diff --git a/pop3-redirect.xinetd b/pop3-redirect.xinetd index a187e1a..73b95ad 100644 --- a/pop3-redirect.xinetd +++ b/pop3-redirect.xinetd @@ -2,7 +2,7 @@ # description: The POP3 redirector allows client software which does not have \ # native support for SSL to connect to the local machine's POP3 \ # port and have the connection forwarded over the network using \ -# SSL. You will need to modify /etc/xinetd.d/pop3-redirect to \ +# SSL. You will need to modify stunnel-pop3s-client.conf to \ # specify the server to connect to in order for this to be useful. service pop3 { @@ -11,7 +11,7 @@ service pop3 wait = no user = root server = /usr/sbin/stunnel - server_args = -c -r pop3s-server.example.com:pop3s + server_args = /etc/stunnel/stunnel-pop3s-client.conf log_on_success += USERID log_on_failure += USERID } diff --git a/sfinger.xinetd b/sfinger.xinetd index 286a5ae..39a91f5 100644 --- a/sfinger.xinetd +++ b/sfinger.xinetd @@ -1,11 +1,11 @@ # Not that anyone in their right mind would tunnel the finger protocol over # SSL, but here's how to do it using xinetd.... - service sfinger { + disable = yes socket_type = stream wait = no user = root server = /usr/sbin/stunnel - server_args = -l /usr/sbin/in.fingerd -- in.fingerd + server_args = /etc/stunnel/stunnel-sfinger.conf } diff --git a/stunnel-pop3s-client.conf b/stunnel-pop3s-client.conf new file mode 100644 index 0000000..eb7fda9 --- /dev/null +++ b/stunnel-pop3s-client.conf @@ -0,0 +1,8 @@ +# Sample configuration for stunnel, tunnelling cleartext connections on the +# default port (without an "accept" setting, stunnel uses stdio) over an +# encrypted channel to pop3s-server.example.com:pop3s. See stunnel(8) for +# more information. +client = yes +connect = pop3s-server.example.com:pop3s +CAfile = /usr/share/ssl/certs/ca-bundle.crt +verify = 2 diff --git a/stunnel-sfinger.conf b/stunnel-sfinger.conf new file mode 100644 index 0000000..912888a --- /dev/null +++ b/stunnel-sfinger.conf @@ -0,0 +1,8 @@ +# Sample configuration for stunnel, forwarding data from encrypted connections +# on the default port (without an "accept" setting, stunnel uses stdio) over +# an unencrypted set of pipes which are used for stdio by in.fingerd. See +# stunnel(8) for more information. +exec = /usr/sbin/in.fingerd +execargs = in.fingerd +key = /etc/stunnel/stunnel.pem +cert = /etc/stunnel/stunnel.pem diff --git a/stunnel.spec b/stunnel.spec index 3c70879..fb18831 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,7 +1,7 @@ Summary: An SSL-encrypting socket wrapper. Name: stunnel Version: 4.04 -Release: 3 +Release: 4 License: GPL Group: Applications/Internet URL: http://stunnel.mirt.net/ @@ -10,7 +10,9 @@ Source1: ftp://stunnel.mirt.net/stunnel/stunnel-%{version}.tar.gz.asc Source2: stunnel.cnf Source3: Certificate-Creation Source4: sfinger.xinetd -Source5: pop3-redirect.xinetd +Source5: stunnel-sfinger.conf +Source6: pop3-redirect.xinetd +Source7: stunnel-pop3s-client.conf Patch0: stunnel-4.02-authpriv.patch Patch1: stunnel-4.00-nopem.patch Buildroot: %{_tmppath}/stunnel-root @@ -65,7 +67,10 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %doc BUGS ChangeLog COPY* CREDITS NEWS PORTS README TODO doc/*.html %doc $RPM_SOURCE_DIR/Certificate-Creation -%doc $RPM_SOURCE_DIR/sfinger.xinetd $RPM_SOURCE_DIR/pop3-redirect.xinetd +%doc $RPM_SOURCE_DIR/sfinger.xinetd +%doc $RPM_SOURCE_DIR/pop3-redirect.xinetd +%doc $RPM_SOURCE_DIR/stunnel-pop3s-client.conf +%doc $RPM_SOURCE_DIR/stunnel-sfinger.conf %lang(en) %doc doc/en/* %lang(po) %doc doc/pl/* %{_libdir}/libstunnel.so @@ -75,6 +80,9 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/%{name} %changelog +* Fri Mar 21 2003 Nalin Dahyabhai 4.04-4 +- fix xinetd configuration samples + * Mon Feb 10 2003 Nalin Dahyabhai 4.04-3 - rebuild