CryptoPro
/
stunnel-msspi
зеркало из https://github.com/CryptoPro/stunnel-msspi.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

stunnel-4.34

This commit is contained in:
Michal Trojnara 2015-07-29 16:17:19 +02:00
Родитель 436e94d6ee
Коммит 1441edb225
53 изменённых файлов: 22357 добавлений и 30594 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

18
ChangeLog
Просмотреть файл

@ -1,5 +1,21 @@
stunnel Universal SSL tunnel
Version 4.34, 2010.09.19, urgency: LOW:
* New features
- Updated Win32 DLLs for OpenSSL 1.0.0a.
- Updated Win32 DLLs for zlib 1.2.5.
- Updated automake to version 1.11.1
- Updated libtool to version 2.2.6b
- Added ECC support with a new service-level "curve" option.
- DH support is now enabled by default.
- Added support for OpenSSL builds with some algorithms disabled.
- ./configure modified to support cross-compilation.
- Sample stunnel.init updated based on Debian init script.
* Bugfixes
- Implemented fixes in user interface to enter engine PIN.
- Fixed a transfer() loop issue on socket errors.
- Fixed missing WIN32 taskbar icon while displaying a global option error.
Version 4.33, 2010.04.05, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 1.0.0.
@ -8,7 +24,7 @@ Version 4.33, 2010.04.05, urgency: MEDIUM:
- Experimental support for local mode on WIN32 platform.
Try "exec = c:\windows\system32\cmd.exe".
* Bugfixes
- Inetd mode fixed
- Inetd mode fixed.
Version 4.32, 2010.03.24, urgency: MEDIUM:
* New features

32
INSTALL.W32
Просмотреть файл

@ -5,22 +5,34 @@ Building stunnel from source (optional):
1) Install mingw32 cross-compiler o a Unix/Linux machine.
In Debian all you need is:
apt-get install mingw32
apt-get install mingw32
Native compilation on a Windows machine is possible, but not supported.
2) Download the recent OpenSSL in unpack it to /usr/src/ directory.
cd /usr/src && tar zvxf ~/openssl-(version).tar.gz
2) Download the recent zlib from http://www.zlib.net/
Update the following definitions in win32/Makefile.gcc file:
SHARED_MODE=1
PREFIX = i586-mingw32msvc-
then build zlib with:
make -f win32/Makefile.gcc
and install it in mingw32 tree:
sudo BINARY_PATH=~/ \
INCLUDE_PATH=/usr/i586-mingw32msvc/include/ \
LIBRARY_PATH=/usr/i586-mingw32msvc/lib/ \
make -f win32/Makefile.gcc install
3) Build OpenSSL with cross_mingw32.sh script.
ftp://stunnel.mirt.net/stunnel/openssl/cross_mingw32.sh
3) Download the recent OpenSSL in unpack it to /usr/src/ directory.
cd /usr/src && tar zvxf ~/openssl-(version).tar.gz
4) Download and unpack stunnel-(version).tar.gz.
4) Build OpenSSL with cross_mingw32.sh script.
ftp://stunnel.mirt.net/stunnel/openssl/cross_mingw32.sh
5) Configure stunnel.
cd stunnel-(version) && ./configure --with-ssl=/path/to/openssl-(version)
5) Download and unpack stunnel-(version).tar.gz.
6) Build windows executable.
cd src && make stunnel.exe
6) Configure stunnel.
cd stunnel-(version) && ./configure --with-ssl=/path/to/openssl-(version)
7) Build windows executable.
cd src && make stunnel.exe
Installing stunnel:

6
Makefile.am
Просмотреть файл

@ -1,7 +1,13 @@
## Process this file with automake to produce Makefile.in
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src doc tools
LIBTOOL_DEPS = @LIBTOOL_DEPS@
libtool: $(LIBTOOL_DEPS)
$(SHELL) ./config.status libtool
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS
docdir = $(datadir)/doc/stunnel

282
Makefile.in
Просмотреть файл

@ -1,8 +1,9 @@
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -16,8 +17,9 @@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@ -38,13 +40,17 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
ChangeLog INSTALL NEWS TODO auto/config.guess auto/config.sub \
auto/depcomp auto/install-sh auto/ltmain.sh auto/missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
@ -59,12 +65,29 @@ am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(docdir)"
docDATA_INSTALL = $(INSTALL_DATA)
DATA = $(doc_DATA)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
distdir dist dist-all distcheck
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
@ -72,9 +95,34 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
{ test ! -d $(distdir) \
|| { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr $(distdir); }; }
{ test ! -d "$(distdir)" \
|| { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr "$(distdir)"; }; }
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
distuninstallcheck_listfiles = find . -type f -print
@ -90,44 +138,47 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFAULT_GROUP = @DEFAULT_GROUP@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DSYMUTIL = @DSYMUTIL@
ECHO = @ECHO@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
FFLAGS = @FFLAGS@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANDOM_FILE = @RANDOM_FILE@
@ -136,15 +187,13 @@ SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
USE_DH = @USE_DH@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@ -175,6 +224,7 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@ -188,8 +238,10 @@ srcdir = @srcdir@
ssldir = @ssldir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src doc tools
EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS
doc_DATA = INSTALL README COPYING AUTHORS ChangeLog \
@ -208,15 +260,15 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \
cd $(srcdir) && $(AUTOMAKE) --gnu \
echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
$(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@ -232,9 +284,10 @@ $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENC
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
cd $(srcdir) && $(AUTOCONF)
$(am__cd) $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
@ -243,24 +296,27 @@ clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
-rm -f libtool
-rm -f libtool config.lt
install-docDATA: $(doc_DATA)
@$(NORMAL_INSTALL)
test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
@list='$(doc_DATA)'; for p in $$list; do \
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
f=$(am__strip_dir) \
echo " $(docDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docdir)/$$f'"; \
$(docDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docdir)/$$f"; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
done
uninstall-docDATA:
@$(NORMAL_UNINSTALL)
@list='$(doc_DATA)'; for p in $$list; do \
f=$(am__strip_dir) \
echo " rm -f '$(DESTDIR)$(docdir)/$$f'"; \
rm -f "$(DESTDIR)$(docdir)/$$f"; \
done
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(docdir)" && rm -f $$files
# This directory's subdirectories are mostly independent; you can cd
# into them and run `make' without going through this Makefile.
@ -269,7 +325,7 @@ uninstall-docDATA:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
@failcom='exit 1'; \
@fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@ -286,7 +342,7 @@ $(RECURSIVE_TARGETS):
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
@ -294,7 +350,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
@failcom='exit 1'; \
@fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@ -320,16 +376,16 @@ $(RECURSIVE_CLEAN_TARGETS):
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done && test -z "$$fail"
tags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
done
ctags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
done
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
@ -337,14 +393,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
@ -356,7 +412,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@ -365,36 +421,41 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: CTAGS
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
$(am__remove_distdir)
test -d $(distdir) || mkdir $(distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@ -410,29 +471,44 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
distdir=`$(am__cd) $(distdir) && pwd`; \
top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
(cd $$subdir && \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$top_distdir" \
distdir="$$distdir/$$subdir" \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
@ -440,11 +516,13 @@ distdir: $(DISTFILES)
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
-test -n "$(am__skip_mode_fix)" \
|| find "$(distdir)" -type d ! -perm -755 \
-exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r $(distdir)
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
@ -457,6 +535,10 @@ dist-lzma: distdir
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
$(am__remove_distdir)
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
$(am__remove_distdir)
dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__remove_distdir)
@ -480,15 +562,17 @@ dist dist-all: distdir
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
*.tar.xz*) \
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
@ -496,9 +580,11 @@ distcheck: dist
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& cd $(distdir)/_build \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
@ -520,13 +606,15 @@ distcheck: dist
&& rm -rf "$$dc_destdir" \
&& $(MAKE) $(AM_MAKEFLAGS) dist \
&& rm -rf $(DIST_ARCHIVES) \
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
&& cd "$$am__cwd" \
|| exit 1
$(am__remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
@cd $(distuninstallcheck_dir) \
@$(am__cd) '$(distuninstallcheck_dir)' \
&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
@ -571,6 +659,7 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@ -591,6 +680,8 @@ dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
@ -599,18 +690,28 @@ install-data-am: install-docDATA
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man:
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
@ -633,26 +734,28 @@ ps-am:
uninstall-am: uninstall-docDATA
.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
install-strip
.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
install-am install-strip tags-recursive
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
all all-am am--refresh check check-am clean clean-generic \
clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-zip \
distcheck distclean distclean-generic distclean-libtool \
distclean-local distclean-tags distcleancheck distdir \
distuninstallcheck dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
install-docDATA install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
uninstall uninstall-am uninstall-docDATA
dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-xz \
dist-zip distcheck distclean distclean-generic \
distclean-libtool distclean-local distclean-tags \
distcleancheck distdir distuninstallcheck dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-docDATA install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-recursive uninstall uninstall-am uninstall-docDATA
libtool: $(LIBTOOL_DEPS)
$(SHELL) ./config.status libtool
distclean-local:
rm -rf autom4te.cache
@ -672,6 +775,7 @@ sign: dist
gpg --yes --armor --detach-sign --force-v3-sigs \
../dist/$(distdir)-installer.exe
sha1sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha1
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

1
TODO
Просмотреть файл

@ -15,7 +15,6 @@ stunnel Universal SSL tunnel
- Logging to NT eventlog.
- SOCKS 4 protocol support.
http://archive.socks.permeo.com/protocol/socks4.protocol
- Modify ./configure to support cross-compilation.
- Add support for Server Name Indication SSL extension.
* Features I'd prefer NOT to support (waiting for a wealthy sponsor):

6954
aclocal.m4 поставляемый
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

8503
auto/ltmain.sh Normal file → Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

26710
configure поставляемый
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

119
configure.ac
Просмотреть файл

@ -1,9 +1,10 @@
# Process this file with autoconf to produce a configure script.
AC_INIT([stunnel],[4.33])
AC_INIT([stunnel],[4.34])
AC_MSG_NOTICE([**************************************** initialization])
AC_CONFIG_AUX_DIR(auto)
AM_INIT_AUTOMAKE(stunnel, 4.33)
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE(stunnel, 4.34)
AC_CONFIG_SRCDIR([src/stunnel.c])
AC_CANONICAL_HOST
@ -16,21 +17,20 @@ AC_DEFINE_UNQUOTED(esc(OS_$host_os))
AC_PROG_CC
if test "$GCC" = "yes"
then CFLAGS="$CFLAGS -Wall -Wshadow -Wcast-align -Wpointer-arith"
then CFLAGS="$CFLAGS -Wall -Wextra -pedantic -Wno-long-long"
fi
AC_PROG_INSTALL
AC_PROG_MAKE_SET
# Checks for typedefs, structures, and compiler characteristics
# AC_C_CONST
# AC_TYPE_SIGNAL
# AC_TYPE_SIZE_T
# AC_TYPE_PID_T
# AC_HEADER_TIME
AC_MSG_NOTICE([**************************************** libtool])
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
LT_INIT([disable-static])
AC_SUBST([LIBTOOL_DEPS])
AC_MSG_NOTICE([**************************************** types])
AC_CHECK_SIZEOF(unsigned char)
@ -45,37 +45,53 @@ AC_EGREP_HEADER(socklen_t, sys/socket.h,
AC_DEFINE(socklen_t, int))
AC_MSG_NOTICE([**************************************** PTY device files])
AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(HAVE_DEV_PTMX))
AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC))
AC_MSG_NOTICE([**************************************** entropy])
AC_ARG_WITH(egd-socket,
[ --with-egd-socket=FILE Entropy Gathering Daemon socket pathname],
[EGD_SOCKET="$withval"]
)
if test -n "$EGD_SOCKET"
then AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
if test "$cross_compiling" = no
then
AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(HAVE_DEV_PTMX))
AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC))
else
AC_MSG_WARN([cross-compilation: assuming /dev/ptmx and /dev/ptc are not available])
fi
# Check for user-specified random device
AC_ARG_WITH(random,
[ --with-random=FILE read randomness from FILE (default=/dev/urandom)],
[RANDOM_FILE="$withval"],
[
# Check for random device
AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom")
]
)
if test -n "$RANDOM_FILE"
then AC_SUBST(RANDOM_FILE)
AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE")
AC_MSG_NOTICE([**************************************** entropy sources])
if test "$cross_compiling" = no
then
AC_ARG_WITH(egd-socket,
[ --with-egd-socket=FILE Entropy Gathering Daemon socket pathname],
[EGD_SOCKET="$withval"]
)
if test -n "$EGD_SOCKET"
then
AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET")
fi
# Check for user-specified random device
AC_ARG_WITH(random,
[ --with-random=FILE read randomness from FILE (default=/dev/urandom)],
[RANDOM_FILE="$withval"],
[
# Check for random device
AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom")
]
)
if test -n "$RANDOM_FILE"
then AC_SUBST(RANDOM_FILE)
AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE")
fi
else
AC_MSG_WARN([cross-compilation: assuming entropy sources are not available])
fi
AC_MSG_NOTICE([**************************************** default group])
AC_MSG_CHECKING([for default group])
DEFAULT_GROUP=nobody
grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup
if test "$cross_compiling" = no
then
grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup
else
AC_MSG_WARN([cross-compilation: assuming nogroup is not available])
fi
AC_MSG_CHECKING([for default group])
AC_MSG_RESULT([$DEFAULT_GROUP])
AC_SUBST(DEFAULT_GROUP)
@ -278,48 +294,9 @@ AC_LINK_IFELSE(
AC_CHECK_HEADER([$ssldir/include/openssl/engine.h],
[AC_DEFINE([HAVE_OSSL_ENGINE_H])],
[AC_MSG_WARN([Openssl engine header not found])])
[AC_MSG_WARN([OpenSSL engine header not found])])
AC_MSG_NOTICE([**************************************** optional features])
# Use RSA?
AC_MSG_CHECKING([whether to disable RSA support])
AC_ARG_ENABLE(rsa,
[ --disable-rsa Disable RSA support],
[
case "$enableval" in
yes) AC_MSG_RESULT([no])
;;
no) AC_MSG_RESULT([yes])
AC_DEFINE(NO_RSA)
;;
*) AC_MSG_ERROR([bad value ${enableval}])
;;
esac
],
[AC_MSG_RESULT([no])]
)
# Use DH?
AC_MSG_CHECKING([whether to enable DH support])
AC_ARG_ENABLE(dh,
[ --enable-dh Enable DH support],
[
case "$enableval" in
yes)
AC_MSG_RESULT([yes])
USE_DH=1
AC_DEFINE(USE_DH)
;;
no) AC_MSG_RESULT([no])
;;
*) AC_MSG_ERROR([bad value ${enableval}])
;;
esac
],
[AC_MSG_RESULT([no])]
)
AC_SUBST(USE_DH)
# Use IPv6?
AC_MSG_CHECKING([whether to enable IPv6 support])
AC_ARG_ENABLE(ipv6,

2
doc/Makefile.am
Просмотреть файл

@ -12,7 +12,7 @@ doc_DATA = stunnel.html stunnel.pl.html stunnel.fr.html
SUFFIXES = .pod .8 .html
.pod.8:
pod2man --section=8 --release=4.33 --center=stunnel \
pod2man --section=8 --release=4.34 --center=stunnel \
--date=`date +%Y.%m.%d` -u $< $@
stunnel.html: stunnel.pod

211
doc/Makefile.in
Просмотреть файл

@ -1,8 +1,9 @@
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -16,8 +17,9 @@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@ -35,24 +37,42 @@ host_triplet = @host@
subdir = doc
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
man8dir = $(mandir)/man8
am__installdirs = "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)"
NROFF = nroff
MANS = $(man_MANS)
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
docDATA_INSTALL = $(INSTALL_DATA)
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
man8dir = $(mandir)/man8
am__installdirs = "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)"
NROFF = nroff
MANS = $(man_MANS)
DATA = $(doc_DATA)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
@ -67,44 +87,47 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFAULT_GROUP = @DEFAULT_GROUP@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DSYMUTIL = @DSYMUTIL@
ECHO = @ECHO@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
FFLAGS = @FFLAGS@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANDOM_FILE = @RANDOM_FILE@
@ -113,15 +136,13 @@ SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
USE_DH = @USE_DH@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@ -152,6 +173,7 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@ -165,6 +187,7 @@ srcdir = @srcdir@
ssldir = @ssldir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = stunnel.pod stunnel.pl.pod stunnel.fr.pod \
@ -182,14 +205,14 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@ -207,74 +230,71 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man8: $(man8_MANS) $(man_MANS)
install-man8: $(man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
@list=''; test -n "$(man8dir)" || exit 0; \
{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
8*) ;; \
*) ext='8' ;; \
esac; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
done
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
done; }
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
8*) ;; \
*) ext='8' ;; \
esac; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
done
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
test -z "$$files" || { \
echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
install-docDATA: $(doc_DATA)
@$(NORMAL_INSTALL)
test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
@list='$(doc_DATA)'; for p in $$list; do \
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
f=$(am__strip_dir) \
echo " $(docDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docdir)/$$f'"; \
$(docDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docdir)/$$f"; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
done
uninstall-docDATA:
@$(NORMAL_UNINSTALL)
@list='$(doc_DATA)'; for p in $$list; do \
f=$(am__strip_dir) \
echo " rm -f '$(DESTDIR)$(docdir)/$$f'"; \
rm -f "$(DESTDIR)$(docdir)/$$f"; \
done
@list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(docdir)" && rm -f $$files
tags: TAGS
TAGS:
@ -283,6 +303,19 @@ CTAGS:
distdir: $(DISTFILES)
@list='$(MANS)'; if test -n "$$list"; then \
list=`for p in $$list; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
if test -n "$$list" && \
grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
echo " typically \`make maintainer-clean' will remove them" >&2; \
exit 1; \
else :; fi; \
else :; fi
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@ -298,13 +331,17 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@ -335,6 +372,7 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@ -353,6 +391,8 @@ dvi-am:
html: html-am
html-am:
info: info-am
info-am:
@ -361,18 +401,28 @@ install-data-am: install-docDATA install-man
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man: install-man8
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
@ -412,7 +462,7 @@ uninstall-man: uninstall-man8
.pod.8:
pod2man --section=8 --release=4.33 --center=stunnel \
pod2man --section=8 --release=4.34 --center=stunnel \
--date=`date +%Y.%m.%d` -u $< $@
stunnel.html: stunnel.pod
@ -428,6 +478,7 @@ stunnel.pl.html: stunnel.pl.pod
pod2html --infile=$< --title stunnel.8 | \
sed 's/<head>/<head>\n<meta http-equiv=content-type content="text\/html; charset=ISO-8859-2">/' > $@
rm -f pod2htmd.tmp pod2htmi.tmp
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

22
doc/stunnel.8
Просмотреть файл

@ -1,4 +1,4 @@
.\" Automatically generated by Pod::Man 2.1801 (Pod::Simple 3.05)
.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
.\"
.\" Standard preamble:
.\" ========================================================================
@ -62,7 +62,7 @@
.\" ========================================================================
.\"
.IX Title "STUNNEL 8"
.TH STUNNEL 8 "2010.03.26" "4.33" "stunnel"
.TH STUNNEL 8 "2010.09.15" "4.34" "stunnel"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@ -358,6 +358,11 @@ be named \s-1XXXXXXXX\s0.0 where \s-1XXXXXXXX\s0 is the hash value of the \s-1CR
Certificate Revocation Lists file
.Sp
This file contains multiple CRLs, used with the \fIverify\fR.
.IP "\fBcurve\fR = nid" 4
.IX Item "curve = nid"
specify \s-1ECDH\s0 curve name
.Sp
default: sect163r2
.IP "\fBdelay\fR = yes | no" 4
.IX Item "delay = yes | no"
delay \s-1DNS\s0 lookup for 'connect' option
@ -369,14 +374,14 @@ stunnel startup (road warrior \s-1VPN\s0, dial-up configurations).
select engine number to read private key
.Sp
The engines are numbered starting from 1.
.IP "\fBexec\fR = executable_path (Unix only)" 4
.IX Item "exec = executable_path (Unix only)"
.IP "\fBexec\fR = executable_path" 4
.IX Item "exec = executable_path"
execute local inetd-type program
.Sp
\&\fIexec\fR path is relative to \fIchroot\fR directory if specified.
.ie n .IP "\fBexecargs\fR = $0 $1 $2 ... (Unix only)" 4
.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ... (Unix only)" 4
.IX Item "execargs = $0 $1 $2 ... (Unix only)"
.ie n .IP "\fBexecargs\fR = $0 $1 $2 ..." 4
.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ..." 4
.IX Item "execargs = $0 $1 $2 ..."
arguments for \fIexec\fR including program name ($0)
.Sp
Quoting is currently not supported.
@ -746,9 +751,6 @@ OpenSSLs.
.IP "\fIstunnel.conf\fR" 4
.IX Item "stunnel.conf"
\&\fBstunnel\fR configuration file
.IP "\fIstunnel.pem\fR" 4
.IX Item "stunnel.pem"
\&\fBstunnel\fR certificate and private key
.SH "BUGS"
.IX Header "BUGS"
Option \fIexecargs\fR does not support quoting.

15
doc/stunnel.html
Просмотреть файл

@ -399,6 +399,12 @@ be named XXXXXXXX.0 where XXXXXXXX is the hash value of the CRL.</p>
<p>Certificate Revocation Lists file</p>
<p>This file contains multiple CRLs, used with the <em>verify</em>.</p>
</dd>
<dt><strong><a name="curve_nid" class="item"><strong>curve</strong> = nid</a></strong></dt>
<dd>
<p>specify ECDH curve name</p>
<p>default: sect163r2</p>
</dd>
<dt><strong><a name="delay_yes_no" class="item"><strong>delay</strong> = yes | no</a></strong></dt>
<dd>
@ -412,13 +418,13 @@ stunnel startup (road warrior VPN, dial-up configurations).</p>
<p>select engine number to read private key</p>
<p>The engines are numbered starting from 1.</p>
</dd>
<dt><strong><a name="executable_path" class="item"><strong>exec</strong> = executable_path (Unix only)</a></strong></dt>
<dt><strong><a name="exec_executable_path" class="item"><strong>exec</strong> = executable_path</a></strong></dt>
<dd>
<p>execute local inetd-type program</p>
<p><em>exec</em> path is relative to <em>chroot</em> directory if specified.</p>
</dd>
<dt><strong><a name="execargs_0_1_2_unix_only" class="item"><strong>execargs</strong> = $0 $1 $2 ... (Unix only)</a></strong></dt>
<dt><strong><a name="execargs_0_1_2" class="item"><strong>execargs</strong> = $0 $1 $2 ...</a></strong></dt>
<dd>
<p>arguments for <em>exec</em> including program name ($0)</p>
@ -820,11 +826,6 @@ OpenSSLs.</p>
<dd>
<p><strong>stunnel</strong> configuration file</p>
</dd>
<dt><strong><a name="stunnel_pem" class="item"><em class="file">stunnel.pem</em></a></strong></dt>
<dd>
<p><strong>stunnel</strong> certificate and private key</p>
</dd>
</dl>
<p>
</p>

22
doc/stunnel.pl.8
Просмотреть файл

@ -1,4 +1,4 @@
.\" Automatically generated by Pod::Man 2.1801 (Pod::Simple 3.05)
.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
.\"
.\" Standard preamble:
.\" ========================================================================
@ -62,7 +62,7 @@
.\" ========================================================================
.\"
.IX Title "STUNNEL.PL 8"
.TH STUNNEL.PL 8 "2010.03.26" "4.33" "stunnel"
.TH STUNNEL.PL 8 "2010.09.15" "4.34" "stunnel"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@ -376,6 +376,11 @@ plik List Odwołanych Certyfikatów (\s-1CRL\s0)
.Sp
Opcja pozwala określić położenie pliku zawierającego listy \s-1CRL\s0 używane
przez opcję \fIverify\fR.
.IP "\fBcurve\fR = nid" 4
.IX Item "curve = nid"
krzywa dla \s-1ECDH\s0
.Sp
domyślnie: sect163r2
.IP "\fBdelay\fR = yes | no" 4
.IX Item "delay = yes | no"
opóźnij rozwinięcie adresu \s-1DNS\s0 podanego w opcji \fIconnect\fR
@ -387,15 +392,15 @@ dostępna przy starcie programu stunnel (klient \s-1VPN\s0, połączenie wdzwani
wybierz urządzenie do odczyta klucza prywatnego
.Sp
Urządzenia są numerowane od 1 w górę.
.IP "\fBexec\fR = ścieżka_do_programu (tylko Unix)" 4
.IX Item "exec = ścieżka_do_programu (tylko Unix)"
.IP "\fBexec\fR = ścieżka_do_programu" 4
.IX Item "exec = ścieżka_do_programu"
wykonaj lokalny program przystosowany do pracy z superdemonem inetd
.Sp
Jeżeli zdefiniowano katalog \fIchroot\fR, to ścieżka do \fIexec\fR jest określona
względem tego katalogu.
.ie n .IP "\fBexecargs\fR = $0 $1 $2 ... (tylko Unix)" 4
.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ... (tylko Unix)" 4
.IX Item "execargs = $0 $1 $2 ... (tylko Unix)"
.ie n .IP "\fBexecargs\fR = $0 $1 $2 ..." 4
.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ..." 4
.IX Item "execargs = $0 $1 $2 ..."
argumenty do opcji \fIexec\fR włącznie z nazwą programu ($0)
.Sp
Cytowanie nie jest wspierane w obecnej wersji programu.
@ -788,9 +793,6 @@ powyższej listy. Jest to właściwość biblioteki \fIOpenSSL\fR, a nie progra
.IP "\fIstunnel.conf\fR" 4
.IX Item "stunnel.conf"
plik konfiguracyjny programu
.IP "\fIstunnel.pem\fR" 4
.IX Item "stunnel.pem"
certyfikat i klucz prywatny
.SH "BŁĘDY"
.IX Header "BŁĘDY"
Opcja \fIexecargs\fR nie obsługuje cytowania.

15
doc/stunnel.pl.html
Просмотреть файл

@ -420,6 +420,12 @@ wzgl
<p>Opcja pozwala określić położenie pliku zawierającego listy CRL używane
przez opcję <em>verify</em>.</p>
</dd>
<dt><strong><a name="curve_nid" class="item"><strong>curve</strong> = nid</a></strong></dt>
<dd>
<p>krzywa dla ECDH</p>
<p>domy¶lnie: sect163r2</p>
</dd>
<dt><strong><a name="delay_yes_no" class="item"><strong>delay</strong> = yes | no</a></strong></dt>
<dd>
@ -433,14 +439,14 @@ dost
<p>wybierz urządzenie do odczyta klucza prywatnego</p>
<p>Urządzenia są numerowane od 1 w górę.</p>
</dd>
<dt><strong><a name="ka_do_programu" class="item"><strong>exec</strong> = ścieżka_do_programu (tylko Unix)</a></strong></dt>
<dt><strong><a name="exec_cie_ka_do_programu" class="item"><strong>exec</strong> = ¶cie¿ka_do_programu</a></strong></dt>
<dd>
<p>wykonaj lokalny program przystosowany do pracy z superdemonem inetd</p>
<p>Jeżeli zdefiniowano katalog <em>chroot</em>, to ścieżka do <em>exec</em> jest określona
względem tego katalogu.</p>
</dd>
<dt><strong><a name="execargs_0_1_2_tylko_unix" class="item"><strong>execargs</strong> = $0 $1 $2 ... (tylko Unix)</a></strong></dt>
<dt><strong><a name="execargs_0_1_2" class="item"><strong>execargs</strong> = $0 $1 $2 ...</a></strong></dt>
<dd>
<p>argumenty do opcji <em>exec</em> włącznie z nazwą programu ($0)</p>
@ -862,11 +868,6 @@ powy
<dd>
<p>plik konfiguracyjny programu</p>
</dd>
<dt><strong><a name="stunnel_pem" class="item"><em class="file">stunnel.pem</em></a></strong></dt>
<dd>
<p>certyfikat i klucz prywatny</p>
</dd>
</dl>
<p>
</p>

14
doc/stunnel.pl.pod
Просмотреть файл

@ -374,6 +374,12 @@ plik List Odwo
Opcja pozwala określić położenie pliku zawierającego listy CRL używane
przez opcję I<verify>.
=item B<curve> = nid
krzywa dla ECDH
domyślnie: sect163r2
=item B<delay> = yes | no
opóźnij rozwinięcie adresu DNS podanego w opcji I<connect>
@ -387,14 +393,14 @@ wybierz urz
Urządzenia są numerowane od 1 w górę.
=item B<exec> = ścieżka_do_programu (tylko Unix)
=item B<exec> = ścieżka_do_programu
wykonaj lokalny program przystosowany do pracy z superdemonem inetd
Jeżeli zdefiniowano katalog I<chroot>, to ścieżka do I<exec> jest określona
względem tego katalogu.
=item B<execargs> = $0 $1 $2 ... (tylko Unix)
=item B<execargs> = $0 $1 $2 ...
argumenty do opcji I<exec> włącznie z nazwą programu ($0)
@ -816,10 +822,6 @@ I<stunnel>.
plik konfiguracyjny programu
=item F<stunnel.pem>
certyfikat i klucz prywatny
=back

14
doc/stunnel.pod
Просмотреть файл

@ -356,6 +356,12 @@ Certificate Revocation Lists file
This file contains multiple CRLs, used with the I<verify>.
=item B<curve> = nid
specify ECDH curve name
default: sect163r2
=item B<delay> = yes | no
delay DNS lookup for 'connect' option
@ -369,13 +375,13 @@ select engine number to read private key
The engines are numbered starting from 1.
=item B<exec> = executable_path (Unix only)
=item B<exec> = executable_path
execute local inetd-type program
I<exec> path is relative to I<chroot> directory if specified.
=item B<execargs> = $0 $1 $2 ... (Unix only)
=item B<execargs> = $0 $1 $2 ...
arguments for I<exec> including program name ($0)
@ -777,10 +783,6 @@ OpenSSLs.
B<stunnel> configuration file
=item F<stunnel.pem>
B<stunnel> certificate and private key
=back

7377
m4/libtool.m4 поставляемый Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

368
m4/ltoptions.m4 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,368 @@
# Helper functions for option handling. -*- Autoconf -*-
#
# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# serial 6 ltoptions.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
# ------------------------------------------
m4_define([_LT_MANGLE_OPTION],
[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
# ---------------------------------------
# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
# matching handler defined, dispatch to it. Other OPTION-NAMEs are
# saved as a flag.
m4_define([_LT_SET_OPTION],
[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
_LT_MANGLE_DEFUN([$1], [$2]),
[m4_warning([Unknown $1 option `$2'])])[]dnl
])
# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
# ------------------------------------------------------------
# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
m4_define([_LT_IF_OPTION],
[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
# -------------------------------------------------------
# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
# are set.
m4_define([_LT_UNLESS_OPTIONS],
[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
[m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
[m4_define([$0_found])])])[]dnl
m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
])[]dnl
])
# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
# ----------------------------------------
# OPTION-LIST is a space-separated list of Libtool options associated
# with MACRO-NAME. If any OPTION has a matching handler declared with
# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
# the unknown option and exit.
m4_defun([_LT_SET_OPTIONS],
[# Set options
m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
[_LT_SET_OPTION([$1], _LT_Option)])
m4_if([$1],[LT_INIT],[
dnl
dnl Simply set some default values (i.e off) if boolean options were not
dnl specified:
_LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
])
_LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
])
dnl
dnl If no reference was made to various pairs of opposing options, then
dnl we run the default mode handler for the pair. For example, if neither
dnl `shared' nor `disable-shared' was passed, we enable building of shared
dnl archives by default:
_LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
_LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
_LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
_LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
[_LT_ENABLE_FAST_INSTALL])
])
])# _LT_SET_OPTIONS
## --------------------------------- ##
## Macros to handle LT_INIT options. ##
## --------------------------------- ##
# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
# -----------------------------------------
m4_define([_LT_MANGLE_DEFUN],
[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
# -----------------------------------------------
m4_define([LT_OPTION_DEFINE],
[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
])# LT_OPTION_DEFINE
# dlopen
# ------
LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
])
AU_DEFUN([AC_LIBTOOL_DLOPEN],
[_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `dlopen' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
# win32-dll
# ---------
# Declare package support for building win32 dll's.
LT_OPTION_DEFINE([LT_INIT], [win32-dll],
[enable_win32_dll=yes
case $host in
*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*)
AC_CHECK_TOOL(AS, as, false)
AC_CHECK_TOOL(DLLTOOL, dlltool, false)
AC_CHECK_TOOL(OBJDUMP, objdump, false)
;;
esac
test -z "$AS" && AS=as
_LT_DECL([], [AS], [0], [Assembler program])dnl
test -z "$DLLTOOL" && DLLTOOL=dlltool
_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl
test -z "$OBJDUMP" && OBJDUMP=objdump
_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl
])# win32-dll
AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
_LT_SET_OPTION([LT_INIT], [win32-dll])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `win32-dll' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
# _LT_ENABLE_SHARED([DEFAULT])
# ----------------------------
# implement the --enable-shared flag, and supports the `shared' and
# `disable-shared' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
m4_define([_LT_ENABLE_SHARED],
[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([shared],
[AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
[p=${PACKAGE-default}
case $enableval in
yes) enable_shared=yes ;;
no) enable_shared=no ;;
*)
enable_shared=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
for pkg in $enableval; do
IFS="$lt_save_ifs"
if test "X$pkg" = "X$p"; then
enable_shared=yes
fi
done
IFS="$lt_save_ifs"
;;
esac],
[enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
_LT_DECL([build_libtool_libs], [enable_shared], [0],
[Whether or not to build shared libraries])
])# _LT_ENABLE_SHARED
LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
# Old names:
AC_DEFUN([AC_ENABLE_SHARED],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
])
AC_DEFUN([AC_DISABLE_SHARED],
[_LT_SET_OPTION([LT_INIT], [disable-shared])
])
AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AM_ENABLE_SHARED], [])
dnl AC_DEFUN([AM_DISABLE_SHARED], [])
# _LT_ENABLE_STATIC([DEFAULT])
# ----------------------------
# implement the --enable-static flag, and support the `static' and
# `disable-static' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
m4_define([_LT_ENABLE_STATIC],
[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([static],
[AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
[p=${PACKAGE-default}
case $enableval in
yes) enable_static=yes ;;
no) enable_static=no ;;
*)
enable_static=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
for pkg in $enableval; do
IFS="$lt_save_ifs"
if test "X$pkg" = "X$p"; then
enable_static=yes
fi
done
IFS="$lt_save_ifs"
;;
esac],
[enable_static=]_LT_ENABLE_STATIC_DEFAULT)
_LT_DECL([build_old_libs], [enable_static], [0],
[Whether or not to build static libraries])
])# _LT_ENABLE_STATIC
LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
# Old names:
AC_DEFUN([AC_ENABLE_STATIC],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
])
AC_DEFUN([AC_DISABLE_STATIC],
[_LT_SET_OPTION([LT_INIT], [disable-static])
])
AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AM_ENABLE_STATIC], [])
dnl AC_DEFUN([AM_DISABLE_STATIC], [])
# _LT_ENABLE_FAST_INSTALL([DEFAULT])
# ----------------------------------
# implement the --enable-fast-install flag, and support the `fast-install'
# and `disable-fast-install' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
m4_define([_LT_ENABLE_FAST_INSTALL],
[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([fast-install],
[AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
[optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
[p=${PACKAGE-default}
case $enableval in
yes) enable_fast_install=yes ;;
no) enable_fast_install=no ;;
*)
enable_fast_install=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
for pkg in $enableval; do
IFS="$lt_save_ifs"
if test "X$pkg" = "X$p"; then
enable_fast_install=yes
fi
done
IFS="$lt_save_ifs"
;;
esac],
[enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
_LT_DECL([fast_install], [enable_fast_install], [0],
[Whether or not to optimize for fast installation])dnl
])# _LT_ENABLE_FAST_INSTALL
LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
# Old names:
AU_DEFUN([AC_ENABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `fast-install' option into LT_INIT's first parameter.])
])
AU_DEFUN([AC_DISABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `disable-fast-install' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# _LT_WITH_PIC([MODE])
# --------------------
# implement the --with-pic flag, and support the `pic-only' and `no-pic'
# LT_INIT options.
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
[AS_HELP_STRING([--with-pic],
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
[pic_mode="$withval"],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
])# _LT_WITH_PIC
LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
# Old name:
AU_DEFUN([AC_LIBTOOL_PICMODE],
[_LT_SET_OPTION([LT_INIT], [pic-only])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `pic-only' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
## ----------------- ##
## LTDL_INIT Options ##
## ----------------- ##
m4_define([_LTDL_MODE], [])
LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
[m4_define([_LTDL_MODE], [nonrecursive])])
LT_OPTION_DEFINE([LTDL_INIT], [recursive],
[m4_define([_LTDL_MODE], [recursive])])
LT_OPTION_DEFINE([LTDL_INIT], [subproject],
[m4_define([_LTDL_MODE], [subproject])])
m4_define([_LTDL_TYPE], [])
LT_OPTION_DEFINE([LTDL_INIT], [installable],
[m4_define([_LTDL_TYPE], [installable])])
LT_OPTION_DEFINE([LTDL_INIT], [convenience],
[m4_define([_LTDL_TYPE], [convenience])])

123
m4/ltsugar.m4 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,123 @@
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# serial 6 ltsugar.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
# lt_join(SEP, ARG1, [ARG2...])
# -----------------------------
# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
# associated separator.
# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
# versions in m4sugar had bugs.
m4_define([lt_join],
[m4_if([$#], [1], [],
[$#], [2], [[$2]],
[m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
m4_define([_lt_join],
[m4_if([$#$2], [2], [],
[m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
# lt_car(LIST)
# lt_cdr(LIST)
# ------------
# Manipulate m4 lists.
# These macros are necessary as long as will still need to support
# Autoconf-2.59 which quotes differently.
m4_define([lt_car], [[$1]])
m4_define([lt_cdr],
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
[$#], 1, [],
[m4_dquote(m4_shift($@))])])
m4_define([lt_unquote], $1)
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
# ------------------------------------------
# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
# Note that neither SEPARATOR nor STRING are expanded; they are appended
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
# No SEPARATOR is output if MACRO-NAME was previously undefined (different
# than defined and empty).
#
# This macro is needed until we can rely on Autoconf 2.62, since earlier
# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
m4_define([lt_append],
[m4_define([$1],
m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
# ----------------------------------------------------------
# Produce a SEP delimited list of all paired combinations of elements of
# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
# has the form PREFIXmINFIXSUFFIXn.
# Needed until we can rely on m4_combine added in Autoconf 2.62.
m4_define([lt_combine],
[m4_if(m4_eval([$# > 3]), [1],
[m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
[[m4_foreach([_Lt_prefix], [$2],
[m4_foreach([_Lt_suffix],
]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
# -----------------------------------------------------------------------
# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
m4_define([lt_if_append_uniq],
[m4_ifdef([$1],
[m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
[lt_append([$1], [$2], [$3])$4],
[$5])],
[lt_append([$1], [$2], [$3])$4])])
# lt_dict_add(DICT, KEY, VALUE)
# -----------------------------
m4_define([lt_dict_add],
[m4_define([$1($2)], [$3])])
# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
# --------------------------------------------
m4_define([lt_dict_add_subkey],
[m4_define([$1($2:$3)], [$4])])
# lt_dict_fetch(DICT, KEY, [SUBKEY])
# ----------------------------------
m4_define([lt_dict_fetch],
[m4_ifval([$3],
m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
# -----------------------------------------------------------------
m4_define([lt_if_dict_fetch],
[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
[$5],
[$6])])
# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
# --------------------------------------------------------------
m4_define([lt_dict_filter],
[m4_if([$5], [], [],
[lt_join(m4_quote(m4_default([$4], [[, ]])),
lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
[lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
])

23
m4/ltversion.m4 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,23 @@
# ltversion.m4 -- version numbers -*- Autoconf -*-
#
# Copyright (C) 2004 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# Generated from ltversion.in.
# serial 3017 ltversion.m4
# This file is part of GNU Libtool
m4_define([LT_PACKAGE_VERSION], [2.2.6b])
m4_define([LT_PACKAGE_REVISION], [1.3017])
AC_DEFUN([LTVERSION_VERSION],
[macro_version='2.2.6b'
macro_revision='1.3017'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])

92
m4/lt~obsolete.m4 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,92 @@
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# serial 4 lt~obsolete.m4
# These exist entirely to fool aclocal when bootstrapping libtool.
#
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
# which have later been changed to m4_define as they aren't part of the
# exported API, or moved to Autoconf or Automake where they belong.
#
# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
# using a macro with the same name in our local m4/libtool.m4 it'll
# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
# and doesn't know about Autoconf macros at all.)
#
# So we provide this file, which has a silly filename so it's always
# included after everything else. This provides aclocal with the
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
# because those macros already exist, or will be overwritten later.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
#
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
# Yes, that means every name once taken will need to remain here until
# we give up compatibility with versions before 1.7, at which point
# we need to keep only those names which we still refer to.
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])])
m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])

8
src/Makefile.am
Просмотреть файл

@ -35,15 +35,15 @@ EXTRA_DIST = stunnel.exe make.bat mingw.mak makece.bat evc.mak vc.mak nogui.c os
EXTRA_PROGRAMS = stunnel.exe
stunnel_exe_SOURCES = $(common_headers) $(common_sources) $(win32_sources)
OPENSSLDIR=/usr/src/openssl-1.0.0
WINCFLAGS=-O2 -Wall -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
OPENSSLDIR=/usr/src/openssl-1.0.0a
WINCFLAGS=-O2 -Wall -Wextra -pedantic -Wno-long-long -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
WINLIBS=-L$(OPENSSLDIR) -lzdll -lcrypto.dll -lssl.dll -lws2_32 -lgdi32 -mwindows
# OPENSSLDIR=/usr/src/openssl-0.9.7m-fips
# WINCFLAGS=-O2 -Wall -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINCFLAGS=-O2 -Wall -Wextra -pedantic -Wno-long-long -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINLIBS=-L$(OPENSSLDIR) -lzdll -lcrypto -lssl -lws2_32 -lgdi32 -mwindows
# WINCFLAGS=-O2 -Wall -I/usr/src/openssl-0.9.7m/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINCFLAGS=-O2 -Wall -Wextra -pedantic -Wno-long-long -I/usr/src/openssl-0.9.7m/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINLIBS=-L../../FIPS -leay32 -lssl32 -lws2_32 -lgdi32 -mwindows
WINOBJ=file.obj client.obj log.obj options.obj protocol.obj network.obj resolver.obj ssl.obj ctx.obj verify.obj sthreads.obj stunnel.obj gui.obj resources.obj

252
src/Makefile.in
Просмотреть файл

@ -1,8 +1,9 @@
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -20,8 +21,9 @@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@ -42,20 +44,38 @@ subdir = src
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
$(srcdir)/stunnel3.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES = stunnel3
CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(bindir)" \
"$(DESTDIR)$(bindir)"
pkglibLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(pkglib_LTLIBRARIES)
libstunnel_la_LIBADD =
am__objects_1 = env.lo
@ -64,7 +84,6 @@ libstunnel_la_OBJECTS = $(am_libstunnel_la_OBJECTS)
libstunnel_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libstunnel_la_LDFLAGS) $(LDFLAGS) -o $@
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(bin_PROGRAMS)
am__objects_2 =
am__objects_3 = file.$(OBJEXT) client.$(OBJEXT) log.$(OBJEXT) \
@ -81,11 +100,11 @@ am_stunnel_exe_OBJECTS = $(am__objects_2) $(am__objects_3) \
$(am__objects_5)
stunnel_exe_OBJECTS = $(am_stunnel_exe_OBJECTS)
stunnel_exe_LDADD = $(LDADD)
binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
SCRIPTS = $(bin_SCRIPTS)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/auto/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@ -114,44 +133,47 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFAULT_GROUP = @DEFAULT_GROUP@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DSYMUTIL = @DSYMUTIL@
ECHO = @ECHO@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
FFLAGS = @FFLAGS@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANDOM_FILE = @RANDOM_FILE@
@ -160,15 +182,13 @@ SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
USE_DH = @USE_DH@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@ -199,6 +219,7 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@ -212,6 +233,7 @@ srcdir = @srcdir@
ssldir = @ssldir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
common_headers = common.h prototypes.h
@ -236,15 +258,15 @@ AM_CPPFLAGS = -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' -DPI
# Win32 executable
EXTRA_DIST = stunnel.exe make.bat mingw.mak makece.bat evc.mak vc.mak nogui.c os2.mak
stunnel_exe_SOURCES = $(common_headers) $(common_sources) $(win32_sources)
OPENSSLDIR = /usr/src/openssl-1.0.0
WINCFLAGS = -O2 -Wall -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
OPENSSLDIR = /usr/src/openssl-1.0.0a
WINCFLAGS = -O2 -Wall -Wextra -pedantic -Wno-long-long -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
WINLIBS = -L$(OPENSSLDIR) -lzdll -lcrypto.dll -lssl.dll -lws2_32 -lgdi32 -mwindows
# OPENSSLDIR=/usr/src/openssl-0.9.7m-fips
# WINCFLAGS=-O2 -Wall -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINCFLAGS=-O2 -Wall -Wextra -pedantic -Wno-long-long -I$(OPENSSLDIR)/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINLIBS=-L$(OPENSSLDIR) -lzdll -lcrypto -lssl -lws2_32 -lgdi32 -mwindows
# WINCFLAGS=-O2 -Wall -I/usr/src/openssl-0.9.7m/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINCFLAGS=-O2 -Wall -Wextra -pedantic -Wno-long-long -I/usr/src/openssl-0.9.7m/include -DUSE_WIN32=1 -DVERSION=\"@VERSION@\"
# WINLIBS=-L../../FIPS -leay32 -lssl32 -lws2_32 -lgdi32 -mwindows
WINOBJ = file.obj client.obj log.obj options.obj protocol.obj network.obj resolver.obj ssl.obj ctx.obj verify.obj sthreads.obj stunnel.obj gui.obj resources.obj
WINPREFIX = i586-mingw32msvc-
@ -259,14 +281,14 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu src/Makefile
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@ -284,25 +306,30 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
stunnel3: $(top_builddir)/config.status $(srcdir)/stunnel3.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(pkglibdir)" || $(MKDIR_P) "$(DESTDIR)$(pkglibdir)"
@list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
f=$(am__strip_dir) \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pkglibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(pkglibdir)/$$f'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pkglibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(pkglibdir)/$$f"; \
list2="$$list2 $$p"; \
else :; fi; \
done
done; \
test -z "$$list2" || { \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
}
uninstall-pkglibLTLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \
p=$(am__strip_dir) \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$p'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$p"; \
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
for p in $$list; do \
$(am__strip_dir) \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
done
clean-pkglibLTLIBRARIES:
@ -318,53 +345,83 @@ libstunnel.la: $(libstunnel_la_OBJECTS) $(libstunnel_la_DEPENDENCIES)
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@list='$(bin_PROGRAMS)'; for p in $$list; do \
p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
if test -f $$p \
|| test -f $$p1 \
; then \
f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
$(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
else :; fi; \
done
@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
while read p p1; do if test -f $$p || test -f $$p1; \
then echo "$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
-e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) files[d] = files[d] " " $$1; \
else { print "f", $$3 "/" $$4, $$1; } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
$(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
} \
; done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
rm -f "$(DESTDIR)$(bindir)/$$f"; \
done
@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-e 's/$$/$(EXEEXT)/' `; \
test -n "$$list" || exit 0; \
echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(bindir)" && rm -f $$files
clean-binPROGRAMS:
@list='$(bin_PROGRAMS)'; for p in $$list; do \
f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
echo " rm -f $$p $$f"; \
rm -f $$p $$f ; \
done
@list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
stunnel$(EXEEXT): $(stunnel_OBJECTS) $(stunnel_DEPENDENCIES)
@rm -f stunnel$(EXEEXT)
$(LINK) $(stunnel_OBJECTS) $(stunnel_LDADD) $(LIBS)
install-binSCRIPTS: $(bin_SCRIPTS)
@$(NORMAL_INSTALL)
test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@list='$(bin_SCRIPTS)'; for p in $$list; do \
@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f $$d$$p; then \
f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
$(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
else :; fi; \
done
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n' \
-e 'h;s|.*|.|' \
-e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) { files[d] = files[d] " " $$1; \
if (++n[d] == $(am__install_max)) { \
print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
else { print "f", d "/" $$4, $$1 } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
$(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
} \
; done
uninstall-binSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(bin_SCRIPTS)'; for p in $$list; do \
f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
rm -f "$(DESTDIR)$(bindir)/$$f"; \
done
@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
test -n "$$list" || exit 0; \
echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(bindir)" && rm -f $$files
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@ -391,21 +448,21 @@ distclean-compile:
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
@ -421,14 +478,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@ -436,29 +493,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@ -479,13 +541,17 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@ -516,6 +582,7 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@ -537,6 +604,8 @@ dvi-am:
html: html-am
html-am:
info: info-am
info-am:
@ -545,19 +614,29 @@ install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-binPROGRAMS install-binSCRIPTS \
install-pkglibLTLIBRARIES
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
@ -612,6 +691,7 @@ resources.obj: resources.rc resources.h
mostlyclean-local:
-rm -f *.obj
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

378
src/client.c
Просмотреть файл

@ -51,10 +51,8 @@
#define SHUT_RDWR 2
#endif
#if SSLEAY_VERSION_NUMBER >= 0x0922
static char *sid_ctx="stunnel SID";
/* const allowed here */
#endif
static void do_client(CLI *);
static void run_client(CLI *);
@ -279,10 +277,8 @@ static void init_ssl(CLI *c) {
longjmp(c->err, 1);
}
SSL_set_ex_data(c->ssl, cli_index, c); /* for callbacks */
#if SSLEAY_VERSION_NUMBER >= 0x0922
SSL_set_session_id_context(c->ssl, (unsigned char *)sid_ctx,
strlen(sid_ctx));
#endif
if(c->opt->option.client) {
if(c->opt->session) {
enter_critical_section(CRIT_SESSION);
@ -376,61 +372,45 @@ static void init_ssl(CLI *c) {
}
}
/****************************** some defines for transfer() */
/* is socket/SSL open for read/write? */
#define sock_rd (c->sock_rfd->rd)
#define sock_wr (c->sock_wfd->wr)
#define ssl_rd (c->ssl_rfd->rd)
#define ssl_wr (c->ssl_wfd->wr)
/* NOTE: above defines are related to the logical data stream,
* not the underlying file descriptors */
/* is socket/SSL ready for read/write? */
#define sock_can_rd (s_poll_canread(&c->fds, c->sock_rfd->fd))
#define sock_can_wr (s_poll_canwrite(&c->fds, c->sock_wfd->fd))
#define ssl_can_rd (s_poll_canread(&c->fds, c->ssl_rfd->fd))
#define ssl_can_wr (s_poll_canwrite(&c->fds, c->ssl_wfd->fd))
/****************************** transfer data */
static void transfer(CLI *c) {
int watchdog=0; /* a counter to detect an infinite loop */
int error;
socklen_t optlen;
int num, err, check_SSL_pending;
int SSL_shutdown_wants_read=0, SSL_shutdown_wants_write=0;
int SSL_write_wants_read=0, SSL_write_wants_write=0;
int SSL_read_wants_read=0, SSL_read_wants_write=0;
int num, err;
/* logical channels (not file descriptors!) open for read or write */
int sock_open_rd=1, sock_open_wr=1, ssl_open_rd=1, ssl_open_wr=1;
/* awaited conditions on SSL file descriptors */
int shutdown_wants_read=0, shutdown_wants_write=0;
int read_wants_read, read_wants_write=0;
int write_wants_read=0, write_wants_write;
/* actual conditions on file descriptors */
int sock_can_rd, sock_can_wr, ssl_can_rd, ssl_can_wr;
c->sock_ptr=c->ssl_ptr=0;
sock_rd=sock_wr=ssl_rd=ssl_wr=1;
do { /* main loop */
/* set flag to try and read any buffered SSL data
* if we made room in the buffer by writing to the socket */
check_SSL_pending=0;
SSL_read_wants_read=
ssl_rd && c->ssl_ptr<BUFFSIZE && !SSL_read_wants_write;
SSL_write_wants_write=
ssl_wr && c->sock_ptr && !SSL_write_wants_read;
do { /* main loop of client data transfer */
/****************************** initialize *_wants_* */
read_wants_read=
ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write;
write_wants_write=
ssl_open_wr && c->sock_ptr && !write_wants_read;
/****************************** setup c->fds structure */
s_poll_init(&c->fds); /* initialize the structure */
if(sock_rd && c->sock_ptr<BUFFSIZE)
s_poll_add(&c->fds, c->sock_rfd->fd, 1, 0);
if(SSL_read_wants_read ||
SSL_write_wants_read ||
SSL_shutdown_wants_read)
/* for plain socket open data strem = open file descriptor */
/* make sure to add each open socket to receive exceptions! */
if(sock_open_rd)
s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0);
if(sock_open_wr)
s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr);
/* for SSL assume that sockets are open if there any pending requests */
if(read_wants_read || write_wants_read || shutdown_wants_read)
s_poll_add(&c->fds, c->ssl_rfd->fd, 1, 0);
if(sock_wr && c->ssl_ptr)
s_poll_add(&c->fds, c->sock_wfd->fd, 0, 1);
if(SSL_read_wants_write ||
SSL_write_wants_write ||
SSL_shutdown_wants_write)
if(read_wants_write || write_wants_write || shutdown_wants_write)
s_poll_add(&c->fds, c->ssl_wfd->fd, 0, 1);
/****************************** wait for an event */
err=s_poll_wait(&c->fds, (sock_rd && ssl_rd) /* both peers open */ ||
err=s_poll_wait(&c->fds,
(sock_open_rd && ssl_open_rd) /* both peers open */ ||
c->ssl_ptr /* data buffered to write to socket */ ||
c->sock_ptr /* data buffered to write to SSL */ ?
c->opt->timeout_idle : c->opt->timeout_close, 0);
@ -439,7 +419,7 @@ static void transfer(CLI *c) {
sockerror("transfer: s_poll_wait");
longjmp(c->err, 1);
case 0: /* timeout */
if((sock_rd && ssl_rd) || c->ssl_ptr || c->sock_ptr) {
if((sock_open_rd && ssl_open_rd) || c->ssl_ptr || c->sock_ptr) {
s_log(LOG_INFO, "s_poll_wait timeout: connection reset");
longjmp(c->err, 1);
} else { /* already closing connection */
@ -447,33 +427,78 @@ static void transfer(CLI *c) {
return; /* OK */
}
}
/****************************** check for errors on sockets */
err=s_poll_error(&c->fds, c->sock_rfd->fd);
if(err) {
s_log(LOG_NOTICE,
"Error detected on socket (read) file descriptor: %s (%d)",
s_strerror(err), err);
longjmp(c->err, 1);
}
if(c->sock_wfd->fd != c->sock_rfd->fd) { /* performance optimization */
err=s_poll_error(&c->fds, c->sock_wfd->fd);
if(err) {
s_log(LOG_NOTICE,
"Error detected on socket write file descriptor: %s (%d)",
s_strerror(err), err);
longjmp(c->err, 1);
}
}
err=s_poll_error(&c->fds, c->ssl_rfd->fd);
if(err) {
s_log(LOG_NOTICE,
"Error detected on SSL (read) file descriptor: %s (%d)",
s_strerror(err), err);
longjmp(c->err, 1);
}
if(c->ssl_wfd->fd != c->ssl_rfd->fd) { /* performance optimization */
err=s_poll_error(&c->fds, c->ssl_wfd->fd);
if(err) {
s_log(LOG_NOTICE,
"Error detected on SSL write file descriptor: %s (%d)",
s_strerror(err), err);
longjmp(c->err, 1);
}
}
/****************************** retrieve results from c->fds */
sock_can_rd=s_poll_canread(&c->fds, c->sock_rfd->fd);
sock_can_wr=s_poll_canwrite(&c->fds, c->sock_wfd->fd);
ssl_can_rd=s_poll_canread(&c->fds, c->ssl_rfd->fd);
ssl_can_wr=s_poll_canwrite(&c->fds, c->ssl_wfd->fd);
/****************************** checks for internal failures */
/* please report any internal errors to stunnel-users mailing list */
if(!(sock_can_rd || sock_can_wr || ssl_can_rd || ssl_can_wr)) {
s_log(LOG_ERR, "INTERNAL ERROR: "
"s_poll_wait returned %d, but no descriptor is ready", err);
longjmp(c->err, 1);
}
if(!sock_rd && sock_can_rd) {
optlen=sizeof error;
if(getsockopt(c->sock_rfd->fd, SOL_SOCKET, SO_ERROR,
(void *)&error, &optlen))
error=get_last_socket_error(); /* failed -> ask why */
if(error) { /* really an error? */
s_log(LOG_ERR, "Closed socket ready to read: %s (%d)",
my_strerror(error), error);
/* these checks should no longer be needed */
/* I'm going to remove them soon */
if(!sock_open_rd && sock_can_rd) {
err=get_socket_error(c->sock_rfd->fd);
if(err) { /* really an error? */
s_log(LOG_ERR, "INTERNAL ERROR: "
"Closed socket ready to read: %s (%d)",
s_strerror(err), err);
longjmp(c->err, 1);
}
if(c->ssl_ptr) { /* anything left to write */
s_log(LOG_ERR, "Closed socket ready to read - reset");
s_log(LOG_ERR, "INTERNAL ERROR: "
"Closed socket ready to read: reset");
longjmp(c->err, 1);
}
s_log(LOG_INFO, "Closed socket ready to read - write close");
sock_wr=0; /* no further write allowed */
s_log(LOG_ERR, "INTERNAL ERROR: "
"Closed socket ready to read: write close");
sock_open_wr=0; /* no further write allowed */
shutdown(c->sock_wfd->fd, SHUT_WR); /* send TCP FIN */
}
/****************************** send SSL close_notify message */
if(SSL_shutdown_wants_read || SSL_shutdown_wants_write) {
SSL_shutdown_wants_read=SSL_shutdown_wants_write=0;
if(shutdown_wants_read || shutdown_wants_write) {
shutdown_wants_read=shutdown_wants_write=0;
num=SSL_shutdown(c->ssl); /* send close_notify */
if(num<0) /* -1 - not completed */
err=SSL_get_error(c->ssl, num);
@ -485,11 +510,11 @@ static void transfer(CLI *c) {
break;
case SSL_ERROR_WANT_WRITE:
s_log(LOG_DEBUG, "SSL_shutdown returned WANT_WRITE: retrying");
SSL_shutdown_wants_write=1;
shutdown_wants_write=1;
break;
case SSL_ERROR_WANT_READ:
s_log(LOG_DEBUG, "SSL_shutdown returned WANT_READ: retrying");
SSL_shutdown_wants_read=1;
shutdown_wants_read=1;
break;
case SSL_ERROR_SYSCALL: /* socket error */
parse_socket_error(c, "SSL_shutdown");
@ -503,8 +528,26 @@ static void transfer(CLI *c) {
}
}
/****************************** read from socket */
if(sock_open_rd && sock_can_rd) {
num=readsocket(c->sock_rfd->fd,
c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
switch(num) {
case -1:
parse_socket_error(c, "readsocket");
break;
case 0: /* close */
s_log(LOG_DEBUG, "Socket closed on read");
sock_open_rd=0;
break;
default:
c->sock_ptr+=num;
watchdog=0; /* reset watchdog */
}
}
/****************************** write to socket */
if(sock_wr && sock_can_wr) {
if(sock_open_wr && sock_can_wr) {
num=writesocket(c->sock_wfd->fd, c->ssl_buff, c->ssl_ptr);
switch(num) {
case -1: /* error */
@ -515,88 +558,25 @@ static void transfer(CLI *c) {
break;
default:
memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num);
if(c->ssl_ptr==BUFFSIZE) /* buffer was previously full */
check_SSL_pending=1; /* check for data buffered by SSL */
c->ssl_ptr-=num;
c->sock_bytes+=num;
watchdog=0; /* reset watchdog */
}
}
/****************************** write to SSL */
if((SSL_write_wants_read && ssl_can_rd) ||
(SSL_write_wants_write && ssl_can_wr)) {
SSL_write_wants_read=0;
num=SSL_write(c->ssl, c->sock_buff, c->sock_ptr);
switch(err=SSL_get_error(c->ssl, num)) {
case SSL_ERROR_NONE:
memmove(c->sock_buff, c->sock_buff+num, c->sock_ptr-num);
c->sock_ptr-=num;
c->ssl_bytes+=num;
watchdog=0; /* reset watchdog */
break;
case SSL_ERROR_WANT_WRITE: /* nothing unexpected */
break;
case SSL_ERROR_WANT_READ:
s_log(LOG_DEBUG, "SSL_write returned WANT_READ: retrying");
SSL_write_wants_read=1;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
s_log(LOG_DEBUG,
"SSL_write returned WANT_X509_LOOKUP: retrying");
break;
case SSL_ERROR_SYSCALL: /* socket error */
if(!num) { /* EOF */
if(c->sock_ptr) {
s_log(LOG_ERR,
"SSL socket closed on SSL_write "
"with %d byte(s) in buffer",
c->sock_ptr);
longjmp(c->err, 1); /* reset the socket */
}
s_log(LOG_DEBUG, "SSL socket closed on SSL_write");
ssl_rd=ssl_wr=0; /* buggy peer: no close_notify */
} else
parse_socket_error(c, "SSL_write");
break;
case SSL_ERROR_ZERO_RETURN: /* close_notify received */
s_log(LOG_DEBUG, "SSL closed on SSL_write");
ssl_rd=0;
if(!strcmp(SSL_get_version(c->ssl), "SSLv2"))
ssl_wr=0;
break;
case SSL_ERROR_SSL:
sslerror("SSL_write");
longjmp(c->err, 1);
default:
s_log(LOG_ERR, "SSL_write/SSL_get_error returned %d", err);
longjmp(c->err, 1);
}
}
/****************************** read from socket */
if(sock_rd && sock_can_rd) {
num=readsocket(c->sock_rfd->fd,
c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
switch(num) {
case -1:
parse_socket_error(c, "readsocket");
break;
case 0: /* close */
s_log(LOG_DEBUG, "Socket closed on read");
sock_rd=0;
break;
default:
c->sock_ptr+=num;
watchdog=0; /* reset watchdog */
}
}
/****************************** update *_wants_* based on new *_ptr */
/* this update is also required for SSL_pending() to be used */
read_wants_read=
ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write;
write_wants_write=
ssl_open_wr && c->sock_ptr && !write_wants_read;
/****************************** read from SSL */
if((SSL_read_wants_read && ssl_can_rd) ||
(SSL_read_wants_write && ssl_can_wr) ||
(check_SSL_pending && SSL_pending(c->ssl))) {
SSL_read_wants_write=0;
if((read_wants_read && (ssl_can_rd || SSL_pending(c->ssl))) ||
/* it may be possible to read some pending data after
* writesocket() above made some room in c->ssl_buff */
(read_wants_write && ssl_can_wr)) {
read_wants_write=0;
num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
switch(err=SSL_get_error(c->ssl, num)) {
case SSL_ERROR_NONE:
@ -605,7 +585,7 @@ static void transfer(CLI *c) {
break;
case SSL_ERROR_WANT_WRITE:
s_log(LOG_DEBUG, "SSL_read returned WANT_WRITE: retrying");
SSL_read_wants_write=1;
read_wants_write=1;
break;
case SSL_ERROR_WANT_READ: /* nothing unexpected */
break;
@ -623,15 +603,15 @@ static void transfer(CLI *c) {
longjmp(c->err, 1); /* reset the socket */
}
s_log(LOG_DEBUG, "SSL socket closed on SSL_read");
ssl_rd=ssl_wr=0; /* buggy peer: no close_notify */
ssl_open_rd=ssl_open_wr=0; /* buggy peer: no close_notify */
} else
parse_socket_error(c, "SSL_read");
break;
case SSL_ERROR_ZERO_RETURN: /* close_notify received */
s_log(LOG_DEBUG, "SSL closed on SSL_read");
ssl_rd=0;
ssl_open_rd=0;
if(!strcmp(SSL_get_version(c->ssl), "SSLv2"))
ssl_wr=0;
ssl_open_wr=0;
break;
case SSL_ERROR_SSL:
sslerror("SSL_read");
@ -642,23 +622,74 @@ static void transfer(CLI *c) {
}
}
/****************************** write to SSL */
if((write_wants_read && ssl_can_rd) ||
(write_wants_write && ssl_can_wr)) {
write_wants_read=0;
num=SSL_write(c->ssl, c->sock_buff, c->sock_ptr);
switch(err=SSL_get_error(c->ssl, num)) {
case SSL_ERROR_NONE:
memmove(c->sock_buff, c->sock_buff+num, c->sock_ptr-num);
c->sock_ptr-=num;
c->ssl_bytes+=num;
watchdog=0; /* reset watchdog */
break;
case SSL_ERROR_WANT_WRITE: /* nothing unexpected */
break;
case SSL_ERROR_WANT_READ:
s_log(LOG_DEBUG, "SSL_write returned WANT_READ: retrying");
write_wants_read=1;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
s_log(LOG_DEBUG,
"SSL_write returned WANT_X509_LOOKUP: retrying");
break;
case SSL_ERROR_SYSCALL: /* socket error */
if(!num) { /* EOF */
if(c->sock_ptr) {
s_log(LOG_ERR,
"SSL socket closed on SSL_write "
"with %d byte(s) in buffer",
c->sock_ptr);
longjmp(c->err, 1); /* reset the socket */
}
s_log(LOG_DEBUG, "SSL socket closed on SSL_write");
ssl_open_rd=ssl_open_wr=0; /* buggy peer: no close_notify */
} else
parse_socket_error(c, "SSL_write");
break;
case SSL_ERROR_ZERO_RETURN: /* close_notify received */
s_log(LOG_DEBUG, "SSL closed on SSL_write");
ssl_open_rd=0;
if(!strcmp(SSL_get_version(c->ssl), "SSLv2"))
ssl_open_wr=0;
break;
case SSL_ERROR_SSL:
sslerror("SSL_write");
longjmp(c->err, 1);
default:
s_log(LOG_ERR, "SSL_write/SSL_get_error returned %d", err);
longjmp(c->err, 1);
}
}
/****************************** check write shutdown conditions */
if(sock_wr && !ssl_rd && !c->ssl_ptr) {
s_log(LOG_DEBUG, "Socket write shutdown");
sock_wr=0; /* no further write allowed */
if(sock_open_wr && !ssl_open_rd && !c->ssl_ptr) {
s_log(LOG_DEBUG, "Sending socket write shutdown");
sock_open_wr=0; /* no further write allowed */
shutdown(c->sock_wfd->fd, SHUT_WR); /* send TCP FIN */
}
if(ssl_wr && !sock_rd && !c->sock_ptr) {
s_log(LOG_DEBUG, "SSL write shutdown");
ssl_wr=0; /* no further write allowed */
if(ssl_open_wr && !sock_open_rd && !c->sock_ptr) {
s_log(LOG_DEBUG, "Sending SSL write shutdown");
ssl_open_wr=0; /* no further write allowed */
if(strcmp(SSL_get_version(c->ssl), "SSLv2")) { /* SSLv3, TLSv1 */
SSL_shutdown_wants_write=1; /* initiate close_notify */
shutdown_wants_write=1; /* initiate close_notify */
} else { /* no alerts in SSLv2 including close_notify alert */
shutdown(c->sock_rfd->fd, SHUT_RD); /* notify the kernel */
shutdown(c->sock_wfd->fd, SHUT_WR); /* send TCP FIN */
SSL_set_shutdown(c->ssl, /* notify the OpenSSL library */
SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
ssl_rd=0; /* no further read allowed */
ssl_open_rd=0; /* no further read allowed */
}
}
@ -668,31 +699,33 @@ static void transfer(CLI *c) {
"transfer() loop executes not transferring any data");
s_log(LOG_ERR,
"please report the problem to Michal.Trojnara@mirt.net");
s_log(LOG_ERR, "protocol=%s, check_SSL_pending=%s",
SSL_get_version(c->ssl), check_SSL_pending ? "yes" : "no");
s_log(LOG_ERR, "socket open: rd=%s wr=%s, ssl open: rd=%s wr=%s",
sock_rd ? "yes" : "no", sock_wr ? "yes" : "no",
ssl_rd ? "yes" : "no", ssl_wr ? "yes" : "no");
s_log(LOG_ERR, "socket ready: rd=%s wr=%s, ssl ready: rd=%s wr=%s",
sock_can_rd ? "yes" : "no", sock_can_wr ? "yes" : "no",
ssl_can_rd ? "yes" : "no", ssl_can_wr ? "yes" : "no");
s_log(LOG_ERR,
"wants: SSL_read rd=%s wr=%s, "
"SSL_write rd=%s wr=%s, "
"SSL_shutdown rd=%s wr=%s",
SSL_read_wants_read ? "yes" : "no",
SSL_read_wants_write ? "yes" : "no",
SSL_write_wants_read ? "yes" : "no",
SSL_write_wants_write ? "yes" : "no",
SSL_shutdown_wants_read ? "yes" : "no",
SSL_shutdown_wants_write ? "yes" : "no");
stunnel_info(LOG_ERR);
s_log(LOG_ERR, "protocol=%s, SSL_pending=%d",
SSL_get_version(c->ssl), SSL_pending(c->ssl));
s_log(LOG_ERR, "sock_open_rd=%s, sock_open_wr=%s, "
"ssl_open_rd=%s, ssl_open_wr=%s",
sock_open_rd ? "Y" : "n", sock_open_wr ? "Y" : "n",
ssl_open_rd ? "Y" : "n", ssl_open_wr ? "Y" : "n");
s_log(LOG_ERR, "sock_can_rd=%s, sock_can_wr=%s, "
"ssl_can_rd=%s, ssl_can_wr=%s",
sock_can_rd ? "Y" : "n", sock_can_wr ? "Y" : "n",
ssl_can_rd ? "Y" : "n", ssl_can_wr ? "Y" : "n");
s_log(LOG_ERR, "read_wants_read=%s, read_wants_write=%s",
read_wants_read ? "Y" : "n",
read_wants_write ? "Y" : "n");
s_log(LOG_ERR, "write_wants_read=%s, write_wants_write=%s",
write_wants_read ? "Y" : "n",
write_wants_write ? "Y" : "n");
s_log(LOG_ERR, "shutdown_wants_read=%s, shutdown_wants_write=%s",
shutdown_wants_read ? "Y" : "n",
shutdown_wants_write ? "Y" : "n");
s_log(LOG_ERR, "socket input buffer: %d byte(s), "
"ssl input buffer: %d byte(s)", c->sock_ptr, c->ssl_ptr);
longjmp(c->err, 1);
}
} while(sock_wr || ssl_wr ||
SSL_shutdown_wants_read || SSL_shutdown_wants_write);
} while(sock_open_wr || ssl_open_wr ||
shutdown_wants_read || shutdown_wants_write);
}
static void parse_socket_error(CLI *c, const char *text) {
@ -718,10 +751,6 @@ static void parse_socket_error(CLI *c, const char *text) {
}
static void print_cipher(CLI *c) { /* print negotiated cipher */
#if SSLEAY_VERSION_NUMBER <= 0x0800
s_log(LOG_INFO, "Service %s opened with SSLv%d, cipher %s",
c->opt->servname, ssl->session->ssl_version, SSL_get_cipher(c->ssl));
#else
SSL_CIPHER *cipher;
char buf[STRLEN], *i, *j;
@ -742,7 +771,6 @@ static void print_cipher(CLI *c) { /* print negotiated cipher */
}
} while(*i++);
s_log(LOG_INFO, "Negotiated ciphers: %s", buf);
#endif
}
static void auth_user(CLI *c) {
@ -835,7 +863,7 @@ static int connect_local(CLI *c) { /* spawn local process */
if(c->opt->option.pty) {
char tty[STRLEN];
if(pty_allocate(fd, fd+1, tty, STRLEN))
if(pty_allocate(fd, fd+1, tty))
longjmp(c->err, 1);
s_log(LOG_DEBUG, "TTY=%s allocated", tty);
} else

11
src/common.h
Просмотреть файл

@ -197,9 +197,6 @@ typedef unsigned long u32;
#include <process.h> /* _beginthread */
#include <tchar.h>
#define NO_IDEA
#define OPENSSL_NO_IDEA
/**************************************** non-WIN32 headers */
#else /* USE_WIN32 */
@ -359,16 +356,20 @@ extern char *sys_errlist[];
#include <openssl/err.h>
#include <openssl/crypto.h> /* for CRYPTO_* and SSLeay_version */
#include <openssl/rand.h>
#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif
#include <openssl/des.h>
#ifdef HAVE_OSSL_ENGINE_H
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#else
#undef HAVE_OSSL_ENGINE_H
#endif
#endif /* HAVE_OSSL_ENGINE_H */
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
#include <openssl/ocsp.h>
#endif /* OpenSSL-0.9.7 */
#ifdef USE_FIPS
#include <openssl/fips.h>

178
src/ctx.c
Просмотреть файл

@ -38,29 +38,29 @@
#include "common.h"
#include "prototypes.h"
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
/* cache temporary keys up to 2048 bits */
#define KEY_CACHE_LENGTH 2049
/* cache temporary keys up to 1 hour */
#define KEY_CACHE_TIME 3600
#endif /* NO_RSA */
#endif /* OPENSSL_NO_RSA */
/**************************************** prototypes */
/* RSA/DH initialization */
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
static RSA *tmp_rsa_cb(SSL *, int, int);
static RSA *make_temp_key(int);
#endif /* NO_RSA */
#ifdef USE_DH
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DH
static int init_dh(SSL_CTX *, SERVICE_OPTIONS *);
#endif /* USE_DH */
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
static int init_ecdh(SSL_CTX *, SERVICE_OPTIONS *);
#endif /* USE_ECDH */
/* loading certificate */
static int load_certificate(SERVICE_OPTIONS *);
static int load_pem_cert(SERVICE_OPTIONS *);
static int password_cb(char *, int, int, void *);
/* session cache callbacks */
@ -73,14 +73,10 @@ static void cache_transfer(SSL_CTX *, const unsigned int, const unsigned,
unsigned char **, unsigned int *);
/* info callbacks */
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
static void info_callback(const SSL *, int, int);
#else /* OpenSSL-0.9.7 */
static void info_callback(SSL *, int, int);
#endif /* OpenSSL-0.9.7 */
static void print_stats(SSL_CTX *);
static void sslerror_stack(void);
static void sslerror_queue(void);
/**************************************** initialize section->ctx */
@ -93,7 +89,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
#ifdef HAVE_OSSL_ENGINE_H
if(!section->engine)
#endif
if(section->option.cert) {
if(section->key) {
if(stat(section->key, &st)) {
ioerror(section->key);
return 0;
@ -110,14 +106,16 @@ int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
else /* server mode */
section->ctx=SSL_CTX_new(section->server_method);
SSL_CTX_set_ex_data(section->ctx, opt_index, section); /* for callbacks */
if(!section->option.client) { /* RSA/DH callbacks */
#ifndef NO_RSA
if(!section->option.client) { /* RSA/DH/ECDH server mode initialization */
#ifndef OPENSSL_NO_RSA
SSL_CTX_set_tmp_rsa_callback(section->ctx, tmp_rsa_cb);
#endif /* NO_RSA */
#ifdef USE_DH
if(!init_dh(section->ctx, section))
s_log(LOG_WARNING, "Diffie-Hellman initialization failed");
#endif /* USE_DH */
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DH
init_dh(section->ctx, section); /* ignore the result */
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
init_ecdh(section->ctx, section); /* ignore the result */
#endif /* OPENSSL_NO_ECDH */
}
if(section->ssl_options) {
s_log(LOG_DEBUG, "Configuration SSL options: 0x%08lX",
@ -131,10 +129,8 @@ int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
return 0;
}
}
#if SSLEAY_VERSION_NUMBER >= 0x00906000L
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif /* OpenSSL-0.9.6 */
/* session cache */
SSL_CTX_set_session_cache_mode(section->ctx, SSL_SESS_CACHE_BOTH);
@ -149,9 +145,8 @@ int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
SSL_CTX_set_info_callback(section->ctx, info_callback);
/* initialize certificate verification */
if(section->option.cert)
if(!load_certificate(section))
return 0;
if(!load_pem_cert(section))
return 0;
if(!verify_init(section))
return 0;
@ -162,7 +157,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
/**************************************** temporary RSA keys generation */
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
static RSA *tmp_rsa_cb(SSL *s, int export, int keylen) {
static int initialized=0;
@ -177,6 +172,8 @@ static RSA *tmp_rsa_cb(SSL *s, int export, int keylen) {
time_t now;
int i;
(void)s; /* skip warning about unused parameter */
(void)export; /* skip warning about unused parameter */
enter_critical_section(CRIT_KEYGEN);
/* only one make_temp_key() at a time */
if(!initialized) {
@ -215,73 +212,80 @@ static RSA *make_temp_key(int keylen) {
RSA *result;
s_log(LOG_DEBUG, "Generating %d bit temporary RSA key...", keylen);
#if SSLEAY_VERSION_NUMBER >= 0x0900
result=RSA_generate_key(keylen, RSA_F4, NULL, NULL);
#else
result=RSA_generate_key(keylen, RSA_F4, NULL);
#endif
s_log(LOG_DEBUG, "Temporary RSA key created");
return result;
}
#endif /* NO_RSA */
#endif /* OPENSSL_NO_RSA */
/**************************************** DH initialization */
#ifdef USE_DH
#ifndef OPENSSL_NO_DH
static int init_dh(SSL_CTX *ctx, SERVICE_OPTIONS *section) {
FILE *fp;
DH *dh;
BIO *bio;
fp=fopen(section->cert, "r");
if(!fp) {
#ifdef USE_WIN32
/* fopen() does not return the error via GetLastError() on Win32 */
s_log(LOG_ERR, "Failed to open %s", section->cert);
#else
ioerror(section->cert);
#endif
if(!section->cert) {
s_log(LOG_INFO, "No certificate available to load DH parameters");
return 0; /* FAILED */
}
bio=BIO_new_fp(fp, BIO_CLOSE|BIO_FP_TEXT);
bio=BIO_new_file(section->cert, "r");
if(!bio) {
s_log(LOG_ERR, "BIO_new_fp failed");
sslerror("BIO_new_file");
return 0; /* FAILED */
}
if((dh=PEM_read_bio_DHparams(bio, NULL, NULL
#if SSLEAY_VERSION_NUMBER >= 0x00904000L
, NULL
#endif
))) {
BIO_free(bio);
s_log(LOG_DEBUG, "Using Diffie-Hellman parameters from %s",
dh=PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if(!dh) {
while(ERR_get_error())
; /* OpenSSL error queue cleanup */
s_log(LOG_INFO, "Could not load DH parameters from %s",
section->cert);
} else { /* failed to load DH parameters from file */
BIO_free(bio);
s_log(LOG_NOTICE, "Could not load DH parameters from %s", section->cert);
return 0; /* FAILED */
}
s_log(LOG_DEBUG, "Using DH parameters from %s", section->cert);
SSL_CTX_set_tmp_dh(ctx, dh);
s_log(LOG_INFO, "Diffie-Hellman initialized with %d bit key",
8*DH_size(dh));
s_log(LOG_INFO, "DH initialized with %d bit key", 8*DH_size(dh));
DH_free(dh);
return 1; /* OK */
}
#endif /* USE_DH */
#endif /* OPENSSL_NO_DH */
/**************************************** ECDH initialization */
#ifndef OPENSSL_NO_ECDH
static int init_ecdh(SSL_CTX *ctx, SERVICE_OPTIONS *section) {
EC_KEY *ecdh;
ecdh=EC_KEY_new_by_curve_name(section->curve);
if(!ecdh) {
s_log(LOG_ERR, "Unable to create curve for NID=%d", section->curve);
return 0; /* FAILED */
}
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh);
s_log(LOG_DEBUG, "ECDH initialized");
return 1; /* OK */
}
#endif /* OPENSSL_NO_ECDH */
/**************************************** loading certificate */
static int cache_initialized=0;
static int load_certificate(SERVICE_OPTIONS *section) {
static int load_pem_cert(SERVICE_OPTIONS *section) {
int i, reason;
UI_DATA ui_data;
#ifdef HAVE_OSSL_ENGINE_H
EVP_PKEY *pkey;
UI_METHOD *uim;
UI_METHOD *ui_method;
#endif
if(!section->cert) /* no certificate specified */
return 1; /* OK */
ui_data.section=section; /* setup current section for callbacks */
s_log(LOG_DEBUG, "Certificate: %s", section->cert);
@ -296,21 +300,19 @@ static int load_certificate(SERVICE_OPTIONS *section) {
SSL_CTX_set_default_passwd_cb(section->ctx, password_cb);
#ifdef HAVE_OSSL_ENGINE_H
#ifdef USE_WIN32
uim=UI_create_method("stunnel WIN32 UI");
UI_method_set_reader(uim, pin_cb);
#else
uim=NULL;
#endif
#endif
#ifdef HAVE_OSSL_ENGINE_H
ui_method=UI_create_method("stunnel WIN32 UI");
UI_method_set_reader(ui_method, pin_cb);
#else /* USE_WIN32 */
ui_method=UI_OpenSSL();
#endif /* USE_WIN32 */
if(section->engine)
for(i=1; i<=3; i++) {
pkey=ENGINE_load_private_key(section->engine, section->key,
uim, &ui_data);
ui_method, &ui_data);
if(!pkey) {
reason=ERR_GET_REASON(ERR_peek_error());
if(i<=2 && (reason==7 || reason==160)) { /* wrong PIN */
sslerror_stack(); /* dump the error stack */
sslerror_queue(); /* dump the error queue */
s_log(LOG_ERR, "Wrong PIN: retrying");
continue;
}
@ -323,31 +325,22 @@ static int load_certificate(SERVICE_OPTIONS *section) {
return 0;
}
else
#endif
#endif /* HAVE_OSSL_ENGINE_H */
for(i=0; i<=3; i++) {
if(!i && !cache_initialized)
continue; /* there is no cached value */
SSL_CTX_set_default_passwd_cb_userdata(section->ctx,
i ? &ui_data : NULL); /* try the cached password first */
#ifdef NO_RSA
if(SSL_CTX_use_PrivateKey_file(section->ctx, section->key,
SSL_FILETYPE_PEM))
#else /* NO_RSA */
if(SSL_CTX_use_RSAPrivateKey_file(section->ctx, section->key,
SSL_FILETYPE_PEM))
#endif /* NO_RSA */
break;
reason=ERR_GET_REASON(ERR_peek_error());
if(i<=2 && reason==EVP_R_BAD_DECRYPT) {
sslerror_stack(); /* dump the error stack */
sslerror_queue(); /* dump the error queue */
s_log(LOG_ERR, "Wrong pass phrase: retrying");
continue;
}
#ifdef NO_RSA
sslerror("SSL_CTX_use_PrivateKey_file");
#else /* NO_RSA */
sslerror("SSL_CTX_use_RSAPrivateKey_file");
#endif /* NO_RSA */
return 0;
}
if(!SSL_CTX_check_private_key(section->ctx)) {
@ -443,7 +436,8 @@ static void cache_transfer(SSL_CTX *ctx, const unsigned int type,
char session_id_txt[2*SSL_MAX_SSL_SESSION_ID_LENGTH+1];
const char hex[16]="0123456789ABCDEF";
const char *type_description[]={"new", "get", "remove"};
int i, s, len;
unsigned int i;
int s, len;
SOCKADDR_UNION addr;
struct timeval t;
CACHE_PACKET *packet;
@ -534,7 +528,7 @@ static void cache_transfer(SSL_CTX *ctx, const unsigned int type,
}
/* parse results */
if(len<sizeof(CACHE_PACKET)-MAX_VAL_LEN || /* too short */
if(len<(int)sizeof(CACHE_PACKET)-MAX_VAL_LEN || /* too short */
packet->version!=1 || /* wrong version */
memcmp(packet->key, key, key_len)) { /* wrong session id */
s_log(LOG_DEBUG, "cache_transfer: malformed packet received");
@ -560,11 +554,7 @@ static void cache_transfer(SSL_CTX *ctx, const unsigned int type,
/**************************************** informational callback */
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
static void info_callback(const SSL *ssl, int where, int ret) {
#else /* OpenSSL-0.9.7 */
static void info_callback(SSL *ssl, int where, int ret) {
#endif /* OpenSSL-0.9.7 */
if(where & SSL_CB_LOOP)
s_log(LOG_DEBUG, "SSL state (%s): %s",
where & SSL_ST_CONNECT ? "connect" :
@ -586,18 +576,14 @@ static void print_stats(SSL_CTX *ctx) { /* print statistics */
SSL_CTX_sess_connect(ctx));
s_log(LOG_DEBUG, "%4ld client connects that finished",
SSL_CTX_sess_connect_good(ctx));
#if SSLEAY_VERSION_NUMBER >= 0x0922
s_log(LOG_DEBUG, "%4ld client renegotiations requested",
SSL_CTX_sess_connect_renegotiate(ctx));
#endif
s_log(LOG_DEBUG, "%4ld server connects (SSL_accept())",
SSL_CTX_sess_accept(ctx));
s_log(LOG_DEBUG, "%4ld server connects that finished",
SSL_CTX_sess_accept_good(ctx));
#if SSLEAY_VERSION_NUMBER >= 0x0922
s_log(LOG_DEBUG, "%4ld server renegotiations requested",
SSL_CTX_sess_accept_renegotiate(ctx));
#endif
s_log(LOG_DEBUG, "%4ld session cache hits",
SSL_CTX_sess_hits(ctx));
s_log(LOG_DEBUG, "%4ld external session cache hits",
@ -610,7 +596,7 @@ static void print_stats(SSL_CTX *ctx) { /* print statistics */
/**************************************** SSL error reporting */
void sslerror(char *txt) { /* SSL Error handler */
void sslerror(char *txt) { /* OpenSSL error handler */
unsigned long err;
char string[120];
@ -619,21 +605,21 @@ void sslerror(char *txt) { /* SSL Error handler */
s_log(LOG_ERR, "%s: Peer suddenly disconnected", txt);
return;
}
sslerror_stack();
sslerror_queue();
ERR_error_string(err, string);
s_log(LOG_ERR, "%s: %lX: %s", txt, err, string);
}
static void sslerror_stack(void) { /* recursive dump of the error stack */
static void sslerror_queue(void) { /* recursive dump of the error queue */
unsigned long err;
char string[120];
err=ERR_get_error();
if(!err)
return;
sslerror_stack();
sslerror_queue();
ERR_error_string(err, string);
s_log(LOG_ERR, "error stack: %lX : %s", err, string);
s_log(LOG_ERR, "error queue: %lX : %s", err, string);
}
/* end of ctx.c */

2
src/env.c
Просмотреть файл

@ -53,6 +53,8 @@
int getpeername(int s, struct sockaddr_in *name, int *len) {
char *value;
(void)s; /* skip warning about unused parameter */
(void)len; /* skip warning about unused parameter */
name->sin_family=AF_INET;
if((value=getenv("REMOTE_HOST")))
name->sin_addr.s_addr=inet_addr(value);

2
src/evc.mak
Просмотреть файл

@ -23,7 +23,7 @@ LIBS=libeay32.lib ssleay32.lib wcecompatex.lib winsock.lib
# not correct because for armv4 cc is just clarm.exe. Moreover cc is already set in the ms wce$TARGETCPU.bat script, so it is not necessary to set it up here
# CC=CL$(TARGETCPU)
VERSION=4.33
VERSION=4.34
DEFINES=/DVERSION=\"$(VERSION)\"
CFLAGS=/nologo /MC /O1i /W3 /WX /GF /Gy $(DEFINES) /DHOST=\"$(TARGETCPU)-WCE-eVC-$(WCEVER)\" /D$(WCETARGETCPU) /D$(TARGETCPU) /DUNDER_CE=$(WCEVER) /D_WIN32_WCE=$(WCEVER) /DUNICODE -D_UNICODE $(INCLUDES)
RFLAGS=/DVERSION=\"$(VERSION)\" $(INCLUDES)

20
src/file.c
Просмотреть файл

@ -107,18 +107,24 @@ int file_getline(DISK_FILE *df, char *line, int len) {
#endif /* USE_WIN32 */
if(!df) /* not opened */
return 0;
return -1;
for(i=0; i<len-1; i++) {
if(i>0 && line[i-1]=='\n')
break;
#ifdef USE_WIN32
ReadFile(df->fh, line+i, 1, &num, NULL);
#else /* USE_WIN32 */
num=read(df->fd, line+i, 1);
#endif /* USE_WIN32 */
if(num!=1)
if(num!=1) { /* EOF */
if(i) /* any previously retrieved data */
break;
else
return -1;
}
if(line[i]=='\n') /* LF */
break;
if(line[i]=='\r') /* CR */
--i; /* ignore - it must be the last check */
}
line[i]='\0';
return i;
@ -134,14 +140,14 @@ int file_putline(DISK_FILE *df, char *line) {
#endif /* USE_WIN32 */
len=strlen(line);
buff=calloc(len+2, 1); /* +2 for \r\n */
buff=calloc(len+2, 1); /* +2 for CR+LF */
if(!buff)
return 0;
strcpy(buff, line);
#ifdef USE_WIN32
buff[len++]='\r';
buff[len++]='\r'; /* CR */
#endif /* USE_WIN32 */
buff[len++]='\n';
buff[len++]='\n'; /* LF */
#ifdef USE_WIN32
WriteFile(df->fh, buff, len, &num, NULL);
#else /* USE_WIN32 */

34
src/gui.c
Просмотреть файл

@ -122,8 +122,6 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
LPSTR command_line;
/* system("c:\\start.bat"); */
#ifdef _WIN32_WCE
command_line=tstr2str(lpCmdLine);
#else
@ -283,6 +281,10 @@ static int win_main(HINSTANCE hInstance, HINSTANCE hPrevInstance,
MSG msg;
LPTSTR classname=win32_name;
(void)hPrevInstance; /* skip warning about unused parameter */
(void)command_line; /* skip warning about unused parameter */
(void)nCmdShow; /* skip warning about unused parameter */
/* register the class */
#ifndef _WIN32_WCE
wc.cbSize=sizeof wc;
@ -364,6 +366,8 @@ static void update_taskbar(void) { /* create the taskbar icon */
}
static void ThreadFunc(void *arg) {
(void)arg; /* skip warning about unused parameter */
if(!setjmp(jump_buf)) {
main_execute();
} else {
@ -513,6 +517,8 @@ static LRESULT CALLBACK wndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM l
static LRESULT CALLBACK about_proc(HWND hDlg, UINT message,
WPARAM wParam, LPARAM lParam) {
(void)lParam; /* skip warning about unused parameter */
switch(message) {
case WM_INITDIALOG:
return TRUE;
@ -537,7 +543,7 @@ static LRESULT CALLBACK pass_proc(HWND hDlg, UINT message,
switch(message) {
case WM_INITDIALOG:
/* set the default push button to "Cancel." */
/* set the default push button to "Cancel" */
SendMessage(hDlg, DM_SETDEFID, (WPARAM) IDCANCEL, (LPARAM) 0);
keyFileName = str2tstr(ui_data->section->key);
@ -589,6 +595,8 @@ static LRESULT CALLBACK pass_proc(HWND hDlg, UINT message,
}
int passwd_cb(char *buf, int size, int rwflag, void *userdata) {
(void)rwflag; /* skip warning about unused parameter */
ui_data=userdata;
if(!DialogBox(ghInst, TEXT("PassBox"), hwnd, (DLGPROC)pass_proc))
return 0; /* error */
@ -599,7 +607,11 @@ int passwd_cb(char *buf, int size, int rwflag, void *userdata) {
#ifdef HAVE_OSSL_ENGINE_H
int pin_cb(UI *ui, UI_STRING *uis) {
ui_data=UI_get_app_data(ui);
ui_data=UI_get0_user_data(ui); /* was: ui_data=UI_get_app_data(ui); */
if(!ui_data) {
s_log(LOG_ERR, "INTERNAL ERROR: user data data pointer");
return 0;
}
if(!DialogBox(ghInst, TEXT("PassBox"), hwnd, (DLGPROC)pass_proc))
return 0; /* error */
UI_set_result(ui, uis, ui_data->pass);
@ -728,7 +740,9 @@ static void set_visible(int i) {
ShowWindow(hwnd, SW_HIDE); /* hide window */
}
void exit_win32(int code) { /* used instead of exit() on Win32 */
void exit_win32(int exit_code) { /* used instead of exit() on Win32 */
(void)exit_code; /* skip warning about unused parameter */
win_log("");
s_log(LOG_ERR, "Server is down");
MessageBox(hwnd, TEXT("Stunnel server is down due to an error.\n")
@ -756,11 +770,10 @@ static void error_box(const LPTSTR text) {
#ifndef _WIN32_WCE
static int service_initialize(void) {
SERVICE_TABLE_ENTRY serviceTable[]={
{global_options.win32_service, service_main},
{0, 0}
};
SERVICE_TABLE_ENTRY serviceTable[]={{0, 0}, {0, 0}};
serviceTable[0].lpServiceName=global_options.win32_service;
serviceTable[0].lpServiceProc=service_main;
global_options.option.taskbar=0; /* disable taskbar for security */
if(!StartServiceCtrlDispatcher(serviceTable)) {
error_box(TEXT("StartServiceCtrlDispatcher"));
@ -950,6 +963,9 @@ static int service_stop(void) {
}
static void WINAPI service_main(DWORD argc, LPTSTR* argv) {
(void)argc; /* skip warning about unused parameter */
(void)argv; /* skip warning about unused parameter */
/* initialise service status */
serviceStatus.dwServiceType=SERVICE_WIN32;
serviceStatus.dwCurrentState=SERVICE_STOPPED;

2
src/libwrap.c
Просмотреть файл

@ -108,7 +108,7 @@ void libwrap_init(int num) {
void libwrap_auth(CLI *c) {
int result=0; /* deny by default */
#ifdef USE_PTHREAD
volatile static int num_busy=0, roundrobin=0;
static volatile int num_busy=0, roundrobin=0;
int retval, my_process;
static pthread_mutex_t mutex=PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t cond=PTHREAD_COND_INITIALIZER;

4
src/log.c
Просмотреть файл

@ -196,10 +196,10 @@ void sockerror(const char *txt) { /* socket error */
}
void log_error(int level, int error, const char *txt) { /* generic error */
s_log(level, "%s: %s (%d)", txt, my_strerror(error), error);
s_log(level, "%s: %s (%d)", txt, s_strerror(error), error);
}
char *my_strerror(int errnum) {
char *s_strerror(int errnum) {
switch(errnum) {
#ifdef USE_WIN32
case 10004:

6
src/mingw.mak
Просмотреть файл

@ -8,7 +8,7 @@
# Modify this to point to your actual openssl compile directory
# (You did already compile openssl, didn't you???)
SSLDIR=../openssl-1.0.0
SSLDIR=../openssl-1.0.0a
DEFINES=-DUSE_WIN32 -DHAVE_OPENSSL
@ -16,9 +16,9 @@ CC=gcc
CFLAGS=-g -O2 -Wall $(DEFINES) -I$(SSLDIR)/outinc
LDFLAGS=-s
# LIBS=-L$(SSLDIR)/out -lssl -lcrypto -lwsock32 -lgdi32
# LIBS=-L$(SSLDIR)/out -lssl -lcrypto -lwsock32 -lgdi32 -lcrypt32
LIBS=-L$(SSLDIR)/out -lzdll -leay32 -lssl32 -lwsock32 -lgdi32
LIBS=-L$(SSLDIR)/out -lzdll -leay32 -lssl32 -lwsock32 -lgdi32 -lcrypt32
OBJS=stunnel.o ssl.o ctx.o verify.o file.o client.o protocol.o sthreads.o log.o options.o network.o resolver.o gui.o resources.o
stunnel.exe: $(OBJS)

79
src/network.c
Просмотреть файл

@ -65,7 +65,7 @@ void s_poll_init(s_poll_set *fds) {
}
void s_poll_add(s_poll_set *fds, int fd, int rd, int wr) {
int i;
unsigned int i;
for(i=0; i<fds->nfds && fds->ufds[i].fd!=fd; i++)
;
@ -86,20 +86,30 @@ void s_poll_add(s_poll_set *fds, int fd, int rd, int wr) {
}
int s_poll_canread(s_poll_set *fds, int fd) {
int i;
unsigned int i;
for(i=0; i<fds->nfds; i++)
if(fds->ufds[i].fd==fd)
return fds->ufds[i].revents&~POLLOUT; /* read or error */
return fds->ufds[i].revents&(POLLIN|POLLHUP); /* read or closed */
return 0;
}
int s_poll_canwrite(s_poll_set *fds, int fd) {
int i;
unsigned int i;
for(i=0; i<fds->nfds; i++)
if(fds->ufds[i].fd==fd)
return fds->ufds[i].revents&POLLOUT; /* write */
return fds->ufds[i].revents&POLLOUT; /* it is possible to write */
return 0;
}
int s_poll_error(s_poll_set *fds, int fd) {
unsigned int i;
for(i=0; i<fds->nfds; i++)
if(fds->ufds[i].fd==fd)
return fds->ufds[i].revents&(POLLERR|POLLNVAL) ?
get_socket_error(fd) : 0;
return 0;
}
@ -169,15 +179,15 @@ static void scan_waiting_queue(void) {
for(i=0; i<context->fds->nfds; i++) {
context->fds->ufds[i].revents=ufds[nfds].revents;
#ifdef DEBUG_UCONTEXT
s_log(LOG_DEBUG, "CONTEXT %ld, FD=%d, (%s%s)->(%s%s%s%s%s)",
s_log(LOG_DEBUG, "CONTEXT %ld, FD=%d,%s%s ->%s%s%s%s%s",
context->id, ufds[nfds].fd,
ufds[nfds].events & POLLIN ? "IN" : "",
ufds[nfds].events & POLLOUT ? "OUT" : "",
ufds[nfds].revents & POLLIN ? "IN" : "",
ufds[nfds].revents & POLLOUT ? "OUT" : "",
ufds[nfds].revents & POLLERR ? "ERR" : "",
ufds[nfds].revents & POLLHUP ? "HUP" : "",
ufds[nfds].revents & POLLNVAL ? "NVAL" : "");
ufds[nfds].events & POLLIN ? " IN" : "",
ufds[nfds].events & POLLOUT ? " OUT" : "",
ufds[nfds].revents & POLLIN ? " IN" : "",
ufds[nfds].revents & POLLOUT ? " OUT" : "",
ufds[nfds].revents & POLLERR ? " ERR" : "",
ufds[nfds].revents & POLLHUP ? " HUP" : "",
ufds[nfds].revents & POLLNVAL ? " NVAL" : "");
#endif
if(ufds[nfds].revents)
context->ready++;
@ -283,16 +293,16 @@ int s_poll_wait(s_poll_set *fds, int sec, int msec) {
void s_poll_init(s_poll_set *fds) {
FD_ZERO(&fds->irfds);
FD_ZERO(&fds->iwfds);
fds->max = 0; /* no file descriptors */
fds->max=0; /* no file descriptors */
}
void s_poll_add(s_poll_set *fds, int fd, int rd, int wr) {
if(rd)
FD_SET(fd, &fds->irfds);
FD_SET((unsigned int)fd, &fds->irfds);
if(wr)
FD_SET(fd, &fds->iwfds);
if(fd > fds->max)
fds->max = fd;
FD_SET((unsigned int)fd, &fds->iwfds);
if(fd>fds->max)
fds->max=fd;
}
int s_poll_canread(s_poll_set *fds, int fd) {
@ -303,6 +313,12 @@ int s_poll_canwrite(s_poll_set *fds, int fd) {
return FD_ISSET(fd, &fds->owfds);
}
int s_poll_error(s_poll_set *fds, int fd) {
if(!FD_ISSET(fd, &fds->orfds)) /* error conditions are signaled as read */
return 0;
return get_socket_error(fd); /* check if it's really an error */
}
int s_poll_wait(s_poll_set *fds, int sec, int msec) {
int retval, retry;
struct timeval tv, *tv_ptr;
@ -488,7 +504,7 @@ int alloc_fd(int sock) {
closesocket(sock);
return -1;
}
setnonblock(sock, 1);
set_nonblock(sock, 1);
return 0;
}
@ -497,7 +513,7 @@ int alloc_fd(int sock) {
#define O_NONBLOCK O_NDELAY
#endif
void setnonblock(int sock, unsigned long l) {
void set_nonblock(int sock, unsigned long l) {
#if defined F_GETFL && defined F_SETFL && defined O_NONBLOCK && !defined __INNOTEK_LIBC__
int retval, flags;
do {
@ -548,11 +564,19 @@ int set_socket_options(int s, int type) {
return 0; /* OK */
}
int get_socket_error(const int fd) {
int err;
socklen_t optlen=sizeof err;
if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void *)&err, &optlen))
return get_last_socket_error(); /* failed -> ask why */
return err;
}
/**************************************** simulate blocking I/O */
int connect_blocking(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) {
int error;
socklen_t optlen;
char dst[IPLEN];
s_ntop(dst, addr);
@ -565,7 +589,7 @@ int connect_blocking(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) {
error=get_last_socket_error();
if(error!=EINPROGRESS && error!=EWOULDBLOCK) {
s_log(LOG_ERR, "connect_blocking: connect %s: %s (%d)",
dst, my_strerror(error), error);
dst, s_strerror(error), error);
return -1;
}
@ -577,22 +601,19 @@ int connect_blocking(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) {
case -1:
error=get_last_socket_error();
s_log(LOG_ERR, "connect_blocking: s_poll_wait %s: %s (%d)",
dst, my_strerror(error), error);
dst, s_strerror(error), error);
return -1;
case 0:
s_log(LOG_ERR, "connect_blocking: s_poll_wait %s: timeout", dst);
return -1;
default:
if(s_poll_canread(&c->fds, c->fd)) {
if(s_poll_canread(&c->fds, c->fd) || s_poll_error(&c->fds, c->fd)) {
/* newly connected socket should not be ready for read */
/* get the resulting error code, now */
optlen=sizeof error;
if(getsockopt(c->fd, SOL_SOCKET, SO_ERROR,
(void *)&error, &optlen))
error=get_last_socket_error(); /* failed -> ask why */
error=get_socket_error(c->fd);
if(error) { /* really an error? */
s_log(LOG_ERR, "connect_blocking: getsockopt %s: %s (%d)",
dst, my_strerror(error), error);
dst, s_strerror(error), error);
return -1;
}
}

4
src/nogui.c
Просмотреть файл

@ -56,8 +56,8 @@ void win_log(LPSTR line) { /* also used in log.c */
free(tstr);
}
void exit_win32(int code) {
exit(code);
void exit_win32(int exit_code) {
exit(exit_code);
}
int passwd_cb(char *buf, int size, int rwflag, void *userdata) {

376
src/options.c
Просмотреть файл

@ -60,8 +60,9 @@ static int parse_socket_option(char *);
static char *parse_ocsp_url(SERVICE_OPTIONS *, char *);
static unsigned long parse_ocsp_flag(char *);
static void syntax(void);
static void config_error(int, char *);
static void syntax(CONF_TYPE);
static void config_error(int, const char *, const char *);
static void section_error(int, const char *);
static char *stralloc(char *);
#ifndef USE_WIN32
static char **argalloc(char *);
@ -82,7 +83,7 @@ static char *option_not_found=
/**************************************** global options */
static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
static char *parse_global_option(CMD cmd, char *opt, char *arg) {
char *tmpstr;
#ifndef USE_WIN32
struct group *gr;
@ -160,11 +161,14 @@ static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
break;
}
/* EGD is only supported when compiled with OpenSSL 0.9.5a or later */
#if SSLEAY_VERSION_NUMBER >= 0x0090581fL
/* EGD */
switch(cmd) {
case CMD_INIT:
#ifdef EGD_SOCKET
new_global_options.egd_sock=EGD_SOCKET;
#else
new_global_options.egd_sock=NULL;
#endif
break;
case CMD_EXEC:
if(strcasecmp(opt, "EGD"))
@ -180,7 +184,6 @@ static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
s_log(LOG_NOTICE, "%-15s = path to Entropy Gathering Daemon socket", "EGD");
break;
}
#endif /* OpenSSL 0.9.5a */
#ifdef HAVE_OSSL_ENGINE_H
/* engine */
@ -317,7 +320,9 @@ static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
case CMD_EXEC:
if(strcasecmp(opt, "RNDbytes"))
break;
new_global_options.random_bytes=atoi(arg);
new_global_options.random_bytes=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal number of bytes to read from random seed files";
return NULL; /* OK */
case CMD_DEFAULT:
s_log(LOG_NOTICE, "%-15s = %d", "RNDbytes", RANDOM_BYTES);
@ -407,11 +412,12 @@ static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
if(strcasecmp(opt, "setgid"))
break;
gr=getgrnam(arg);
if(gr)
if(gr) {
new_global_options.gid=gr->gr_gid;
else if(atoi(arg)) /* numerical? */
new_global_options.gid=atoi(arg);
else
return NULL; /* OK */
}
new_global_options.gid=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal GID";
return NULL; /* OK */
case CMD_DEFAULT:
@ -432,11 +438,12 @@ static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
if(strcasecmp(opt, "setuid"))
break;
pw=getpwnam(arg);
if(pw)
if(pw) {
new_global_options.uid=pw->pw_uid;
else if(atoi(arg)) /* numerical? */
new_global_options.uid=atoi(arg);
else
return NULL; /* OK */
}
new_global_options.uid=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal UID";
return NULL; /* OK */
case CMD_DEFAULT:
@ -524,6 +531,7 @@ static char *parse_global_option(CMD cmd, char *opt, char *arg, int reload) {
static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
char *opt, char *arg) {
char *tmpstr;
int tmpnum;
if(cmd==CMD_DEFAULT || cmd==CMD_HELP) {
@ -612,17 +620,12 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
/* cert */
switch(cmd) {
case CMD_INIT:
#ifdef CONFDIR
section->cert=CONFDIR CONFSEPARATOR "stunnel.pem";
#else
section->cert="stunnel.pem";
#endif
section->cert=NULL;
break;
case CMD_EXEC:
if(strcasecmp(opt, "cert"))
break;
section->cert=stralloc(arg);
section->option.cert=1;
return NULL; /* OK */
case CMD_DEFAULT:
#ifdef CONFDIR
@ -748,6 +751,26 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
break;
}
/* curve */
switch(cmd) {
case CMD_INIT:
section->curve=NID_sect163r2;
break;
case CMD_EXEC:
if(strcasecmp(opt, "curve"))
break;
section->curve=OBJ_txt2nid(arg);
if(section->curve==NID_undef)
return "Curve name not supported";
return NULL; /* OK */
case CMD_DEFAULT:
s_log(LOG_NOTICE, "%-15s = %s", "curve", "sect163r2");
break;
case CMD_HELP:
s_log(LOG_NOTICE, "%-15s = ECDH curve name", "curve");
break;
}
/* delay */
switch(cmd) {
case CMD_INIT:
@ -779,7 +802,10 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "engineNum"))
break;
section->engine=get_engine(atoi(arg));
tmpnum=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal engine number";
section->engine=get_engine(tmpnum);
if(!section->engine)
return "Illegal engine number";
return NULL; /* OK */
@ -944,7 +970,6 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
break;
}
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
/* OCSP */
switch(cmd) {
case CMD_INIT:
@ -983,7 +1008,6 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
s_log(LOG_NOTICE, "%-15s = OCSP server flags", "OCSPflag");
break;
}
#endif /* OpenSSL-0.9.7 */
/* options */
switch(cmd) {
@ -1153,9 +1177,8 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "session"))
break;
if(atoi(arg)>0)
section->session_timeout=atoi(arg);
else
section->session_timeout=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal session timeout";
return NULL; /* OK */
case CMD_DEFAULT:
@ -1202,9 +1225,8 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "stack"))
break;
if(atoi(arg)>0)
section->stack_size=atoi(arg);
else
section->stack_size=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal thread stack size";
return NULL; /* OK */
case CMD_DEFAULT:
@ -1219,38 +1241,89 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
/* sslVersion */
switch(cmd) {
case CMD_INIT:
#ifdef USE_FIPS
#if defined(USE_FIPS)
#if !defined(OPENSSL_NO_TLS)
#define DEFAULT_SSLVER_CLIENT "TLSv1"
#define DEFAULT_SSLVER_SERVER "TLSv1"
section->client_method=(SSL_METHOD *)TLSv1_client_method();
section->server_method=(SSL_METHOD *)TLSv1_server_method();
#else
#else /* OPENSSL_NO_TLS */
#error Need TLSv1 for FIPS mode
#endif /* OPENSSL_NO_TLS */
#else /* USE_FIPS */
#if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL2)
#define DEFAULT_SSLVER_CLIENT "SSLv3"
#define DEFAULT_SSLVER_SERVER "all"
section->client_method=(SSL_METHOD *)SSLv3_client_method();
section->server_method=(SSL_METHOD *)SSLv23_server_method();
#endif
#elif !defined(OPENSSL_NO_SSL3)
#define DEFAULT_SSLVER_CLIENT "SSLv3"
#define DEFAULT_SSLVER_SERVER "SSLv3"
section->client_method=(SSL_METHOD *)SSLv3_client_method();
section->server_method=(SSL_METHOD *)SSLv3_server_method();
#elif !defined(OPENSSL_NO_TLS1)
#define DEFAULT_SSLVER_CLIENT "TLSv1"
#define DEFAULT_SSLVER_SERVER "TLSv1"
section->client_method=(SSL_METHOD *)TLSv1_client_method();
section->server_method=(SSL_METHOD *)TLSv1_server_method();
#elif !defined(OPENSSL_NO_SSL2)
#define DEFAULT_SSLVER_CLIENT "SSLv2"
#define DEFAULT_SSLVER_SERVER "SSLv2"
section->client_method=(SSL_METHOD *)SSLv2_client_method();
section->server_method=(SSL_METHOD *)SSLv2_server_method();
#else /* OPENSSL_NO_TLS1, OPENSSL_NO_SSL3, OPENSSL_NO_SSL2 */
#error No supported SSL methods found
#endif /* OPENSSL_NO_TLS1, OPENSSL_NO_SSL3, OPENSSL_NO_SSL2 */
#endif /* USE_FIPS */
break;
case CMD_EXEC:
if(strcasecmp(opt, "sslVersion"))
break;
if(!strcasecmp(arg, "all")) {
#if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL2)
section->client_method=(SSL_METHOD *)SSLv23_client_method();
section->server_method=(SSL_METHOD *)SSLv23_server_method();
#else
return "SSLv23 not supported";
#endif
} else if(!strcasecmp(arg, "SSLv2")) {
#if !defined(OPENSSL_NO_SSL2)
section->client_method=(SSL_METHOD *)SSLv2_client_method();
section->server_method=(SSL_METHOD *)SSLv2_server_method();
#else
return "SSLv2 not supported";
#endif
} else if(!strcasecmp(arg, "SSLv3")) {
#if !defined(OPENSSL_NO_SSL3)
section->client_method=(SSL_METHOD *)SSLv3_client_method();
section->server_method=(SSL_METHOD *)SSLv3_server_method();
#else
return "SSLv3 not supported";
#endif
} else if(!strcasecmp(arg, "TLSv1")) {
#if !defined(OPENSSL_NO_TLS1)
section->client_method=(SSL_METHOD *)TLSv1_client_method();
section->server_method=(SSL_METHOD *)TLSv1_server_method();
#else
return "TLSv1 not supported";
#endif
} else
return "Incorrect version of SSL protocol";
return NULL; /* OK */
case CMD_DEFAULT:
#ifdef USE_FIPS
s_log(LOG_NOTICE, "%-15s = TLSv1", "sslVersion");
#else
s_log(LOG_NOTICE, "%-15s = SSLv3 for client, all for server", "sslVersion");
#endif
s_log(LOG_NOTICE, "%-15s = " DEFAULT_SSLVER_CLIENT " for client, "
DEFAULT_SSLVER_SERVER " for server", "sslVersion");
break;
case CMD_HELP:
s_log(LOG_NOTICE, "%-15s = all|SSLv2|SSLv3|TLSv1 SSL method", "sslVersion");
@ -1265,9 +1338,8 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "TIMEOUTbusy"))
break;
if(atoi(arg)>0)
section->timeout_busy=atoi(arg);
else
section->timeout_busy=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal busy timeout";
return NULL; /* OK */
case CMD_DEFAULT:
@ -1286,9 +1358,8 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "TIMEOUTclose"))
break;
if(atoi(arg)>0 || !strcmp(arg, "0"))
section->timeout_close=atoi(arg);
else
section->timeout_close=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal close timeout";
return NULL; /* OK */
case CMD_DEFAULT:
@ -1308,9 +1379,8 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "TIMEOUTconnect"))
break;
if(atoi(arg)>0 || !strcmp(arg, "0"))
section->timeout_connect=atoi(arg);
else
section->timeout_connect=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal connect timeout";
return NULL; /* OK */
case CMD_DEFAULT:
@ -1329,9 +1399,8 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
case CMD_EXEC:
if(strcasecmp(opt, "TIMEOUTidle"))
break;
if(atoi(arg)>0)
section->timeout_idle=atoi(arg);
else
section->timeout_idle=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Illegal idle timeout";
return NULL; /* OK */
case CMD_DEFAULT:
@ -1377,7 +1446,10 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
if(strcasecmp(opt, "verify"))
break;
section->verify_level=SSL_VERIFY_NONE;
switch(atoi(arg)) {
tmpnum=strtol(arg, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return "Bad verify level";
switch(tmpnum) {
case 3:
section->verify_use_only_my=1;
case 2:
@ -1417,15 +1489,15 @@ void parse_commandline(char *name, char *parameter) {
#endif
if(!strcasecmp(name, "-help")) {
parse_global_option(CMD_HELP, NULL, NULL, 0);
parse_global_option(CMD_HELP, NULL, NULL);
parse_service_option(CMD_HELP, NULL, NULL, NULL);
die(1);
}
if(!strcasecmp(name, "-version")) {
stunnel_info();
stunnel_info(LOG_NOTICE);
s_log(LOG_NOTICE, " ");
parse_global_option(CMD_DEFAULT, NULL, NULL, 0);
parse_global_option(CMD_DEFAULT, NULL, NULL);
parse_service_option(CMD_DEFAULT, NULL, NULL, NULL);
die(1);
}
@ -1439,22 +1511,22 @@ void parse_commandline(char *name, char *parameter) {
if(!strcasecmp(name, "-fd")) {
if(!parameter) {
s_log(LOG_ERR, "No file descriptor specified");
syntax();
die(1);
syntax(CONF_FD);
}
if(!parse_conf(parameter, CONF_FD))
die(1);
parse_conf(parameter, CONF_FD);
} else
#else
(void)parameter; /* skip warning about unused parameter */
#endif
if(!parse_conf(name, CONF_FILE))
die(1);
parse_conf(name, CONF_FILE);
}
/**************************************** parse configuration file */
int parse_conf(char *name, CONF_TYPE type) {
void parse_conf(char *name, CONF_TYPE type) {
DISK_FILE *df;
char confline[CONFLINELEN], *arg, *opt, *errstr;
char line_text[CONFLINELEN], *errstr;
char config_line[CONFLINELEN], *config_opt, *config_arg;
int line_number, i;
SERVICE_OPTIONS *section, *new_section;
static char *filename=NULL; /* a copy of config file name for reloading */
@ -1462,7 +1534,8 @@ int parse_conf(char *name, CONF_TYPE type) {
int sections=0;
#endif
#ifndef USE_WIN32
char *c;
int fd;
char *tmpstr;
#endif
if(name) /* not reload */
@ -1472,114 +1545,132 @@ int parse_conf(char *name, CONF_TYPE type) {
type==CONF_FD ? "descriptor" : "file", filename);
#ifndef USE_WIN32
if(type==CONF_FD) { /* file descriptor */
i=0; /* cannot use atoi() here due to insufficient error checking */
for(c=filename; *c; ++c) {
if(*c<'0' || *c>'9') {
s_log(LOG_ERR, "Invalid file descriptor number");
syntax();
return 0;
}
i=10*i+*c-'0';
fd=strtol(filename, &tmpstr, 10);
if(tmpstr==filename || *tmpstr) { /* not a number */
s_log(LOG_ERR, "Invalid file descriptor number");
syntax(type);
}
df=file_fdopen(i);
df=file_fdopen(fd);
} else
#endif
df=file_open(filename, 0);
if(!df) {
s_log(LOG_ERR, "Cannot read configuration");
syntax();
return 0;
syntax(type);
}
memset(&new_global_options, 0, sizeof(GLOBAL_OPTIONS)); /* reset global options */
memset(&new_service_options, 0, sizeof(SERVICE_OPTIONS)); /* reset local options */
new_service_options.next=NULL;
section=&new_service_options;
parse_global_option(CMD_INIT, NULL, NULL, type==CONF_RELOAD);
parse_global_option(CMD_INIT, NULL, NULL);
parse_service_option(CMD_INIT, section, NULL, NULL);
if(type!=CONF_RELOAD) { /* provide defaults for gui.c */
memcpy(&global_options, &new_global_options, sizeof(GLOBAL_OPTIONS));
memcpy(&service_options, &new_service_options, sizeof(SERVICE_OPTIONS));
}
line_number=0;
while(file_getline(df, confline, CONFLINELEN)) {
while(file_getline(df, line_text, CONFLINELEN)>=0) {
memcpy(config_line, line_text, CONFLINELEN);
++line_number;
opt=confline;
while(isspace((unsigned char)*opt))
++opt; /* remove initial whitespaces */
for(i=strlen(opt)-1; i>=0 && isspace((unsigned char)opt[i]); --i)
opt[i]='\0'; /* remove trailing whitespaces */
if(opt[0]=='\0' || opt[0]=='#' || opt[0]==';') /* empty or comment */
config_opt=config_line;
while(isspace((unsigned char)*config_opt))
++config_opt; /* remove initial whitespaces */
for(i=strlen(config_opt)-1; i>=0 && isspace((unsigned char)config_opt[i]); --i)
config_opt[i]='\0'; /* remove trailing whitespaces */
if(config_opt[0]=='\0' || config_opt[0]=='#' || config_opt[0]==';') /* empty or comment */
continue;
if(opt[0]=='[' && opt[strlen(opt)-1]==']') { /* new section */
if(!section_init(line_number, section, 0)) {
if(config_opt[0]=='[' && config_opt[strlen(config_opt)-1]==']') { /* new section */
if(!section_init(line_number-1, section, 0)) {
file_close(df);
return 0;
if(type==CONF_RELOAD)
return;
die(1);
}
++opt;
opt[strlen(opt)-1]='\0';
++config_opt;
config_opt[strlen(config_opt)-1]='\0';
new_section=calloc(1, sizeof(SERVICE_OPTIONS));
if(!new_section) {
s_log(LOG_ERR, "Fatal memory allocation error");
file_close(df);
return 0;
if(type==CONF_RELOAD)
return;
die(1);
}
memcpy(new_section, &new_service_options, sizeof(SERVICE_OPTIONS));
new_section->servname=stralloc(opt);
new_section->servname=stralloc(config_opt);
new_section->session=NULL;
new_section->next=NULL;
section->next=new_section;
section=new_section;
#ifdef MAX_FD
if(++sections>MAX_FD) {
config_error(line_number, "Too many sections");
config_error(line_number, line_text, "Too many sections");
file_close(df);
return 0;
if(type==CONF_RELOAD)
return;
die(1);
}
#endif
continue;
}
arg=strchr(confline, '=');
if(!arg) {
config_error(line_number, "No '=' found");
config_arg=strchr(config_line, '=');
if(!config_arg) {
config_error(line_number, line_text, "No '=' found");
file_close(df);
return 0;
if(type==CONF_RELOAD)
return;
die(1);
}
*arg++='\0'; /* split into option name and argument value */
for(i=strlen(opt)-1; i>=0 && isspace((unsigned char)opt[i]); --i)
opt[i]='\0'; /* remove trailing whitespaces */
while(isspace((unsigned char)*arg))
++arg; /* remove initial whitespaces */
errstr=parse_service_option(CMD_EXEC, section, opt, arg);
*config_arg++='\0'; /* split into option name and argument value */
for(i=strlen(config_opt)-1; i>=0 && isspace((unsigned char)config_opt[i]); --i)
config_opt[i]='\0'; /* remove trailing whitespaces */
while(isspace((unsigned char)*config_arg))
++config_arg; /* remove initial whitespaces */
errstr=parse_service_option(CMD_EXEC, section, config_opt, config_arg);
if(section==&new_service_options && errstr==option_not_found)
errstr=parse_global_option(CMD_EXEC, opt, arg, type==CONF_RELOAD);
errstr=parse_global_option(CMD_EXEC, config_opt, config_arg);
if(errstr) {
config_error(line_number, errstr);
config_error(line_number, line_text, errstr);
file_close(df);
return 0;
if(type==CONF_RELOAD)
return;
die(1);
}
}
if(!section_init(line_number, section, 1)) {
file_close(df);
return 0;
}
file_close(df);
/* initialize the last section */
if(!section_init(line_number-1, section, 1)) {
if(type==CONF_RELOAD)
return;
die(1);
}
/* final checks */
if(!new_service_options.next) { /* inetd mode */
if(section->option.accept) {
s_log(LOG_ERR, "accept option is not allowed in inetd mode");
s_log(LOG_ERR, "remove accept option or define a [section]");
return 0;
s_log(LOG_ERR, "Accept option is not allowed in inetd mode");
s_log(LOG_ERR, "Remove accept option or define a [section]");
if(type==CONF_RELOAD)
return;
die(1);
}
if(!section->option.remote && !section->execname) {
s_log(LOG_ERR, "inetd mode must have 'connect' or 'exec' options");
return 0;
s_log(LOG_ERR, "Inetd mode must have 'connect' or 'exec' options");
if(type==CONF_RELOAD)
return;
die(1);
}
}
memcpy(&service_options, &new_service_options, sizeof(SERVICE_OPTIONS));
s_log(LOG_NOTICE, "Configuration successful");
return 1;
}
/**************************************** validate and initialize section */
static int section_init(int line_number, SERVICE_OPTIONS *section, int final) {
static int section_init(int prev_line, SERVICE_OPTIONS *section, int final) {
if(section==&new_service_options) { /* global options just configured */
memcpy(&global_options, &new_global_options, sizeof(GLOBAL_OPTIONS));
#ifdef HAVE_OSSL_ENGINE_H
@ -1591,29 +1682,30 @@ static int section_init(int line_number, SERVICE_OPTIONS *section, int final) {
return 1; /* OK */
}
if(!section->option.client)
section->option.cert=1; /* server always needs a certificate */
if(!section->option.client && !section->cert) {
section_error(prev_line, "SSL server needs a certificate");
return 0;
}
if(!context_init(section)) /* initialize SSL context */
return 0;
if(section==&new_service_options) { /* inetd mode checks */
if(section->option.accept) {
config_error(line_number, "accept is not allowed in inetd mode");
section_error(prev_line, "'accept' is not allowed in inetd mode");
return 0;
}
#if 0
/* TODO: some additional checks could be useful */
if((unsigned int)section->option.program +
(unsigned int)section->option.remote != 1)
config_error(line_number,
section_error(prev_line,
"Single endpoint is required in inetd mode");
#endif
} else { /* standalone mode checks */
if((unsigned int)section->option.accept +
(unsigned int)section->option.program +
(unsigned int)section->option.remote != 2) {
config_error(line_number,
"Each service section must define two endpoints");
section_error(prev_line, "Each service must define two endpoints");
return 0;
}
}
@ -1882,7 +1974,7 @@ static void print_option(char *line, int type, OPT_UNION *val) {
static int parse_socket_option(char *arg) {
int socket_type; /* 0-accept, 1-local, 2-remote */
char *opt_val_str, *opt_val2_str;
char *opt_val_str, *opt_val2_str, *tmpstr;
SOCK_OPT *ptr;
if(arg[1]!=':')
@ -1914,27 +2006,37 @@ static int parse_socket_option(char *arg) {
switch(ptr->opt_type) {
case TYPE_FLAG:
case TYPE_INT:
ptr->opt_val[socket_type]->i_val=atoi(opt_val_str);
ptr->opt_val[socket_type]->i_val=strtol(opt_val_str, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return 0; /* FAILED */
return 1; /* OK */
case TYPE_LINGER:
opt_val2_str=strchr(opt_val_str, ':');
if(opt_val2_str) {
*opt_val2_str++='\0';
ptr->opt_val[socket_type]->linger_val.l_linger=atoi(opt_val2_str);
ptr->opt_val[socket_type]->linger_val.l_linger=strtol(opt_val2_str, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return 0; /* FAILED */
} else {
ptr->opt_val[socket_type]->linger_val.l_linger=0;
}
ptr->opt_val[socket_type]->linger_val.l_onoff=atoi(opt_val_str);
ptr->opt_val[socket_type]->linger_val.l_onoff=strtol(opt_val_str, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return 0; /* FAILED */
return 1; /* OK */
case TYPE_TIMEVAL:
opt_val2_str=strchr(opt_val_str, ':');
if(opt_val2_str) {
*opt_val2_str++='\0';
ptr->opt_val[socket_type]->timeval_val.tv_usec=atoi(opt_val2_str);
ptr->opt_val[socket_type]->timeval_val.tv_usec=strtol(opt_val2_str, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return 0; /* FAILED */
} else {
ptr->opt_val[socket_type]->timeval_val.tv_usec=0;
}
ptr->opt_val[socket_type]->timeval_val.tv_sec=atoi(opt_val_str);
ptr->opt_val[socket_type]->timeval_val.tv_sec=strtol(opt_val_str, &tmpstr, 10);
if(tmpstr==arg || *tmpstr) /* not a number */
return 0; /* FAILED */
return 1; /* OK */
case TYPE_STRING:
if(strlen(opt_val_str)+1>sizeof(OPT_UNION))
@ -1996,9 +2098,11 @@ static unsigned long parse_ocsp_flag(char *arg) {
return 0; /* FAILED */
}
/**************************************** print syntax */
/**************************************** fatal error */
static void syntax(void) {
static void syntax(CONF_TYPE type) {
if(type==CONF_RELOAD)
return; /* don't print syntax or die */
s_log(LOG_NOTICE, " ");
s_log(LOG_NOTICE, "Syntax:");
s_log(LOG_NOTICE, "stunnel "
@ -2026,23 +2130,27 @@ static void syntax(void) {
s_log(LOG_NOTICE, " -help - get config file help");
s_log(LOG_NOTICE, " -version - display version and defaults");
s_log(LOG_NOTICE, " -sockets - display default socket options");
die(1);
}
/**************************************** various supporting funstions */
static void config_error(int num, char *str) {
s_log(LOG_ERR, "line %d: %s", num, str);
static void config_error(int num, const char *line, const char *str) {
s_log(LOG_ERR, "Line %d: \"%s\": %s", num, line, str);
}
static char *stralloc(char *str) { /* allocate static string */
static void section_error(int num, const char *str) {
s_log(LOG_ERR, "Line %d (end of section): %s", num, str);
}
static char *stralloc(char *str) { /* strdup() with error checking */
char *retval;
retval=calloc(strlen(str)+1, 1);
retval=strdup(str);
if(!retval) {
s_log(LOG_ERR, "Fatal memory allocation error");
die(2);
}
strcpy(retval, str);
return retval;
}

6
src/os2.mak
Просмотреть файл

@ -1,11 +1,11 @@
prefix=.
DEFS = -DPACKAGE_NAME=\"stunnel\" \
-DPACKAGE_TARNAME=\"stunnel\" \
-DPACKAGE_VERSION=\"4.33\" \
-DPACKAGE_STRING=\"stunnel\ 4.33\" \
-DPACKAGE_VERSION=\"4.34\" \
-DPACKAGE_STRING=\"stunnel\ 4.34\" \
-DPACKAGE_BUGREPORT=\"\" \
-DPACKAGE=\"stunnel\" \
-DVERSION=\"4.33\" \
-DVERSION=\"4.34\" \
-DSTDC_HEADERS=1 \
-DHAVE_SYS_TYPES_H=1 \
-DHAVE_SYS_STAT_H=1 \

110
src/protocol.c
Просмотреть файл

@ -41,7 +41,6 @@
/* \n is not a character expected in the string */
#define LINE "%[^\n]"
#define isprefix(a, b) (strncasecmp((a), (b), strlen(b))==0)
#define s_min(a, b) ((a)>(b)?(b):(a))
/* protocol-specific function prototypes */
static void cifs_client(CLI *);
@ -56,9 +55,12 @@ static void imap_client(CLI *);
static void imap_server(CLI *);
static void nntp_client(CLI *);
static void connect_client(CLI *);
static void ntlm(CLI *);
#ifndef OPENSSL_NO_MD4
static char *ntlm1();
static char *ntlm3(char *, char *, char *);
static void crypt_DES(DES_cblock, DES_cblock, DES_cblock);
#endif
static char *base64(int, char *, int);
void negotiate(CLI *c) {
@ -397,9 +399,7 @@ static void nntp_client(CLI *c) {
}
static void connect_client(CLI *c) {
char line[STRLEN], ntlm2[STRLEN], *encoded;
long content_length;
char buf[BUFSIZ];
char line[STRLEN], *encoded;
if(!c->opt->protocol_host) {
s_log(LOG_ERR, "protocolHost not specified");
@ -410,48 +410,7 @@ static void connect_client(CLI *c) {
fdprintf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host);
if(c->opt->protocol_username && c->opt->protocol_password) {
if(!strcasecmp(c->opt->protocol_authentication, "NTLM")) {
/* send Proxy-Authorization (phase 1) */
fdprintf(c, c->remote_fd.fd, "Proxy-Connection: keep-alive");
fdprintf(c, c->remote_fd.fd, "Proxy-Authorization: NTLM %s",
ntlm1());
fdputline(c, c->remote_fd.fd, ""); /* empty line */
fdgetline(c, c->remote_fd.fd, line);
/* receive Proxy-Authenticate (phase 2) */
if(line[9]!='4' || line[10]!='0' || line[11]!='7') { /* code 407 */
s_log(LOG_ERR, "NTLM authorization request rejected");
do { /* read all headers */
fdgetline(c, c->remote_fd.fd, line);
} while(*line);
longjmp(c->err, 1);
}
*ntlm2='\0';
content_length=0; /* no HTTP content */
do { /* read all headers */
fdgetline(c, c->remote_fd.fd, line);
if(isprefix(line, "Proxy-Authenticate: NTLM "))
safecopy(ntlm2, line+25);
else if(isprefix(line, "Content-Length: "))
content_length=atol(line+16);
} while(*line);
/* read and ignore HTTP content (if any) */
while(content_length) {
read_blocking(c, c->remote_fd.fd, buf,
s_min(content_length, BUFSIZ));
content_length-=s_min(content_length, BUFSIZ);
}
/* send Proxy-Authorization (phase 3) */
fdprintf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1",
c->opt->protocol_host);
fdprintf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host);
encoded=ntlm3(c->opt->protocol_username, c->opt->protocol_password,
ntlm2);
safecopy(line, encoded);
free(encoded);
fdprintf(c, c->remote_fd.fd, "Proxy-Authorization: NTLM %s", line);
ntlm(c);
} else { /* basic authentication */
safecopy(line, c->opt->protocol_username);
safeconcat(line, ":");
@ -484,6 +443,59 @@ static void connect_client(CLI *c) {
* http://www.innovation.ch/personal/ronald/ntlm.html
*/
#define s_min(a, b) ((a)>(b)?(b):(a))
static void ntlm(CLI *c) {
#ifndef OPENSSL_NO_MD4
char line[STRLEN], *encoded;
char buf[BUFSIZ], ntlm2[STRLEN];
long content_length;
/* send Proxy-Authorization (phase 1) */
fdprintf(c, c->remote_fd.fd, "Proxy-Connection: keep-alive");
fdprintf(c, c->remote_fd.fd, "Proxy-Authorization: NTLM %s", ntlm1());
fdputline(c, c->remote_fd.fd, ""); /* empty line */
fdgetline(c, c->remote_fd.fd, line);
/* receive Proxy-Authenticate (phase 2) */
if(line[9]!='4' || line[10]!='0' || line[11]!='7') { /* code 407 */
s_log(LOG_ERR, "NTLM authorization request rejected");
do { /* read all headers */
fdgetline(c, c->remote_fd.fd, line);
} while(*line);
longjmp(c->err, 1);
}
*ntlm2='\0';
content_length=0; /* no HTTP content */
do { /* read all headers */
fdgetline(c, c->remote_fd.fd, line);
if(isprefix(line, "Proxy-Authenticate: NTLM "))
safecopy(ntlm2, line+25);
else if(isprefix(line, "Content-Length: "))
content_length=atol(line+16);
} while(*line);
/* read and ignore HTTP content (if any) */
while(content_length) {
read_blocking(c, c->remote_fd.fd, buf, s_min(content_length, BUFSIZ));
content_length-=s_min(content_length, BUFSIZ);
}
/* send Proxy-Authorization (phase 3) */
fdprintf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", c->opt->protocol_host);
fdprintf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host);
encoded=ntlm3(c->opt->protocol_username, c->opt->protocol_password, ntlm2);
safecopy(line, encoded);
free(encoded);
fdprintf(c, c->remote_fd.fd, "Proxy-Authorization: NTLM %s", line);
#else
s_log(LOG_ERR, "NTLM authentication is not available");
longjmp(c->err, 1);
#endif
}
#ifndef OPENSSL_NO_MD4
static char *ntlm1() {
char phase1[16];
@ -500,8 +512,8 @@ static char *ntlm3(char *username, char *password, char *phase2) {
char *decoded; /* decoded reply from proxy */
char phase3[146];
unsigned char md4_hash[21];
int userlen=strlen(username);
int phase3len=s_min(88+userlen, sizeof phase3);
unsigned int userlen=strlen(username);
unsigned int phase3len=s_min(88+userlen, sizeof phase3);
/* setup phase3 structure */
memset(phase3, 0, sizeof phase3);
@ -565,6 +577,8 @@ static void crypt_DES(DES_cblock dst, const_DES_cblock src, DES_cblock hash) {
(DES_cblock *)dst, &sched, DES_ENCRYPT);
}
#endif
static char *base64(int encode, char *in, int len) {
BIO *bio, *b64;
char *out;

23
src/prototypes.h
Просмотреть файл

@ -135,12 +135,11 @@ typedef struct service_options_struct {
long session_timeout;
int verify_level;
int verify_use_only_my;
int curve;
long ssl_options;
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
SOCKADDR_LIST ocsp_addr;
char *ocsp_path;
unsigned long ocsp_flags;
#endif /* OpenSSL-0.9.7 */
SSL_METHOD *client_method, *server_method;
SOCKADDR_LIST sessiond_addr;
@ -170,7 +169,6 @@ typedef struct service_options_struct {
/* on/off switches */
struct {
unsigned int cert:1;
unsigned int client:1;
unsigned int delayed_lookup:1;
unsigned int accept:1;
@ -182,9 +180,7 @@ typedef struct service_options_struct {
unsigned int pty:1;
unsigned int transparent:1;
#endif
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
unsigned int ocsp:1;
#endif
#ifdef USE_LIBWRAP
unsigned int libwrap:1;
#endif
@ -252,7 +248,7 @@ int bind_ports(void);
#if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
void drop_privileges(void);
#endif
void stunnel_info(void);
void stunnel_info(int);
void die(int);
/**************************************** prototypes for log.c */
@ -273,15 +269,15 @@ void s_log(int, const char *, ...)
void ioerror(const char *);
void sockerror(const char *);
void log_error(int, int, const char *);
char *my_strerror(int);
char *s_strerror(int);
/**************************************** prototypes for pty.c */
int pty_allocate(int *, int *, char *, int);
int pty_allocate(int *, int *, char *);
/**************************************** prototypes for ssl.c */
extern int cli_index, opt_index;;
extern int cli_index, opt_index;
void ssl_init(void);
int ssl_configure(void);
@ -295,7 +291,7 @@ ENGINE *get_engine(int);
/**************************************** prototypes for options.c */
void parse_commandline(char *, char *);
int parse_conf(char *, CONF_TYPE);
void parse_conf(char *, CONF_TYPE);
/**************************************** prototypes for ctx.c */
@ -312,22 +308,21 @@ void s_poll_init(s_poll_set *);
void s_poll_add(s_poll_set *, int, int, int);
int s_poll_canread(s_poll_set *, int);
int s_poll_canwrite(s_poll_set *, int);
int s_poll_error(s_poll_set *, int);
int s_poll_wait(s_poll_set *, int, int);
#ifndef USE_WIN32
int signal_pipe_init(void);
void child_status(void); /* dead libwrap or 'exec' process detected */
#endif
int set_socket_options(int, int);
int alloc_fd(int);
void setnonblock(int, unsigned long);
void set_nonblock(int, unsigned long);
int get_socket_error(const int);
/**************************************** prototypes for client.c */
typedef struct {
int fd; /* file descriptor */
int rd; /* open for read */
int wr; /* open for write */
int is_socket; /* file descriptor is a socket */
} FD;

4
src/pty.c
Просмотреть файл

@ -72,7 +72,7 @@
* the buffer must be able to hold at least 64 characters
*/
int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) {
int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) {
#if defined(HAVE_OPENPTY) || defined(BSD4_4) && !defined(__INNOTEK_LIBC__)
/* openpty(3) exists in OSF/1 and some other os'es */
char buf[64];
@ -195,7 +195,7 @@ int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) {
if(*ptyfd<0)
continue;
#ifdef HAVE_SNPRINTF
snprintf(namebuf, namebuflen,
snprintf(namebuf, STRLEN,
#else
sprintf(namebuf,
#endif

42
src/ssl.c
Просмотреть файл

@ -41,7 +41,6 @@
/* global OpenSSL initalization: compression, engine, entropy */
static int init_compression(void);
static int init_prng(void);
static int prng_seeded(int);
static int add_rand_file(char *);
#ifdef HAVE_OSSL_ENGINE_H
static char *init_engine(void);
@ -125,7 +124,7 @@ static int init_prng(void) {
assume that they really do want it, so try it first */
if(global_options.rand_file) {
totbytes+=add_rand_file(global_options.rand_file);
if(prng_seeded(totbytes))
if(RAND_status())
return 1;
}
@ -134,26 +133,24 @@ static int init_prng(void) {
if(filename[0]) {
filename[STRLEN-1]='\0'; /* just in case */
totbytes+=add_rand_file(filename);
if(prng_seeded(totbytes))
if(RAND_status())
return 1;
}
#ifdef RANDOM_FILE
totbytes+=add_rand_file(RANDOM_FILE);
if(prng_seeded(totbytes))
if(RAND_status())
return 1;
#endif
#ifdef USE_WIN32
RAND_screen();
if(prng_seeded(totbytes)) {
if(RAND_status()) {
s_log(LOG_DEBUG, "Seeded PRNG with RAND_screen");
return 1;
}
s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
#else
#if SSLEAY_VERSION_NUMBER>=0x0090581fL
if(global_options.egd_sock) {
if((bytes=RAND_egd(global_options.egd_sock))==-1) {
s_log(LOG_WARNING, "EGD Socket %s failed", global_options.egd_sock);
@ -166,23 +163,11 @@ static int init_prng(void) {
so no need to check if seeded sufficiently */
}
}
#ifdef EGD_SOCKET
if((bytes=RAND_egd(EGD_SOCKET))==-1) {
s_log(LOG_WARNING, "EGD Socket %s failed", EGD_SOCKET);
} else {
totbytes+=bytes;
s_log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s",
bytes, EGD_SOCKET);
return 1;
}
#endif /* EGD_SOCKET */
#endif /* OpenSSL-0.9.5a */
#endif /* USE_WIN32 */
/* try the good-old default /dev/urandom, if available */
totbytes+=add_rand_file("/dev/urandom");
if(prng_seeded(totbytes))
if(RAND_status())
return 1;
/* random file specified during configure */
@ -191,23 +176,6 @@ static int init_prng(void) {
return 0; /* FAILED */
}
/* shortcut to determine if sufficient entropy for PRNG is present */
static int prng_seeded(int bytes) {
#if SSLEAY_VERSION_NUMBER>=0x0090581fL
if(RAND_status()){
s_log(LOG_DEBUG, "RAND_status claims sufficient entropy for the PRNG");
return 1;
}
#else
if(bytes>=global_options.random_bytes) {
s_log(LOG_DEBUG, "Sufficient entropy in PRNG assumed (>= %d)",
global_options.random_bytes);
return 1;
}
#endif
return 0; /* assume we don't have enough */
}
static int add_rand_file(char *filename) {
int readbytes;
int writebytes;

48
src/sthreads.c
Просмотреть файл

@ -140,10 +140,16 @@ void sthreads_init(void) {
int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) {
CONTEXT *context;
(void)ls; /* this parameter is only used with USE_FORK */
s_log(LOG_DEBUG, "Creating a new context");
context=new_context(arg->opt->stack_size);
if(!context)
if(!context) {
if(arg)
free(arg);
if(s>=0)
closesocket(s);
return -1;
}
s_log(LOG_DEBUG, "Context %ld created", context->id);
makecontext(&context->context, (void(*)(void))cli, ARGC, arg);
return 0;
@ -212,6 +218,8 @@ static void locking_callback(int mode, int type,
const /* callback definition has been changed in openssl 0.9.3 */
#endif
char *file, int line) {
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
if(mode&CRYPTO_LOCK)
pthread_mutex_lock(lock_cs+type);
else
@ -226,6 +234,8 @@ static struct CRYPTO_dynlock_value *dyn_create_function(const char *file,
int line) {
struct CRYPTO_dynlock_value *value;
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
value=malloc(sizeof(struct CRYPTO_dynlock_value));
if(!value)
return NULL;
@ -235,6 +245,8 @@ static struct CRYPTO_dynlock_value *dyn_create_function(const char *file,
static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value,
const char *file, int line) {
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
if(mode&CRYPTO_LOCK)
pthread_mutex_lock(&value->mutex);
else
@ -243,6 +255,8 @@ static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value,
static void dyn_destroy_function(struct CRYPTO_dynlock_value *value,
const char *file, int line) {
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
pthread_mutex_destroy(&value->mutex);
free(value);
}
@ -280,6 +294,7 @@ int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) {
#ifdef HAVE_PTHREAD_SIGMASK
sigset_t newmask, oldmask;
(void)ls; /* this parameter is only used with USE_FORK */
/* initialize attributes for creating new threads */
pthread_attr_init(&pth_attr);
pthread_attr_setdetachstate(&pth_attr, PTHREAD_CREATE_DETACHED);
@ -299,6 +314,8 @@ int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) {
#ifdef HAVE_PTHREAD_SIGMASK
pthread_sigmask(SIG_SETMASK, &oldmask, NULL); /* restore the mask */
#endif /* HAVE_PTHREAD_SIGMASK */
if(arg)
free(arg);
if(s>=0)
closesocket(s);
return -1;
@ -329,6 +346,8 @@ static void locking_callback(int mode, int type,
const /* callback definition has been changed in openssl 0.9.3 */
#endif
char *file, int line) {
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
if(mode&CRYPTO_LOCK)
EnterCriticalSection(lock_cs+type);
else
@ -343,6 +362,8 @@ static struct CRYPTO_dynlock_value *dyn_create_function(const char *file,
int line) {
struct CRYPTO_dynlock_value *value;
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
value=malloc(sizeof(struct CRYPTO_dynlock_value));
if(!value)
return NULL;
@ -352,6 +373,8 @@ static struct CRYPTO_dynlock_value *dyn_create_function(const char *file,
static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value,
const char *file, int line) {
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
if(mode&CRYPTO_LOCK)
EnterCriticalSection(&value->mutex);
else
@ -360,6 +383,8 @@ static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value,
static void dyn_destroy_function(struct CRYPTO_dynlock_value *value,
const char *file, int line) {
(void)file; /* skip warning about unused parameter */
(void)line; /* skip warning about unused parameter */
DeleteCriticalSection(&value->mutex);
free(value);
}
@ -391,9 +416,14 @@ void sthreads_init(void) {
}
int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) {
(void)ls; /* this parameter is only used with USE_FORK */
s_log(LOG_DEBUG, "Creating a new thread");
if(_beginthread((void(*)(void *))cli, arg->opt->stack_size, arg)==-1) {
if((long)_beginthread((void(*)(void *))cli, arg->opt->stack_size, arg)==-1) {
ioerror("_beginthread");
if(arg)
free(arg);
if(s>=0)
closesocket(s);
return -1;
}
s_log(LOG_DEBUG, "New thread created");
@ -428,9 +458,14 @@ unsigned long stunnel_thread_id(void) {
}
int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) {
(void)ls; /* this parameter is only used with USE_FORK */
s_log(LOG_DEBUG, "Creating a new thread");
if(_beginthread((void(*)(void *))cli, NULL, arg->opt->stack_size, arg)==-1) {
if((long)_beginthread((void(*)(void *))cli, NULL, arg->opt->stack_size, arg)==-1L) {
ioerror("_beginthread");
if(arg)
free(arg);
if(s>=0)
closesocket(s);
return -1;
}
s_log(LOG_DEBUG, "New thread created");
@ -441,15 +476,16 @@ int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) {
#ifdef _WIN32_WCE
int _beginthread(void (*start_address)(void *),
long _beginthread(void (*start_address)(void *),
int stack_size, void *arglist) {
DWORD thread_id;
HANDLE handle;
handle=CreateThread(NULL, stack_size,
(LPTHREAD_START_ROUTINE)start_address, arglist, 0, &thread_id);
(LPTHREAD_START_ROUTINE)start_address, arglist,
STACK_SIZE_PARAM_IS_A_RESERVATION, &thread_id);
if(!handle)
return -1;
return -1L;
CloseHandle(handle);
return 0;
}

8
src/stunnel.c
Просмотреть файл

@ -136,7 +136,7 @@ void main_initialize(char *arg1, char *arg2) {
}
#endif /* standard Unix */
stunnel_info();
stunnel_info(LOG_NOTICE);
}
void main_execute(void) {
@ -425,10 +425,10 @@ static void signal_handler(int sig) { /* signal handler */
#endif /* standard Unix */
void stunnel_info(void) {
void stunnel_info(int level) {
char line[STRLEN];
s_log(LOG_NOTICE, "stunnel " VERSION " on " HOST " with %s",
s_log(level, "stunnel " VERSION " on " HOST " with %s",
SSLeay_version(SSLEAY_VERSION));
safecopy(line, "Threading:");
@ -478,7 +478,7 @@ void stunnel_info(void) {
safeconcat(line, " Auth:LIBWRAP");
#endif
s_log(LOG_NOTICE, "%s", line);
s_log(level, "%s", line);
}
void die(int status) { /* some cleanup and exit */

Двоичные данные
src/stunnel.exe
Просмотреть файл

Двоичный файл не отображается.

8
src/vc.mak
Просмотреть файл

@ -3,8 +3,8 @@
# Modify this to point to your actual openssl compile directory
# (You did already compile openssl, didn't you?)
SSLDIR=..\..\openssl-1.0.0
VERSION=4.33
SSLDIR=..\..\openssl-1.0.0a
VERSION=4.34
OBJS=stunnel.obj ssl.obj ctx.obj verify.obj file.obj client.obj \
protocol.obj sthreads.obj log.obj options.obj network.obj \
@ -20,8 +20,8 @@ LINK=link
LDFLAGS=/INCREMENTAL:NO /NOLOGO /SUBSYSTEM:WINDOWS /OPT:REF \
/OPT:ICF /LTCG /MACHINE:X86 /ERRORREPORT:PROMPT
LIBS=/LIBPATH:"$(SSLDIR)\out32dll" wsock32.lib ssleay32.lib \
libeay32.lib user32.lib gdi32.lib shell32.lib comdlg32.lib \
advapi32.lib
libeay32.lib user32.lib gdi32.lib crypt32 shell32.lib \
comdlg32.lib advapi32.lib
all: stunnel.exe

134
src/verify.c
Просмотреть файл

@ -46,9 +46,9 @@ static int add_dir_lookup(X509_STORE *, char *);
/* verify callback */
static int verify_callback(int, X509_STORE_CTX *);
static int cert_check(CLI *c, X509_STORE_CTX *, char *, int);
static int crl_check(CLI *c, X509_STORE_CTX *, char *);
static int ocsp_check(CLI *c, X509_STORE_CTX *, char *);
static int cert_check(CLI *c, X509_STORE_CTX *, int);
static int crl_check(CLI *c, X509_STORE_CTX *);
static int ocsp_check(CLI *c, X509_STORE_CTX *);
/* utility functions */
static void log_time(const int, const char *, ASN1_TIME *);
@ -159,55 +159,58 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *callback_ctx) {
CLI *c;
char subject_name[STRLEN];
X509_NAME_oneline(X509_get_subject_name(callback_ctx->current_cert),
subject_name, STRLEN);
safestring(subject_name);
/* retrieve the pointer to the SSL of the connection currently treated
* and the application specific data stored into the SSL object */
/* retrieve application specific data */
ssl=X509_STORE_CTX_get_ex_data(callback_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
c=SSL_get_ex_data(ssl, cli_index);
if(!cert_check(c, callback_ctx, subject_name, preverify_ok))
return 0; /* reject connection */
if(!crl_check(c, callback_ctx, subject_name))
return 0; /* reject connection */
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
if(c->opt->option.ocsp && !ocsp_check(c, callback_ctx, subject_name))
return 0; /* reject connection */
#endif /* OpenSSL-0.9.7 */
/* certificate name for logging */
X509_NAME_oneline(X509_get_subject_name(callback_ctx->current_cert),
subject_name, STRLEN);
safestring(subject_name);
s_log(LOG_DEBUG, "Starting certificate verification: depth=%d, %s",
callback_ctx->error_depth, subject_name);
if(!cert_check(c, callback_ctx, preverify_ok)) {
s_log(LOG_WARNING, "Certificate check failed: depth=%d, %s",
callback_ctx->error_depth, subject_name);
return 0; /* reject connection */
}
if(!crl_check(c, callback_ctx)) {
s_log(LOG_WARNING, "CRL check failed: depth=%d, %s",
callback_ctx->error_depth, subject_name);
return 0; /* reject connection */
}
if(c->opt->option.ocsp && !ocsp_check(c, callback_ctx)) {
s_log(LOG_WARNING, "OCSP check failed: depth=%d, %s",
callback_ctx->error_depth, subject_name);
return 0; /* reject connection */
}
/* errnum=X509_STORE_CTX_get_error(ctx); */
s_log(LOG_NOTICE, "VERIFY OK: depth=%d, %s",
s_log(LOG_NOTICE, "Certificate accepted: depth=%d, %s",
callback_ctx->error_depth, subject_name);
return 1; /* accept connection */
}
/**************************************** certificate checking */
static int cert_check(CLI *c, X509_STORE_CTX *callback_ctx,
char *subject_name, int preverify_ok) {
static int cert_check(CLI *c, X509_STORE_CTX *callback_ctx, int preverify_ok) {
X509_OBJECT ret;
if(c->opt->verify_level==SSL_VERIFY_NONE) {
s_log(LOG_INFO, "VERIFY IGNORE: depth=%d, %s",
callback_ctx->error_depth, subject_name);
s_log(LOG_INFO, "CERT: Verification not enabled");
return 1; /* accept connection */
}
if(!preverify_ok) {
/* remote site specified a certificate, but it's not correct */
s_log(LOG_WARNING, "VERIFY ERROR: depth=%d, error=%s: %s",
callback_ctx->error_depth,
X509_verify_cert_error_string (callback_ctx->error),
subject_name);
s_log(LOG_WARNING, "CERT: Verification error: %s",
X509_verify_cert_error_string(callback_ctx->error));
return 0; /* reject connection */
}
if(c->opt->verify_use_only_my && callback_ctx->error_depth==0 &&
X509_STORE_get_by_subject(callback_ctx, X509_LU_X509,
X509_get_subject_name(callback_ctx->current_cert), &ret)!=1) {
s_log(LOG_WARNING, "VERIFY ERROR ONLY MY: no cert for %s",
subject_name);
s_log(LOG_WARNING, "CERT: Certificate not found in local repository");
return 0; /* reject connection */
}
return 1; /* accept connection */
@ -216,8 +219,7 @@ static int cert_check(CLI *c, X509_STORE_CTX *callback_ctx,
/**************************************** CRL checking */
/* based on BSD-style licensed code of mod_ssl */
static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx,
char *subject_name) {
static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx) {
X509_STORE_CTX store_ctx;
X509_OBJECT obj;
X509_NAME *subject;
@ -255,7 +257,7 @@ static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx,
/* verify the signature on this CRL */
pubkey=X509_get_pubkey(cert);
if(X509_CRL_verify(crl, pubkey)<=0) {
s_log(LOG_WARNING, "Invalid signature on CRL");
s_log(LOG_WARNING, "CRL: Invalid signature");
X509_STORE_CTX_set_error(callback_ctx,
X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
@ -268,15 +270,14 @@ static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx,
/* check date of CRL to make sure it's not expired */
if(!next_update) {
s_log(LOG_WARNING, "Found CRL has invalid nextUpdate field");
s_log(LOG_WARNING, "CRL: Invalid nextUpdate field");
X509_STORE_CTX_set_error(callback_ctx,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
X509_OBJECT_free_contents(&obj);
return 0; /* reject connection */
}
if(X509_cmp_current_time(next_update)<0) {
s_log(LOG_WARNING, "Found CRL is expired - "
"revoking all certificates until you get updated CRL");
s_log(LOG_WARNING, "CRL: CRL Expired - revoking all certificates");
X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED);
X509_OBJECT_free_contents(&obj);
return 0; /* reject connection */
@ -293,22 +294,14 @@ static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx,
crl=obj.data.crl;
if(rc>0 && crl) {
/* check if the current certificate is revoked by this CRL */
#if SSLEAY_VERSION_NUMBER >= 0x00904000
n=sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
#else
n=sk_num(X509_CRL_get_REVOKED(crl));
#endif
for(i=0; i<n; i++) {
#if SSLEAY_VERSION_NUMBER >= 0x00904000
revoked=sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
#else
revoked=(X509_REVOKED *)sk_value(X509_CRL_get_REVOKED(crl), i);
#endif
if(ASN1_INTEGER_cmp(revoked->serialNumber,
X509_get_serialNumber(cert)) == 0) {
serial=ASN1_INTEGER_get(revoked->serialNumber);
cp=X509_NAME_oneline(issuer, NULL, 0);
s_log(LOG_WARNING, "Certificate with serial %ld (0x%lX) "
s_log(LOG_WARNING, "CRL: Certificate with serial %ld (0x%lX) "
"revoked per CRL from issuer %s", serial, serial, cp);
OPENSSL_free(cp);
X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED);
@ -318,15 +311,13 @@ static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx,
}
X509_OBJECT_free_contents(&obj);
}
s_log(LOG_NOTICE, "CRL: verification passed");
return 1; /* accept connection */
}
/**************************************** OCSP checking */
/* TODO: check OCSP server specified in the certificate */
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
static int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx,
char *subject_name) {
static int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx) {
int error, retval=0;
SOCKADDR_UNION addr;
X509 *cert;
@ -340,13 +331,10 @@ static int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx,
*this_update=NULL, *next_update=NULL;
int status, reason;
/* TODO: check OCSP server specified in the certificate */
s_log(LOG_DEBUG, "OCSP: starting verification");
/* connect specified OCSP server (responder) */
if((c->fd=
socket(c->opt->ocsp_addr.addr[0].sa.sa_family, SOCK_STREAM, 0))<0) {
sockerror("socket (auth_user)");
sockerror("OCSP: socket (auth_user)");
return 0; /* reject connection */
}
if(alloc_fd(c->fd))
@ -359,23 +347,23 @@ static int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx,
/* get current certificate ID */
cert=X509_STORE_CTX_get_current_cert(callback_ctx); /* get current cert */
if(X509_STORE_CTX_get1_issuer(&issuer, callback_ctx, cert)!=1) {
sslerror("X509_STORE_CTX_get1_issuer");
sslerror("OCSP: X509_STORE_CTX_get1_issuer");
goto cleanup;
}
certID=OCSP_cert_to_id(0, cert, issuer);
if(!certID) {
sslerror("OCSP_cert_to_id");
sslerror("OCSP: OCSP_cert_to_id");
goto cleanup;
}
/* build request */
request=OCSP_REQUEST_new();
if(!request) {
sslerror("OCSP_REQUEST_new");
sslerror("OCSP: OCSP_REQUEST_new");
goto cleanup;
}
if(!OCSP_request_add0_id(request, certID)) {
sslerror("OCSP_request_add0_id");
sslerror("OCSP: OCSP_request_add0_id");
goto cleanup;
}
OCSP_request_add1_nonce(request, 0, -1);
@ -384,62 +372,59 @@ static int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx,
/* FIXME: this code won't work with ucontext threading */
/* (blocking sockets are used) */
bio=BIO_new_fd(c->fd, BIO_NOCLOSE);
setnonblock(c->fd, 0);
set_nonblock(c->fd, 0);
response=OCSP_sendreq_bio(bio, c->opt->ocsp_path, request);
setnonblock(c->fd, 1);
set_nonblock(c->fd, 1);
if(!response) {
sslerror("OCSP_sendreq_bio");
sslerror("OCSP: OCSP_sendreq_bio");
goto cleanup;
}
error=OCSP_response_status(response);
if(error!=OCSP_RESPONSE_STATUS_SUCCESSFUL) {
s_log(LOG_WARNING, "OCSP: responder error: %d: %s",
s_log(LOG_WARNING, "OCSP: Responder error: %d: %s",
error, OCSP_response_status_str(error));
goto cleanup;
}
s_log(LOG_DEBUG, "OCSP: response received");
s_log(LOG_DEBUG, "OCSP: Response received");
/* verify the response */
basicResponse=OCSP_response_get1_basic(response);
if(!basicResponse) {
sslerror("OCSP_response_get1_basic");
sslerror("OCSP: OCSP_response_get1_basic");
goto cleanup;
}
if(OCSP_check_nonce(request, basicResponse)<=0) {
sslerror("OCSP_check_nonce");
sslerror("OCSP: OCSP_check_nonce");
goto cleanup;
}
if(OCSP_basic_verify(basicResponse, NULL,
c->opt->revocation_store, c->opt->ocsp_flags)<=0) {
sslerror("OCSP_basic_verify");
sslerror("OCSP: OCSP_basic_verify");
goto cleanup;
}
if(!OCSP_resp_find_status(basicResponse, certID, &status, &reason,
&revoked_at, &this_update, &next_update)) {
sslerror("OCSP_resp_find_status");
sslerror("OCSP: OCSP_resp_find_status");
goto cleanup;
}
s_log(LOG_NOTICE, "OCSP: status: %d: %s",
s_log(LOG_NOTICE, "OCSP: Status: %d: %s",
status, OCSP_cert_status_str(status));
log_time(LOG_INFO, "OCSP: this update", this_update);
log_time(LOG_INFO, "OCSP: next update", next_update);
log_time(LOG_INFO, "OCSP: This update", this_update);
log_time(LOG_INFO, "OCSP: Next update", next_update);
/* check if the response is valid for at least one minute */
if(!OCSP_check_validity(this_update, next_update, 60, -1)) {
sslerror("OCSP_check_validity");
sslerror("OCSP: OCSP_check_validity");
goto cleanup;
}
if(status==V_OCSP_CERTSTATUS_REVOKED) {
if(reason==-1)
s_log(LOG_WARNING, "OCSP: certificate revoked");
s_log(LOG_WARNING, "OCSP: Certificate revoked");
else
s_log(LOG_WARNING, "OCSP: certificate revoked: %d: %s",
s_log(LOG_WARNING, "OCSP: Certificate revoked: %d: %s",
reason, OCSP_crl_reason_str(reason));
log_time(LOG_NOTICE, "OCSP: revoked at", revoked_at);
log_time(LOG_NOTICE, "OCSP: Revoked at", revoked_at);
goto cleanup;
}
/* success */
s_log(LOG_NOTICE, "OCSP: verification passed");
retval=1; /* accept connection */
cleanup:
if(bio)
@ -456,7 +441,6 @@ cleanup:
c->fd=-1; /* avoid double close on cleanup */
return retval;
}
#endif /* OpenSSL-0.9.7 */
static void log_time(const int level, const char *txt, ASN1_TIME *t) {
char *cp;

2
tools/Makefile.am
Просмотреть файл

@ -23,7 +23,7 @@ install-data-local:
$(openssl) req -new -x509 -days 365 -nodes $$RND \
-config $(srcdir)/stunnel.cnf \
-out stunnel.pem -keyout stunnel.pem; \
test -z "$(USE_DH)" || $(openssl) gendh $$RND 512 >> stunnel.pem; \
$(openssl) gendh $$RND 512 >> stunnel.pem; \
$(openssl) x509 -subject -dates -fingerprint -noout -in stunnel.pem; \
${INSTALL} -m 600 stunnel.pem $(DESTDIR)$(confdir)/stunnel.pem; \
rm stunnel.pem; \

139
tools/Makefile.in
Просмотреть файл

@ -1,8 +1,9 @@
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -16,8 +17,9 @@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
@ -36,11 +38,15 @@ subdir = tools
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
$(srcdir)/stunnel.conf-sample.in $(srcdir)/stunnel.init.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES = stunnel.conf-sample stunnel.init
CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
@ -48,10 +54,23 @@ am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(confdir)" "$(DESTDIR)$(examplesdir)"
confDATA_INSTALL = $(INSTALL_DATA)
examplesDATA_INSTALL = $(INSTALL_DATA)
DATA = $(conf_DATA) $(examples_DATA)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
@ -66,44 +85,47 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFAULT_GROUP = @DEFAULT_GROUP@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DSYMUTIL = @DSYMUTIL@
ECHO = @ECHO@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
FFLAGS = @FFLAGS@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBTOOL_DEPS = @LIBTOOL_DEPS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANDOM_FILE = @RANDOM_FILE@
@ -112,15 +134,13 @@ SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
USE_DH = @USE_DH@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@ -151,6 +171,7 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@ -164,6 +185,7 @@ srcdir = @srcdir@
ssldir = @ssldir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \
@ -183,14 +205,14 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tools/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu tools/Makefile
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tools/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu tools/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@ -208,6 +230,7 @@ $(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
stunnel.conf-sample: $(top_builddir)/config.status $(srcdir)/stunnel.conf-sample.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
stunnel.init: $(top_builddir)/config.status $(srcdir)/stunnel.init.in
@ -221,37 +244,43 @@ clean-libtool:
install-confDATA: $(conf_DATA)
@$(NORMAL_INSTALL)
test -z "$(confdir)" || $(MKDIR_P) "$(DESTDIR)$(confdir)"
@list='$(conf_DATA)'; for p in $$list; do \
@list='$(conf_DATA)'; test -n "$(confdir)" || list=; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
f=$(am__strip_dir) \
echo " $(confDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(confdir)/$$f'"; \
$(confDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(confdir)/$$f"; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(confdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(confdir)" || exit $$?; \
done
uninstall-confDATA:
@$(NORMAL_UNINSTALL)
@list='$(conf_DATA)'; for p in $$list; do \
f=$(am__strip_dir) \
echo " rm -f '$(DESTDIR)$(confdir)/$$f'"; \
rm -f "$(DESTDIR)$(confdir)/$$f"; \
done
@list='$(conf_DATA)'; test -n "$(confdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(confdir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(confdir)" && rm -f $$files
install-examplesDATA: $(examples_DATA)
@$(NORMAL_INSTALL)
test -z "$(examplesdir)" || $(MKDIR_P) "$(DESTDIR)$(examplesdir)"
@list='$(examples_DATA)'; for p in $$list; do \
@list='$(examples_DATA)'; test -n "$(examplesdir)" || list=; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
f=$(am__strip_dir) \
echo " $(examplesDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(examplesdir)/$$f'"; \
$(examplesDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(examplesdir)/$$f"; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(examplesdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(examplesdir)" || exit $$?; \
done
uninstall-examplesDATA:
@$(NORMAL_UNINSTALL)
@list='$(examples_DATA)'; for p in $$list; do \
f=$(am__strip_dir) \
echo " rm -f '$(DESTDIR)$(examplesdir)/$$f'"; \
rm -f "$(DESTDIR)$(examplesdir)/$$f"; \
done
@list='$(examples_DATA)'; test -n "$(examplesdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(examplesdir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(examplesdir)" && rm -f $$files
tags: TAGS
TAGS:
@ -275,13 +304,17 @@ distdir: $(DISTFILES)
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@ -312,6 +345,7 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@ -330,6 +364,8 @@ dvi-am:
html: html-am
html-am:
info: info-am
info-am:
@ -339,18 +375,28 @@ install-data-am: install-confDATA install-data-local \
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
@ -398,7 +444,7 @@ install-data-local:
$(openssl) req -new -x509 -days 365 -nodes $$RND \
-config $(srcdir)/stunnel.cnf \
-out stunnel.pem -keyout stunnel.pem; \
test -z "$(USE_DH)" || $(openssl) gendh $$RND 512 >> stunnel.pem; \
$(openssl) gendh $$RND 512 >> stunnel.pem; \
$(openssl) x509 -subject -dates -fingerprint -noout -in stunnel.pem; \
${INSTALL} -m 600 stunnel.pem $(DESTDIR)$(confdir)/stunnel.pem; \
rm stunnel.pem; \
@ -413,6 +459,7 @@ install-data-local:
clean-local:
-rm -f stunnel.rnd
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

2
tools/stunnel.conf-sample.in
Просмотреть файл

@ -1,4 +1,4 @@
; Sample stunnel configuration file by Michal Trojnara 2002-2009
; Sample stunnel configuration file by Michal Trojnara 2002-2010
;
; some options used here may not be adequate for your particular configuration
; please read the manual and make sure you understand them

134
tools/stunnel.init.in
Просмотреть файл

@ -1,42 +1,118 @@
#!/bin/sh
# Sample stunnel SysV startup file
# Copyright by Michal Trojnara 2002,2007,2008
#! /bin/sh -e
### BEGIN INIT INFO
# Provides: stunnel
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DEFAULTPIDFILE="/var/run/stunnel.pid"
DAEMON=@prefix@/bin/stunnel
PIDFILE=@prefix@/var/run/stunnel/stunnel.pid
NAME=stunnel
DESC="SSL tunnels"
FILES="/etc/stunnel/*.conf"
OPTIONS=""
ENABLED=0
test -f $DAEMON || exit 0
get_pids() {
local file=$1
if test -f $file; then
CHROOT=`grep "^chroot" $file|sed "s;.*= *;;"`
PIDFILE=`grep "^pid" $file|sed "s;.*= *;;"`
if [ "$PIDFILE" = "" ]; then
PIDFILE=$DEFAULTPIDFILE
fi
if test -f $CHROOT/$PIDFILE; then
cat $CHROOT/$PIDFILE
fi
fi
}
startdaemons() {
if ! [ -d /var/run/stunnel ]; then
rm -rf /var/run/stunnel
install -d -o stunnel -g stunnel /var/run/stunnel
fi
for file in $FILES; do
if test -f $file; then
ARGS="$file $OPTIONS"
PROCLIST=`get_pids $file`
if [ "$PROCLIST" ] && kill -s 0 $PROCLIST 2>/dev/null; then
echo -n "[Already running: $file] "
elif $DAEMON $ARGS; then
echo -n "[Started: $file] "
else
echo "[Failed: $file]"
echo "You should check that you have specified the pid= in you configuration file"
exit 1
fi
fi
done;
}
killdaemons()
{
SIGNAL=${$1:-TERM}
for file in $FILES; do
PROCLIST=`get_pids $file`
if [ "$PROCLIST" ] && kill -s 0 $PROCLIST 2>/dev/null; then
kill -s $SIGNAL $PROCLIST
echo -n "[stopped: $file] "
fi
done
}
if [ "x$OPTIONS" != "x" ]; then
OPTIONS="-- $OPTIONS"
fi
test -f /etc/default/stunnel && . /etc/default/stunnel
if [ "$ENABLED" = "0" ] ; then
echo "$DESC disabled, see /etc/default/stunnel"
exit 0
fi
test -x $DAEMON || exit 0
set -e
case "$1" in
start)
echo -n "Starting universal SSL tunnel: stunnel"
$DAEMON || echo -n " failed"
echo "."
start)
echo -n "Starting $DESC: "
startdaemons
echo "$NAME."
;;
stop)
echo -n "Stopping universal SSL tunnel: stunnel"
if test -r $PIDFILE; then
kill `cat $PIDFILE` 2> /dev/null || echo -n " failed"
else
echo -n " no PID file"
fi
echo "."
stop)
echo -n "Stopping $DESC: "
killdaemons
echo "$NAME."
;;
restart|force-reload)
echo "Restarting universal SSL tunnel"
$0 stop
sleep 1
$0 start
echo "done."
reopen-logs)
echo -n "Reopening log files $DESC: "
killdaemons USR1
echo "$NAME."
;;
*)
N=${0##*/}
N=${N#[SK]??}
echo "Usage: $N {start|stop|restart|force-reload}" >&2
force-reload|reload)
echo -n "Reloading configuration $DESC: "
killdaemons HUP
echo "$NAME."
;;
restart)
echo -n "Restarting $DESC: "
killdaemons
sleep 5
startdaemons
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|reload|reopen-logs|restart}" >&2
exit 1
;;
esac
exit 0

10
tools/stunnel.nsi
Просмотреть файл

@ -1,5 +1,5 @@
!define VERSION "4.33"
!define DLLS "/home/ftp/openssl/binary-1.0.0-zdll/"
!define VERSION "4.34"
!define DLLS "/home/ftp/openssl/binary-1.0.0a-zdll/"
!define WIN32 "/home/ftp/stunnel/obsolete/"
Name "stunnel ${VERSION}"
@ -30,8 +30,7 @@ Section "stunnel (required)"
File "${WIN32}stunnel.pem"
SetOverwrite on
File "src/stunnel.exe"
File "${DLLS}libeay32.dll"
File "${DLLS}ssleay32.dll"
File "${DLLS}*eay32.dll"
File "${DLLS}zlib1.dll"
File "${SRCDIR}doc/stunnel.html"
WriteUninstaller "uninstall.exe"
@ -90,8 +89,7 @@ lbl_win9x:
Delete "$INSTDIR\stunnel.conf"
Delete "$INSTDIR\stunnel.pem"
Delete "$INSTDIR\stunnel.exe"
Delete "$INSTDIR\libeay32.dll"
Delete "$INSTDIR\libssl32.dll"
Delete "$INSTDIR\*eay32.dll"
Delete "$INSTDIR\zlib1.dll"
Delete "$INSTDIR\stunnel.html"
Delete "$INSTDIR\uninstall.exe"

2
tools/stunnel.spec
Просмотреть файл

@ -3,7 +3,7 @@
Summary: Program that wraps normal socket connections with SSL/TLS
Name: stunnel
Version: 4.33
Version: 4.34
Release: 1
Copyright: GPL
Group: Applications/Networking