyMDE1MDA1NVowbzELMAkGA1UEBhMCUEwxGzAZBgNV
MTExMTIxNTgzMFoXDTIzMTExMTIxNTgzMFowbzELMAkGA1UEBhMCUEwxGzAZBgNV
BAoMElN0dW5uZWwgRGV2ZWxvcGVyczEPMA0GA1UECwwGc2VydmVyMQ8wDQYDVQQD
DAZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEnNlcnZlckBleGFtcGxlLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKRLRvKQlFlpKEqkAoJzVIUR5RFQ
T4eIc+bdb3M1cT1d49qMBLBscj1MlIN4fIHeJSVJ3Q8cQGfNjBSWc0att7C2y5bz
LkjZgAMjJz83JwHP5C7wm3nXVNsqTlzJrtmGg6NK5muuV7G4ja3hcmhZ/H7uF56G
C8F5929w+o9PLHRZTtOvMi89Va6SM/IWQuke2bS8omXsl2J42qyKs+AVJi6qhbRw
85WaAQV3EU5bVU6l/KIEh6ok2084KnMS++6Hu8VWk5ilx6JMXYiJBi40kjDAuk6v
GNdoRYhRr5XT7RgaVDG84pfNjAL5lC+Zkfrcko7sle44L7/d4lHTWNe97sECAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUbmDWMjJ0fBd1iMNB740er4d5vzkw
HwYDVR0jBBgwFoAUNEfDTxLuOyvNlmE37pv3HEM4SOgwDQYJKoZIhvcNAQELBQAD
ggEBAJcxqMpSvkyoHTyRyMo+8NTg2njJfxZ+RDTBOK0xyT2CdkV8NYuiKOb4sc0r
Emv37v5aN6bN1KReE+SCXvZPc1WHVmAYsuLnIGcbx6xQ/11C7vY2sv/zb3f7OMam
Ajz1F1onEKGstDFHXgsK6nRGacktDJWDXq9OJ89PjkiX3jS6lzXXzAEejQHxQawV
FfNYbg99PP4fRKcm16++iV7bI7d4AwJ9ni3q2SlsrP032wlgp9SiSN5r8QxiqtUm
MZEGWv5fEok3hwzR/sHayL1VNz1XPusTJolKJ2pp2EPzFhNM2CtyR2K7VCoLnGt4
28TKjgLadBIJmINdbM83GwWePd0=
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZxU5tDdyU9rl2OA+u3SKXWyLmy
vW+f+FEmzdQwRK+AjbZrj7hNcmmtKUDhiPobT/Y1NpwqXRn37mtZEstXi/Kv5P7m
TKWIlwRn21/o2xVFAmKg1zwlAmzBTipsoSawSV+yYLG0LgKId3jCMvYVmekH1qpN
XgQyAt2Z4DpE3JGKnGtLUIyokkB2DfE6uCvRL+ySrzzOAoiK1yELUtF4SanBkqwt
GKyc8JHFXZ3ZIVZnYSnTGe8OhEkaOqMVmGtPzLnxt/1bj0cEYSlCXbz6UAZfLUqx
muDxSBqgG2CqQyh+3YYgTrQ4RIT7r0vEzop/f+4xE6kJsiVNd5dKHTxISYsCAwEA
AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUuBZiJEaBGeaketO4ZCodNbC8OrUw
HwYDVR0jBBgwFoAUv5gO8NHd5OOOIZeU30Qpl87BUrswDQYJKoZIhvcNAQELBQAD
ggEBAJ+0LcsCFTzVCo2VvbiGyYxJ9JPkYXMjCd9I+5zrzBx3RYH7V/cZrbx0DVOA
AsDJPz4GF0hoSWpCwMvtWfa5R4sGvQcfnc55ogsBZLkpQf1VVrPCQEjnWcrD5P9j
Ej3XImPSQrxWb4jvn7fQb0uqJTX/vpHNg2I7FCkbqxcrC99GnKn0fAm18HTT4iiF
y9LLFO7Oip8czCr3vozQZugZl10LW2M3GtOTyuCUJx1m6XQzW4U+jdtmJC6qmOiA
POo5bPcb7y97IbM6FxPpyKWzmn19iAXM3j/SSo+GlSypXAGN+L7mu2M8m5SITmRd
SjDkNyEZRi8WLaQB3SKzaC6iheo=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEApEtG8pCUWWkoSqQCgnNUhRHlEVBPh4hz5t1vczVxPV3j2owE
sGxyPUyUg3h8gd4lJUndDxxAZ82MFJZzRq23sLbLlvMuSNmAAyMnPzcnAc/kLvCb
eddU2ypOXMmu2YaDo0rma65XsbiNreFyaFn8fu4XnoYLwXn3b3D6j08sdFlO068y
Lz1VrpIz8hZC6R7ZtLyiZeyXYnjarIqz4BUmLqqFtHDzlZoBBXcRTltVTqX8ogSH
qiTbTzgqcxL77oe7xVaTmKXHokxdiIkGLjSSMMC6Tq8Y12hFiFGvldPtGBpUMbzi
l82MAvmUL5mR+tySjuyV7jgvv93iUdNY173uwQIDAQABAoIBAQCNQ2SHYCUOE8rf
EtJNlBiSKmbJUkJviLYPRUp0xvjNCRPHcCkAAN7hMh1oRYrYp0dNHouCWIpQNn5B
nXMUzH1q5mF7MzES1mCpUeqHAkb52eSbL6qfQrTllSS3x3od8vjwyJAC+m7QkpzP
a09Rxj3CbbnFRgCJpPNJ0Ny/qBXTGy4ubUQ9BbTBTa8PaPDg6KUC7J/8ta4HAXAX
A6nR8PUVBFEJPOIjV6b8ju4xRY4wXnl/DzqFH+XvfCGKaP79m/0iiWZVHb8vVdvO
D0VuFJpoowO2gj1sL2oxaA28OG+5aODkUeYMN1usSsNeog9rSUhYR4pMuc/DWkel
y/805ooBAoGBANTe4dyHKSjyGSxXw8BymtyU4ZEM+0nwfqj9Rq7pQdUBeuc0j9jn
rFASv5CJBdQu/dk2rZ2u4SOJuE2k4XUKSzQrGGGyyy3rQmZL0sVTAsV3Ze+DIItJ
LA2Fbzacw70twlPjUP2mDitjyEQUinsmK1HyTucyFlrjPcdUXmy6Vh2RAoGBAMWU
1miXMnf91gF7oSqZ8b+0XoMEZfI1ecHshmz5ZK4zJjJXSs4nz1nwX3ub6WjthFAG
YYKgOF+mBBQOLNUHbB6AZlVNzqj03WleHdPoemwkgA1z5QjTCkxXl8xMzLbacxE1
xsWBiY1Tr3cmumEoaILQm2GTJPbGWvJiUqLSkuYxAoGBALgneU3GwBzkFFMAOiCr
BL3/LoTFrj7xByI6uoNm18TmWuTZ2/fRtIgxL/hiEeDWJlVbsCbRu4N7CS5ijYkr
NpQTFCyw+ITpGbBVuCls/uDFwjHKRsU4sBuia+vbApsOkybvaImGtoti70W2X3ba
Nm/WJ9xqwFwwaqmem3GEYiuBAoGACoAlgPuAICZqaDvEzfnOgky4tSfXry6uYOMM
JeB/PE7VmdlPzXMKLxJ6UJxxpDTzUjl0lzeip1qwXsx+D3hMg7Z5OdFfyVTyK3Zo
CWoSj4rFD3H4Wya0JmiFVcNDIfisIt8DyF1hDRTEf4WcZCt8mm8xwtbKIR9bmAQn
tiWQzxECgYB2mMQz4/PfSU5KQ3vAIB7RyNZWy8al3MBENuJVbA/ZtfsZC6rAw2ym
/zt+PA163bnW30HS9lCwz2Ly6ZN6GQNjaNPPemlUOfr1HC8Be9anJ/0FyoI3YYfD
8lJ21teCC/ZKnsuEWvMGlgVpRABcv/RgFfs/Ww4OQiYmr2c+wV5KOg==
MIIEowIBAAKCAQEApnFTm0N3JT2uXY4D67dIpdbIubK9b5/4USbN1DBEr4CNtmuP
uE1yaa0pQOGI+htP9jU2nCpdGffua1kSy1eL8q/k/uZMpYiXBGfbX+jbFUUCYqDX
PCUCbMFOKmyhJrBJX7JgsbQuAoh3eMIy9hWZ6QfWqk1eBDIC3ZngOkTckYqca0tQ
jKiSQHYN8Tq4K9Ev7JKvPM4CiIrXIQtS0XhJqcGSrC0YrJzwkcVdndkhVmdhKdMZ
7w6ESRo6oxWYa0/MufG3/VuPRwRhKUJdvPpQBl8tSrGa4PFIGqAbYKpDKH7dhiBO
tDhEhPuvS8TOin9/7jETqQmyJU13l0odPEhJiwIDAQABAoIBABiDUEDpqr59WxTE
OaeZksV54I4Y2PV7peKtyFqb0UHXuQdIyB3oqhUOP6kijj3nj9s+8xAE3TlZ3m9I
6w+vkRjo9tzjph4rA7LOaOyzKrDzPOqxrYFaIgVKYuy0mvdLt0K0zrDdTHlrB81t
LHw5qjU7xk3GnzYW930TkIaEZce5WXcG1SUBtdWrP6RGYAlOUCBSbnJcumpw2sE+
I7IoxMmQbVl9UOK1IRRltr76A2APoo7pPkz5ghqWgykjta8aMYEfEz6E19rTTPWE
PM8M28MzNcGN7inIMlejxii/LTJQLFfUVdPH0wOWNTZcvOkgcuF34tZ6b7ukw/Ky
XeOKJcECgYEA2RRytdmeOp7QDIaFTBwV2t5xuEBnVAQ9V0AEh3wr+PB9wDBLFkJv
wIKp+oMjJOURNnq8aP3wg+xuyKW0+fsHmFbytK5g7cjn8oXFyk9PvpAuhDXjGcQv
rjdwpaDzepUTjO77fHslqsfmreFZYGDTCA7X/jcXldnIPHygjbwvU5kCgYEAxEi6
XRBuhh2/U6aY4AdJxpwePTKi0LNSIsfb6IAlnqOyL8tGamJg3DSyD3xLnpo1UJjr
sRhgVVbRfGVgpm1Qkd826ekFtSDg65fkD1zcCd/ijSineFB3cIQSIX9+L1bpEcir
uey/qyc/a8+UZq/YEmXMnB6GDNtDClDriMQZ/MMCgYEAv8YRxNd4sp7ke3xHvEI/
iHjli/nRjuaj7jWPCsZG7og+/49qdkLBCRgl5Dr/zDNVroRleHeGiHVSNY42wHTl
c860Yax/0vGe/6DwaFcCwv4LKh+U/olT+hveN2RmVM/oUqQ5pfIBB8vL3absV3mS
VVcPt/ShsG+SNuV+zVgHk1kCgYBNLnPpqE5tekEDeZzfar491KGnWsPe4MRJXOFB
+THRwXiNhpb3uhtwO2BQ6oUppmWUfa0gA//NTsgs7AgnKRDnayhCrhhKctU+jolk
6RS05U5GR1gi3TE6ExS2C1Xo83nOPmQYRdnQSSyNDiDCiB6kjVb5hJ8daxJfehZD
vyig1QKBgBzpjUITbxy0uty5qL81aV1luMwlkSVhCHZCAjhFkbUxHFvMuoeFuwQm
aDcm/XZqbBEO8D1BcjAonMmpuVwnnhfaXEZwzZqP0oJaaS5GzwdEP/aT9NuUd3uf
1PXdun7ArANAQayTWiDP613UUHY96GszYpxCHQTF9uYUjk+3ncUV
-----END RSA PRIVATE KEY-----

86
tests/certs/stunnel.pem
Просмотреть файл

@ -1,53 +1,53 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCeOGrq6DsE/cUu
6a3hPRdzJLJk+OQzuWddUPJ7hcZr8DRDD9k2KAos3iVA+dJF6ZwpNRnaKezlJlEL
k3hMNeKhGBpJ9mE4KODRcE+w2mVmi5CHf/TzmDgxAw2gUPr3/AyfrxqhmtAUFQ1t
eg7MHEfjYOrQPheEucx02QXfioosIUWL6QEbvjHLFy0dzaL8vC2fJBYGTrWqwSxk
b8ukiIQg7/DWC3zRXo6dKzcQy5Zx8FSA8ePdUZG97aVrcOCI8+32M7OMP6mKLfZC
edUa/bzytOBUSwb84Sgw/JGjSpp/7OMkHbLmvINoScyPgArYuVtTdvDL6mkkGo27
hxbEEIm5AgMBAAECggEBAI4ZJ1UgCtmZvL08W9C9mFDuNVXf/rvBmObDK3PqmmEY
kydjlXZBEZpoTNcFR2dIvtp3eWdpXfwTpJgb8t+nSYna5slkgL36YKdZEglIq+ck
E0LOlcUtAdJq5pMEB9IuSXwkvGtFafmPSsb251FDWQEKavlpup+WatzKiK7ScvPb
6FYzST3TEr/c0e4x1UrOeUtJFEqnGMHwQPuCNdWr2O89bZ1L2rU7y25JlbZBnt4L
FLqLk6aMTnDse/eXL4rl7A0ejdJZOgnTAmYJXzXbX3EUeewEDPzyaVhR+Dim6cgI
7geOjMKWx97oGutKjgQ3ZaVh/vtEBBulN8YkArR+YzECgYEAzL4iNrvYLg9G2Qr2
Cvvk+sqoEMQaedaKUvgINRLZI4vwfEOXXukPhXPD2vgMtVbBhbxYUbpuTIoXMdAk
bo8MmA16dFxhF2pTVW/KMTGxkhzv6ssERsLstJyOoI+GZ5b0PEzcLGbaYvcnZGJh
4v/6EvxWzod0mKIA1nr2DBrGhTUCgYEAxdSwd7ScJYhuntxv1BvgmxcJeQtnkDKy
G030LQpoY3GLZa90BEsowQgDdXr2OYACpSVjvN0wbsOep2YQ4CVCtSAedz4AFd3p
s8KOJQfA8UThAP/CBD3xCBcoRn8MLMGCug3lCNUW8HBwSIYrUwCPQeHpTvFuPHqG
2lmiCiiulvUCgYAvBHLC8vxAB44Thare9t2soiFaSE50MEpvpznrRjrLKPW+856t
UwQXd3BAtrnkYtnqJkh57EAsH4IYFF5pbTxNJrs6QYSiZe5hLlzWUz0d+rs1xg1j
WpwVFebDBHKvE0FfH59oKu53z54iNV2ZTYNWHNCqePzTmFBs8KvUN8njCQKBgBxX
fTSZFmm2Iwr1T7wWhlYRtdS2ko6xBJ0uzNWLESt1/9+AhGF9FwiYik5RYGcadMaO
Fbzf/2lO8zLOR4qlK+phAJxasI5xbWLIc67Qbo7iLE4FVhlfemGLV8TJvMfIrV7U
UMS0KoYlxaBOQHSyttNcdx1NL1rQvvMXNkS4UVLlAoGAHIM7ZQNazooC8DOkQieP
qxxjO5J5N17o9HPpJj0pNP9H4YhnEB1cpbCC+PHQspPs598sEVs+kok4c5LBVWnp
5cAEKxG6ZhhsovGYpV1hSqLQMGUKCDxT8msMJjxzx+7u0aBNEn8wBCQFqAAGGOe6
2sNTv4uk8BAJ/sOUDcWgCi8=
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqok2NvyMMKWnL
buYxcXic/T2j1OPDbeDzSy77t0hMGjbforHpHmnAHxdYPGTkgbbiaLRZJfNEBDD2
1H3c/YLC1cfwSc9tw1whbmmyxq1iPuNH1kE/o1kXNRVZta+oSzFGGzigD5c7Zp/F
xytmtu+R7pMpQv1IPOx2SFzqzm3bTRBjyciG+EFX8ceyRbmNuwyGfaWD+awbxp+I
gfChtD5Z6Kw/n6coaG4/VyxMni7GRB/MIyYmYqb/cfSQsGCq8EfvrAmUllqZ64Sl
k63z5VyPv3uestIHKWWwPitqCioCzeOt1VAyA5UeL22QocC2YfuSnJTjQZk2ESjq
FI41L155AgMBAAECggEASta0vR6/+G2RgTA6tiTWicRobJrK6sQejZbEHJLemsJE
nwF0lpJIP4NjccfLWI2r8NGLiC4k7AgKkbfRHEP0PhAViUZWPAYbOm563XZWRWjf
tno6U/cI9CzMGHSffmi8S8tUop8z7VGtcclRN9O0b4T79nTzMePGsno6hqHTfQMw
dHAucZY43puCOQm0Lkm0Mzf+XUC1SzjfhYni2HrsfKWmzLZPSZufzl6toQVjhzNI
EYl+4TpZFuScwB4Ox5bojsA9uLtluLEYGZ7Eu7J+ol4hIzyBDiZvosmkoEkbFjFt
2EvGAlzQhlcqUJECo69lfW5J9ZqASIKJqyH4q+NkIQKBgQDVcc9gniVhUQNIH1WE
FBTo8IqhUUIZ9fPj5ALxvtaXjZAjldySNiZDST3oQNXf9KhEhEJVDqb/CLN7U/Q8
7/A/WfMg29ud34gRJ1JbUxhUva1Gw4kbdvg2CEs/3DnepPHDFBBLAmsH7RWMTA3h
hWEVjD9gFUweVu/Zs+dy2h44uwKBgQDMp3ICJjMKTm1i9l4r/8J5ZdGD1K0A1a8D
MPzj7sjNa1sjrmtEQb9FBVwP9xfabV8EEFxcJdRb7e3282TeWrDx8sRpY8o2UJfi
QyDGvjvfzmUcHszD7z5jFl/dtt+nf6nKBFg8tLyBw4WahPUrmbjtCRvyb7ol2A0g
WaBInkpcWwKBgDHtd1bgZ1oGO0BJpBVLJUD/00281juAXtZ15YJq44N757WLPpcs
93JR1ZtYXy8N6bZtQZ7n2IRborA8iSsf7RDEl6yeARdCzG9GxWr7Wvunirq8znuQ
Lqtk8UU03IyKBMtfDBifri2idaHlwHF6Y6VIsyJkmPOX3m8MOB2Ti/I1AoGAXiM/
3CE6JSmCQ51UICUbjb/6KgvwMIwaXvtvuGEkWOljGPyoNtOPae5XNLjSbhUVOcdU
1MZJ8qd1aLz4zxckgYbMNjZC080qsFd0gjcLT52fANpiElbAec/W9SOjqWad8WEi
PXpdo8sOb89s/0tMtywTgOdH1xSUpSbVBdJaHjUCgYEAoUnR5XvNINIoG7oLDfFy
MP4w6t0dFjbjVZ5gu4EY0Bsz03lhil50POubS4QLzw3HXLnHMCZvgDeSVLdQvIxD
PexyOMWW9hgr0aP2U+NBu6uTGMizoKtGQcep7zypidKUrWYUmnuZ71t8ZldyisN2
b83EIZ4I3GVpI8ZulB/pmOM=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEQTCCAymgAwIBAgIUObCeIZ5SUOkvWXFmq3EhB5e9GLgwDQYJKoZIhvcNAQEL
MIIEQTCCAymgAwIBAgIUB137S+cNuXYLmn5OBQ45oaesB18wDQYJKoZIhvcNAQEL
BQAwgacxCzAJBgNVBAYTAlBMMRkwFwYDVQQIDBBNYXpvdmlhIFByb3ZpbmNlMQ8w
DQYDVQQHDAZXYXJzYXcxGzAZBgNVBAoMElN0dW5uZWwgRGV2ZWxvcGVyczEXMBUG
A1UECwwOUHJvdmlzaW9uYWwgQ0ExEjAQBgNVBAMMCWxvY2FsaG9zdDEiMCAGCSqG
SIb3DQEJARYTc3R1bm5lbEBleGFtcGxlLmNvbTAeFw0xOTAzMjAxNTAwNTRaFw0y
MzAzMjAxNTAwNTRaMIGnMQswCQYDVQQGEwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQ
SIb3DQEJARYTc3R1bm5lbEBleGFtcGxlLmNvbTAeFw0xOTExMTEyMTU4MzBaFw0y
MzExMTEyMTU4MzBaMIGnMQswCQYDVQQGEwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQ
cm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3MRswGQYDVQQKDBJTdHVubmVsIERldmVs
b3BlcnMxFzAVBgNVBAsMDlByb3Zpc2lvbmFsIENBMRIwEAYDVQQDDAlsb2NhbGhv
c3QxIjAgBgkqhkiG9w0BCQEWE3N0dW5uZWxAZXhhbXBsZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeOGrq6DsE/cUu6a3hPRdzJLJk+OQzuWdd
UPJ7hcZr8DRDD9k2KAos3iVA+dJF6ZwpNRnaKezlJlELk3hMNeKhGBpJ9mE4KODR
cE+w2mVmi5CHf/TzmDgxAw2gUPr3/AyfrxqhmtAUFQ1teg7MHEfjYOrQPheEucx0
2QXfioosIUWL6QEbvjHLFy0dzaL8vC2fJBYGTrWqwSxkb8ukiIQg7/DWC3zRXo6d
KzcQy5Zx8FSA8ePdUZG97aVrcOCI8+32M7OMP6mKLfZCedUa/bzytOBUSwb84Sgw
/JGjSpp/7OMkHbLmvINoScyPgArYuVtTdvDL6mkkGo27hxbEEIm5AgMBAAGjYzBh
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIUp7EBYX6eT+6Wy8u1vk4+gp0SS
MB8GA1UdIwQYMBaAFIUp7EBYX6eT+6Wy8u1vk4+gp0SSMA4GA1UdDwEB/wQEAwIB
hjANBgkqhkiG9w0BAQsFAAOCAQEAkqJqbtfQPS4CYTWspqTEw4ETmpN7k4aq0Wm5
eCXvh0bsgrzjo9vq9ek4BvE3e/AJ9Eg8jym88A8kiwB2gwVoLaarTdtUaSlDoRId
EYtmkH6oYo9xmJLvekuod59iU95ILpa+G3i1hpXWrieHSlwrsRNdPzaGKyA3lt3A
Pg4tsrwSvLGAkg5uPsYQ4feHLtwTDBifjY6gavuzjYzkgW94pgKYOvVwOorGDwy/
d2qGM6FNlCx619pmCOU258ZKe0MDYLhid+5VA+aYIz8QMXiGjjt8cWMpvo0pzbFy
9+hEaGKjKkghqSTwgpBLci8K37yxDD6cpcaXXWdLEQrdKCdPfw==
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqok2NvyMMKWnLbuYxcXic/T2j1OPDbeDz
Sy77t0hMGjbforHpHmnAHxdYPGTkgbbiaLRZJfNEBDD21H3c/YLC1cfwSc9tw1wh
bmmyxq1iPuNH1kE/o1kXNRVZta+oSzFGGzigD5c7Zp/Fxytmtu+R7pMpQv1IPOx2
SFzqzm3bTRBjyciG+EFX8ceyRbmNuwyGfaWD+awbxp+IgfChtD5Z6Kw/n6coaG4/
VyxMni7GRB/MIyYmYqb/cfSQsGCq8EfvrAmUllqZ64Slk63z5VyPv3uestIHKWWw
PitqCioCzeOt1VAyA5UeL22QocC2YfuSnJTjQZk2ESjqFI41L155AgMBAAGjYzBh
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOU5G8ScXk8i4W2ZgsMJoeB3C2Kk
MB8GA1UdIwQYMBaAFOU5G8ScXk8i4W2ZgsMJoeB3C2KkMA4GA1UdDwEB/wQEAwIB
hjANBgkqhkiG9w0BAQsFAAOCAQEAXd74EV07hNV4KQOl6km5J5l24koTYUK9JS8S
1MEjbhmmFqepSjwZRlXODsYGMT+qZOi7obOTW1Qn/8Y6OV0D3liSSYqRvgq10meG
7dWbSVGjbuJpY3v6aJPzpd5AhiYZPRpmlwqg8kolz50je5IxjQZT3QKCLs5XTBgy
6OMyH9uaAGFM6TNLXXVA5LNcske9zzRfzkkkVmjL2XUFAVveZbeqA+k2zxR0WYMo
6gQM7QE2GNbeyHRlPC4XM6mMO0tCsTfgw2hCZP98MD0Og4ejhClnSN1YdWRApQqY
f7diPDDG6IyXH92iwMc4Idr6U/LiBUPMps62u8Knl9MBGABCDg==
-----END CERTIFICATE-----

4
tests/recipes/046_resume_PSK
Просмотреть файл

@ -14,11 +14,9 @@ start() {
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
delay = yes
retry = yes
[client]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = 127.0.0.1:${https1}

3
tests/recipes/047_resume_redirect
Просмотреть файл

@ -15,10 +15,9 @@ start() {
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
retry = yes
[client_1]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = 127.0.0.1:${https1}

9
tests/recipes/050_ticket_secrets
Просмотреть файл

@ -6,6 +6,7 @@
# is expected for the first connection, and "0" for the second connection
# because the server holds keys for the session ticket processing.
# Disabling "NO_TICKET" option is required for the ticket support in OpenSSL older than 1.1.1.
# The ticket session resumption also works for the FORK model.
. $(dirname $0)/../test_library
@ -16,11 +17,9 @@ start() {
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
delay = yes
retry = yes
[client]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = ${result_path}/stunnel.sock
@ -50,11 +49,11 @@ start_server() {
EOT
}
if grep -q -e "OpenSSL [1-9]" "results.log" && ! grep -q "FORK" "results.log"
if grep -q -e "OpenSSL [1-9]" "results.log"
then
test_log_for "050_ticket_secrets" "instances" "1" "$1" "$2" "$3" 2>> "stderr.log"
exit $?
else # the resumption of the session does not work for the FORK model
else
exit_logs "050_ticket_secrets" "skipped"
exit 125
fi

46
tests/recipes/051_resume_cache_old Normal file
Просмотреть файл

@ -0,0 +1,46 @@
#!/bin/sh
# Checking the cache session resumption.
# Just "1" "accepted: new session negotiated" log is expected for [server] service.
# Enabling NO_TICKET option turns off the ticket support in TLSv1.2 and below.
# The cache session is only available when compiled with OpenSSL 0.9.8m and older.
# This test is only available when compiled with OpenSSL 0.9.8m and older than 1.1.0
# because of unavailability the sslVersionMax option.
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
[client]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = 127.0.0.1:${https1}
cert = ${script_path}/certs/client_cert.pem
[server]
accept = 127.0.0.1:${https1}
exec = ${script_path}/execute
execArgs = execute 051_resume_cache_old
cert = ${script_path}/certs/server_cert.pem
verifyPeer = yes
CAfile = ${script_path}/certs/PeerCerts.pem
options = NO_TICKET
EOT
}
# The resumption of the session does not work for the FORK model
if grep -q -e "OpenSSL 0\.9\.8[m-z]" -e "OpenSSL 1\.0" "results.log" && ! grep -q "FORK" "results.log"
then
test_log_for "051_resume_cache_old" "session" "1" "$1" "$2" "$3" 2>> "stderr.log"
exit $?
else
exit_logs "051_resume_cache_old" "skipped"
exit 125
fi

53
tests/recipes/052_resume_cache Normal file
Просмотреть файл

@ -0,0 +1,53 @@
#!/bin/sh
# Checking the cache session resumption.
# We expect exactly 1 "accepted: new session negotiated" to be logged by the
# [server] service.
# "options = NO_TICKET" turns off ticket support in TLSv1.2 and older.
# In TLSv1.3, "options = NO_TICKET" switches from using stateful tickets to
# stateless tickets (traditional cache with session id sent in tickets).
# https://github.com/openssl/openssl/issues/10280
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
sslVersionMax = TLSv1.2
[client]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = 127.0.0.1:${https1}
cert = ${script_path}/certs/client_cert.pem
[server]
accept = 127.0.0.1:${https1}
exec = ${script_path}/execute
execArgs = execute 052_resume_cache
cert = ${script_path}/certs/server_cert.pem
verifyPeer = yes
CAfile = ${script_path}/certs/PeerCerts.pem
options = NO_TICKET
EOT
}
# This test is only available when compiled with OpenSSL 1.1.0 or later,
# because it requires the "sslVersionMax" option support.
# Session cache resumption does not work with the FORK threading model.
if grep -q -e "OpenSSL 1\.1" -e "OpenSSL [3-9]" "results.log" && ! grep -q "FORK" "results.log"
then
test_log_for "052_resume_cache" "session" "1" "$1" "$2" "$3" 2>> "stderr.log"
exit $?
else
exit_logs "052_resume_cache" "skipped"
exit 125
fi

57
tests/recipes/053_resume_ticket Normal file
Просмотреть файл

@ -0,0 +1,57 @@
#!/bin/sh
# Checking the stateless session ticket resumption (RFC 4507bis) with TLS < 1.3.
# We expect exactly 2 "accepted: new session negotiated" to be logged by the
# [server] service for connections to [client_1] and [client_2]:
# - [client_1] connected 3 times (1 new session, 2 reused sessions).
# - [client_2] connected once (1 new session).
# The following options are used to disable session cache:
# - The "sessionCacheSize = 1" option sets the internal session cache size.
# - "options = -NO_TICKET" (it is the default with OpenSSL 1.1.1 or later).
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
sslVersionMax = TLSv1.2
[client_1]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = 127.0.0.1:${https1}
[client_2]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https1}
[server]
accept = 127.0.0.1:${https1}
exec = ${script_path}/execute
execArgs = execute 053_resume_ticket
cert = ${script_path}/certs/server_cert.pem
sessionCacheSize = 1
options = -NO_TICKET
EOT
}
# This test is only available when compiled with OpenSSL 1.1.1 or later,
# because older OpenSSL versions do not have SSL_CTX_set_session_ticket_cb().
# Stateless session ticket resumption also works with the FORK threading model.
if grep -q -e "OpenSSL 1\.1\.1" -e "OpenSSL [3-9]" "results.log"
then
test_log_for "053_resume_ticket" "resumption" "2" "$1" "$2" "$3" 2>> "stderr.log"
exit $?
else
exit_logs "053_resume_ticket" "skipped"
exit 125
fi

57
tests/recipes/054_resume_TLSv1_3 Normal file
Просмотреть файл

@ -0,0 +1,57 @@
#!/bin/sh
# Checking the stateless session ticket resumption (RFC 4507bis) with TLS 1.3.
# We expect exactly 2 "accepted: new session negotiated" to be logged by the
# [server] service for connections to [client_1] and [client_2]:
# - [client_1] connected 3 times (1 new session, 2 reused sessions).
# - [client_2] connected once (1 new session).
# The following options are used to disable session cache:
# - The "sessionCacheSize = 1" option sets the internal session cache size.
# - "options = -NO_TICKET" (it is the default with OpenSSL 1.1.1 or later).
. $(dirname $0)/../test_library
start() {
../../src/stunnel -fd 0 <<EOT
debug = debug
syslog = no
pid = ${result_path}/stunnel.pid
output = ${result_path}/stunnel.log
sslVersion = TLSv1.3
[client_1]
client = yes
retry = yes
exec = ${script_path}/execute_read
execArgs = execute_read ${result_path}/temp.log
connect = 127.0.0.1:${https1}
[client_2]
client = yes
accept = 127.0.0.1:${http1}
connect = 127.0.0.1:${https1}
[server]
accept = 127.0.0.1:${https1}
exec = ${script_path}/execute
execArgs = execute 054_resume_TLSv1_3
cert = ${script_path}/certs/server_cert.pem
sessionCacheSize = 1
options = -NO_TICKET
EOT
}
# This test is only available when compiled with OpenSSL 1.1.1 or later,
# because older OpenSSL versions do not have SSL_CTX_set_session_ticket_cb().
# Stateless session ticket resumption also works with the FORK threading model.
if grep -q -e "OpenSSL 1\.1\.1" -e "OpenSSL [3-9]" "results.log"
then
test_log_for "054_resume_TLSv1_3" "resumption" "2" "$1" "$2" "$3" 2>> "stderr.log"
exit $?
else
exit_logs "054_resume_TLSv1_3" "skipped"
exit 125
fi

71
tests/test_library
Просмотреть файл

@ -693,14 +693,13 @@ two_instances() {
local result=0
local i=0
local j=0
start_stunnel "$1"
start_server 2> "error.log"
if no_file "error.log"
then
waiting_for "stunnel" "Created pid file"
start_server 2> "error.log"
waiting_for "stunnel_server" "Created pid file"
start_stunnel "$1"
if no_file "error.log"
then
waiting_for "stunnel_server" "Created pid file"
while [ $i -le 2 ]
do
i=$(grep -c "Retrying an exec+connect section" "stunnel.log")
@ -709,22 +708,21 @@ two_instances() {
then
result=1
fi
cat stunnel_server.log >> "stunnel.log"
mv "stunnel_server.log" "stunnel_all.log"
start_server 2>> "error.log"
waiting_for "stunnel_server" "Created pid file"
while [ $i -le 3 ]
do
i=$(grep -c "Retrying an exec+connect section" "stunnel.log")
done
waiting_for "stunnel_server" "Service .* finished"
if ! killing_stunnel stunnel_server
then
result=1
fi
cat stunnel_server.log >> "stunnel.log"
cat "stunnel_server.log" >> "stunnel_all.log"
if ! killing_stunnel stunnel
then
result=1
fi
cat "stunnel.log" >> "stunnel_all.log"
cat "stunnel_all.log" > "stunnel.log"
rm -f "stunnel_all.log"
if [ $result -eq 0 ]
then
finding_text "yes" "test $1.*success" "temp.log" "UNUSED PATTERN"
@ -736,12 +734,13 @@ two_instances() {
exit_code="failed"
result=1
fi
else # server configuration failed
killing_stunnel stunnel
else # client configuration failed
killing_stunnel stunnel_server
exit_code="configuration failed"
result=1
fi
else # client configuration failed
else # server configuration failed
cat "stunnel_server.log" >> "stunnel.log"
result=1
fi
if ! finding_text "no" "INTERNAL ERROR" "stunnel.log" "error.log"
@ -753,6 +752,49 @@ two_instances() {
return $result
}
resumption() {
# $1 = test name
# $2 = number of new connections
local result=0
local i=0
local j=0
check_ports "$1"
start_stunnel "$1"
if no_file "error.log"
then
waiting_for "stunnel" "Service .* finished"
connecting_ncat "$1" "success"
while [ $i -le $2 ]
do
i=$(grep -c "Retrying an exec+connect section" "stunnel.log")
done
if ! killing_stunnel stunnel
then
result=1
fi
if [ $result -eq 0 ]
then
finding_text "yes" "test $1.*success" "temp.log" "UNUSED PATTERN"
result=$?
fi
j=$(grep -c "accepted: new session negotiated" "stunnel.log")
if [ $result -eq 0 ] && [ $j -ne $2 ]
then
exit_code="failed"
result=1
fi
else # configuration failed
result=1
fi
if ! finding_text "no" "INTERNAL ERROR" "stunnel.log" "error.log"
then
result=1
fi
exit_logs "$1" "$exit_code"
return $result
}
myglobal() {
# $1 = mynetcat name: "ncat" / "nc"
# $2 = mynetstat name: "netstat" / "ss" / "lsof"
@ -792,6 +834,7 @@ test_log_for() {
"rr") loop_rr "$1";;
"session") loop_session "$1" "$3";;
"instances") two_instances "$1" "$3";;
"resumption") resumption "$1" "$3";;
esac
result=$?
clean_logs

4
tools/Makefile.in
Просмотреть файл

@ -309,9 +309,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tools/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tools/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu tools/Makefile
$(AUTOMAKE) --foreign tools/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \

8
tools/stunnel.nsi
Просмотреть файл

@ -335,7 +335,13 @@ Section "Core Files" sectionCORE
!else
File "${OPENSSL_BIN_DIR}\libcrypto-1_1-x64.dll"
File "${OPENSSL_BIN_DIR}\libssl-1_1-x64.dll"
# TODO: add libssp-0.dll when -fstack-protector is fixed
!if /FileExists "/usr/x86_64-w64-mingw32/bin/libssp-0.dll"
File "/usr/x86_64-w64-mingw32/bin/libssp-0.dll"
!else
!if /FileExists "/usr/lib/gcc/x86_64-w64-mingw32/8.3-win32/libssp-0.dll"
File "/usr/lib/gcc/x86_64-w64-mingw32/8.3-win32/libssp-0.dll"
!endif
!endif
#SetOutPath "$INSTDIR"
#ReadRegStr $0 HKLM "SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" "Installed"
#${If} $0 == 1

4
tools/stunnel.spec
Просмотреть файл

@ -1,5 +1,5 @@
Name: stunnel
Version: 5.55
Version: 5.56
Release: 1%{?dist}
Summary: An TLS-encrypting socket wrapper
Group: Applications/Internet
@ -80,7 +80,7 @@ fi
%files
%defattr(-,root,root,-)
%doc COPYING COPYRIGHT.GPL README ChangeLog doc/stunnel.html
%doc COPYING.md COPYRIGHT.md README.md NEWS.md doc/stunnel.html
%doc tools/ca.html tools/ca.pl tools/importCA.html tools/importCA.sh tools/openssl.cnf
%{_bindir}/*
%{_libdir}/%{name}