Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/stunnel/files/stunnel.conf
Michael Haas f6927350e4 stunnel: Bring it back at v5.10 
From: Michael Haas <haas@computerlinguist.org>

* init script no longer creates certificates (consider client mode as use
  case)
* patches/010_fix_getnameinfo.patch: Fix getnameinfo signature
* patches/011_disable_ssp_linking.patch: Disable -fstack-protector as it
  is not always available in OpenWRT
* old patches (in oldpackages) no longer necessary
* remove libwrap dependency
* remove libpthread dependency
* respect CONFIG_IPV6
* init script uses procd
* sample stunnel.conf runs in client mode - prevents start failure,
  does not require cert

Possible enhancement: automatically generate certificate as done in
uhttpd. However, as client mode is a possible use case, I'd rather not.
Additionally, stunnel may use several certs with user-defined locations
and we can't easily set a cert location via command-line args.

The package is based on
https://sites.google.com/site/twisteroidambassador/openwrt/stunnel

Signed-off-by: Michael Haas <haas@computerlinguist.org>
2015-03-17 13:47:55 +01:00

45 lines
1.2 KiB
Text
Raw Blame History

; Drop privileges
setuid = nobody
setgid = nogroup
; When running under procd, stay in foreground
foreground = yes
; Don't log to stderr, use syslog
syslog = yes
; 1-7. Use 7 for greatest verbosity
;debug = 5
; Starting here, enter your services or uncomment the examples
; Example:
; If your local httpd does not support HTTPS, use stunnel in remote
; mode to forward TLS connections coming in on port 443 to non-TLS
; on port 80.
; Make sure that the cert is available.
;[httpd]
;accept = 443
;connect = 127.0.0.1:80
;cert = /etc/stunnel/stunnel.pem
; Example:
; If your local email client does not support TLS,
; use stunnel in client mode to forward non-TLS connections on
; port 143 to TLS-enabled servername:993.
;[imap]
;client = yes
;accept = 143
;connect = servername:993
; Disable peer verification - be sure to understand the limitations of peer
; verification in stunnel when enabling.
;verify = 0
; Default client section:
; stunnel requires at least one section to start successfully.
; You can safely remove this section once you have configured
; your own. We use client mode here as server requires a certificate.
[dummy]
client = yes
accept = localhost:6000
connect = localhost:6001
Reference in a new issue View git blame Copy permalink