stunnel for kamikaze, contributed by coova, cleaned up by me. note: this requires V=99 so that you can specify cert params.. still ick, better option? put the variables as menu options? sorta ick too.

git-svn-id: svn://svn.openwrt.org/openwrt/packages@5596 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/stunnel/Makefile

@@ -0,0 +1,52 @@
+# $Id: Makefile 1146 2005-06-05 13:32:28Z nbd $
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=stunnel
+PKG_VERSION:=4.16
+PKG_RELEASE:=1
+PKG_MD5SUM:=8ea5cae3eeaacc0271b766506b4b9d4a
+PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/stunnel
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libopenssl +libwrap
+  TITLE:=SSL TCP Wrapper
+  DESCRIPTION:=\
+	 Open source SSL TCP Wrapper
+  URL:=http://stunnel.org
+endef
+
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+		--with-random=/dev/urandom \
+		--with-threads=fork \
+	)
+endef
+
+define Build/Compile	
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		all install
+endef
+
+define Package/stunnel/install	
+	install -d -m0755 $(1)/usr/sbin $(1)/usr/lib $(1)/usr/stunnel
+	install -d -m0755 $(1)/etc/stunnel $(1)/etc/init.d
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/stunnel $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libstunnel.so $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.pem $(1)/etc/stunnel/
+	$(CP) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf
+	$(CP) ./files/stunnel.init $(1)/etc/init.d/S90stunnel
+endef
+
+$(eval $(call BuildPackage,stunnel))

net/stunnel/files/stunnel.conf

@@ -0,0 +1,60 @@
+
+; Certificate/key is needed in server mode and optional in client mode
+cert = /etc/stunnel/stunnel.pem
+;key = /usr/etc/stunnel/mail.pem
+
+; Protocol version (all, SSLv2, SSLv3, TLSv1)
+sslVersion = all
+
+; Some security enhancements for UNIX systems - comment them out on Win32
+chroot = /tmp
+setuid = nobody
+;setgid = nobody
+pid = /stunnel.pid
+
+; Some performance tunings
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+;compression = rle
+
+; Workaround for Eudora bug
+;options = DONT_INSERT_EMPTY_FRAGMENTS
+
+;verify = 2
+;CApath = /certs
+;CAfile = /usr/etc/stunnel/certs.pem
+;CRLpath = /crls
+;CRLfile = /usr/etc/stunnel/crls.pem
+
+; Some debugging stuff useful for troubleshooting
+;debug = 7
+;output = stunnel.log
+
+; Use it for client mode
+;client = yes
+
+; Service-level configuration
+
+;[pop3s]
+;accept  = 995
+;connect = 110
+;
+;[imaps]
+;accept  = 993
+;connect = 143
+;
+;[ssmtp]
+;accept  = 465
+;connect = 25
+
+[https]
+accept  = 443
+connect = 80
+TIMEOUTclose = 0
+
+[chilli]
+accept  = 3443
+connect = 3442
+TIMEOUTclose = 0
+
+; vim:ft=dosini

net/stunnel/files/stunnel.init

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+case "$1" in
+    start|boot)
+	# reasons for starting
+	[ -e "/etc/stunnel/stunnel.pem" ] && {
+	    chmod og-rwx /etc/stunnel/stunnel.pem
+	    stunnel
+	}
+	;;
+    stop)
+	killall stunnel
+	killall -9 stunnel
+	;;
+esac

net/stunnel/patches/100-cross-compile.patch

@@ -0,0 +1,117 @@
+diff -baurN stunnel-4.16.orig/configure stunnel-4.16/configure
+--- stunnel-4.16.orig/configure	2006-11-03 16:33:56.000000000 +0100
++++ stunnel-4.16/configure	2006-11-03 16:36:48.000000000 +0100
+@@ -20850,56 +20850,56 @@
+ fi
+ rm -f conftest*
+ 
+-
+-{ echo "$as_me:$LINENO: **************************************** PTY device files" >&5
+-echo "$as_me: **************************************** PTY device files" >&6;}
+-echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
+-echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6
+-if test "${ac_cv_file___dev_ptmx_+set}" = set; then
+-  echo $ECHO_N "(cached) $ECHO_C" >&6
+-else
+-  test "$cross_compiling" = yes &&
+-  { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+-   { (exit 1); exit 1; }; }
+-if test -r ""/dev/ptmx""; then
+-  ac_cv_file___dev_ptmx_=yes
+-else
+-  ac_cv_file___dev_ptmx_=no
+-fi
+-fi
+-echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
+-echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
+-if test $ac_cv_file___dev_ptmx_ = yes; then
++#
++#{ echo "$as_me:$LINENO: **************************************** PTY device files" >&5
++#echo "$as_me: **************************************** PTY device files" >&6;}
++#echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
++#echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6
++#if test "${ac_cv_file___dev_ptmx_+set}" = set; then
++#  echo $ECHO_N "(cached) $ECHO_C" >&6
++#else
++#  test "$cross_compiling" = yes &&
++#  { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
++#echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
++#   { (exit 1); exit 1; }; }
++#if test -r ""/dev/ptmx""; then
++#  ac_cv_file___dev_ptmx_=yes
++#else
++#  ac_cv_file___dev_ptmx_=no
++#fi
++#fi
++#echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
++#echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
++#if test $ac_cv_file___dev_ptmx_ = yes; then
+   cat >>confdefs.h <<\_ACEOF
+-#define HAVE_DEV_PTMX 1
++#define HAVE_DEV_PTMX 0
+ _ACEOF
+ 
+-fi
++#fi
+ 
+-echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
+-echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
+-if test "${ac_cv_file___dev_ptc_+set}" = set; then
+-  echo $ECHO_N "(cached) $ECHO_C" >&6
+-else
+-  test "$cross_compiling" = yes &&
+-  { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+-   { (exit 1); exit 1; }; }
+-if test -r ""/dev/ptc""; then
+-  ac_cv_file___dev_ptc_=yes
+-else
+-  ac_cv_file___dev_ptc_=no
+-fi
+-fi
+-echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
+-echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
+-if test $ac_cv_file___dev_ptc_ = yes; then
++#echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
++#echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
++#if test "${ac_cv_file___dev_ptc_+set}" = set; then
++#  echo $ECHO_N "(cached) $ECHO_C" >&6
++#else
++#  test "$cross_compiling" = yes &&
++#  { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
++#echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
++#   { (exit 1); exit 1; }; }
++#if test -r ""/dev/ptc""; then
++#  ac_cv_file___dev_ptc_=yes
++#else
++#  ac_cv_file___dev_ptc_=no
++#fi
++#fi
++#echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
++#echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
++#if test $ac_cv_file___dev_ptc_ = yes; then
+   cat >>confdefs.h <<\_ACEOF
+-#define HAVE_DEV_PTS_AND_PTC 1
++#define HAVE_DEV_PTS_AND_PTC 0
+ _ACEOF
+ 
+-fi
++#fi
+ 
+ 
+ { echo "$as_me:$LINENO: **************************************** entropy" >&5
+diff -baurN stunnel-4.16.orig/configure stunnel-4.16/configure
+--- stunnel-4.16.orig/configure	2006-11-03 16:45:32.000000000 +0100
++++ stunnel-4.16/configure	2006-11-03 16:46:42.000000000 +0100
+@@ -23157,8 +23157,8 @@
+ 
+ 
+ # Add SSL includes and libraries
+-CFLAGS="$CFLAGS -I$ssldir/include"
+-LIBS="$LIBS -L$ssldir/lib -lssl -lcrypto"
++CFLAGS="$CFLAGS "
++LIBS="$LIBS -lssl -lcrypto"
+ 
+ # Check for obsolete RSAref library
+ echo "$as_me:$LINENO: checking for obsolete RSAref library" >&5

net/stunnel/patches/101-no-comp.patch

@@ -0,0 +1,28 @@
+diff -baurN stunnel-4.16.orig/src/ssl.c stunnel-4.16/src/ssl.c
+--- stunnel-4.16.orig/src/ssl.c	2006-11-03 16:49:02.000000000 +0100
++++ stunnel-4.16/src/ssl.c	2006-11-03 16:50:16.000000000 +0100
+@@ -55,13 +55,16 @@
+ }
+ 
+ void ssl_configure(void) { /* configure global SSL settings */
++#ifndef OPENSSL_NO_COMP
+     if(options.compression!=COMP_NONE)
+         init_compression();
++#endif
+     if(!init_prng())
+         s_log(LOG_DEBUG, "PRNG seeded successfully");
+ }
+ 
+ static void init_compression(void) {
++#ifndef OPENSSL_NO_COMP
+     int id=0;
+     COMP_METHOD *cm=NULL;
+     char *name="unknown";
+@@ -90,6 +93,7 @@
+         exit(1);
+     }
+     s_log(LOG_INFO, "Compression enabled using %s method", name);
++#endif
+ }
+ 
+ static int init_prng(void) {

net/stunnel/patches/102-no-ssl2.patch

@@ -0,0 +1,14 @@
+diff -baurN stunnel-4.16.orig/src/options.c stunnel-4.16/src/options.c
+--- stunnel-4.16.orig/src/options.c	2006-11-03 16:50:59.000000000 +0100
++++ stunnel-4.16/src/options.c	2006-11-03 16:51:47.000000000 +0100
+@@ -957,8 +957,10 @@
+             section->client_method=SSLv23_client_method;
+             section->server_method=SSLv23_server_method;
+         } else if(!strcasecmp(arg, "SSLv2")) {
++#ifndef OPENSSL_NO_SSL2
+             section->client_method=SSLv2_client_method;
+             section->server_method=SSLv2_server_method;
++#endif
+         } else if(!strcasecmp(arg, "SSLv3")) {
+             section->client_method=SSLv3_client_method;
+             section->server_method=SSLv3_server_method;