diff --git a/.cvsignore b/.cvsignore index e69de29..8f70ec3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +stunnel-3.8.tar.gz diff --git a/Certificate-Creation b/Certificate-Creation new file mode 100644 index 0000000..a33cbb2 --- /dev/null +++ b/Certificate-Creation @@ -0,0 +1,9 @@ +To generate a key and self signed certificate, execute the following commands: + +cd /usr/share/ssl/certs +make stunnel.pem + +Note that by default, the file containing the key and certificate has its +permissions set to 0600, which means that any service using it needs to be +started as root in order to read it. Such a service should be configured +to switch UIDs using stunnel's "-s" flag. diff --git a/sfinger.xinetd b/sfinger.xinetd new file mode 100644 index 0000000..c1fba6d --- /dev/null +++ b/sfinger.xinetd @@ -0,0 +1,11 @@ +# Not that anyone in their right mind would tunnel the finger protocol over +# SSL, but here's how to do it using xinetd.... + +service sfinger +{ + socket_type = stream + wait = no + user = root + server = /usr/sbin/stunnel + server_args = -s nobody -l /usr/sbin/in.fingerd -- in.fingerd +} diff --git a/sources b/sources index e69de29..3ecb3b9 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +f84f3698b50f7028c94340e546acaa01 stunnel-3.8.tar.gz diff --git a/stunnel.spec b/stunnel.spec new file mode 100644 index 0000000..f5af4da --- /dev/null +++ b/stunnel.spec @@ -0,0 +1,105 @@ +Summary: SSL-encrypting socket wrapper. +Name: stunnel +Version: 3.8 +Release: 4 +Copyright: GPL +Group: Applications/Internet +Source0: http://mike.daewoo.com.pl/computer/stunnel/stunnel-%{version}.tar.gz +Source1: stunnel.cnf +Source2: Certificate-Creation +Source3: sfinger.xinetd +Patch0: stunnel-3.8-redhat.patch +Buildroot: %{_tmppath}/stunnel-root +BuildPrereq: openssl-devel, textutils, fileutils, /usr/share/dict/words +Prereq: openssl >= 0.9.5a, textutils, fileutils, /bin/mktemp, /sbin/ldconfig, /usr/share/dict/words, /bin/hostname, /usr/bin/id, /usr/bin/getent + +%description +stunnel is a socket wrapper which can be used to give ordinary +applications SSL (secure sockets layer) support. For example, it +can be used in conjunction with a imapd to create a SSL secure IMAP +server. + +%prep +%setup -q +%patch0 -p1 -b .redhat +cp %{SOURCE2} . + +%build +CFLAGS="$RPM_OPT_FLAGS -DNO_RC5 -DNO_IDEA"; export CFLAGS +%configure --with-ssl=%{_datadir}/ssl + +# We have to create a certificate before the makefile asks us to. +rm -f stunnel.pem stunnel.pem.1 stunnel.pem.2 +(echo US + echo . + echo . + echo . + echo . + echo . + echo . + echo .) | openssl req -newkey rsa:1024 -nodes -keyout stunnel.pem.1 -x509 -days 365 -out stunnel.pem.2 +cat stunnel.pem.1 > stunnel.pem +echo "" >> stunnel.pem +cat stunnel.pem.2 >> stunnel.pem +make + +%install +rm -rf $RPM_BUILD_ROOT +%{makeinstall} \ + ssldir=$RPM_BUILD_ROOT/%{_datadir}/ssl \ + man8dir=$RPM_BUILD_ROOT%{_mandir}/man8 \ + piddir=$RPM_BUILD_ROOT/%{_var}/run +install -m644 stunnel.cnf $RPM_BUILD_ROOT/%{_datadir}/ssl/ + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%doc BUGS COPY* FAQ HISTORY PORTS README TODO INSTALL stunnel.html *.txt +%doc $RPM_SOURCE_DIR/Certificate-Creation $RPM_SOURCE_DIR/sfinger.xinetd +%ghost %config(noreplace,missingok) %{_datadir}/ssl/certs/stunnel.pem +%{_libdir}/stunnel.so* +%{_mandir}/man8/stunnel.8* +%{_sbindir}/stunnel + +%changelog +* Fri Aug 18 2000 Nalin Dahyabhai +- make stunnel.pem also be (missingok) + +* Thu Jun 29 2000 Nalin Dahyabhai +- move to Applications/Internet group +- clean up %post script +- make stunnel.pem %ghost %config(noreplace) +- provide a sample file for use with xinetd + +* Thu Jun 8 2000 Nalin Dahyabhai +- FHS compliance fixes +- modify defaults + +* Tue Mar 14 2000 Florian La Roche +- update to 3.8 +- do not create certificate if one already exists + +* Mon Feb 21 2000 Florian La Roche +- update to 3.7 +- add patch to find /usr/share/ssl +- change some perms + +* Sat Oct 30 1999 Bernhard Rosenkraenzer +- Modify spec file to match Red Hat standards + +* Fri Aug 12 1999 Damien Miller +- Updated to 3.4a +- Patched for OpenSSL 0.9.4 +- Cleaned up files section + +* Sun Jul 11 1999 Damien Miller +- Updated to 3.3 + +* Sat Nov 28 1998 Damien Miller +- Initial RPMification