Moving stunnel to main repository
The stunnel package has been tested.
Here are results:
- It starts and works as expected, however chrooting and logging do not work out of the box
- It runs under nobody:nogroup be default
- There is no start script in the current package.
3.1 Example of the simple startip script has been attached to this message.
3.2 The stunnel daemon could be stopped with the: kill -TERM `pgrep ${NAME}`. The standard PID feature of the start-stop-daemon does not work with stunnel out-of-the-box. - There is no default stunnel.conf in the current package.
4.1 Example of the simple configuration has been attached to this message. - Apk trigers do not create any log dirs with proper permissions until then logging must be disabled
- Apk triggers does not setup chroot feature with proper permissions and files until then chrooting must be disabled
- Apk trigers do not create any PID dir with proper permissions until then pid= params must be empty
- Apk trigers do not create any default certificate
So the stunnel is workable, however at least basic init/startup script and stunnel.conf should be added to the paackage.
Basic /etc/init.d/stunnel
#!/sbin/runscript
NAME=stunnel
DAEMON=/usr/bin/$NAME
depend() {
need net
after firewall
}
start() {
ebegin "Starting ${NAME}"
start-stop-daemon --start --quiet --background \
--exec ${DAEMON} -- ${OPTS}
eend $?
}
stop() {
ebegin "Stopping ${NAME}"
start-stop-daemon --stop --quiet \
--exec ${DAEMON} \
--pidfile /var/run/${NAME}.pid
_stunnel_pids=$(pgrep ${NAME})
kill -TERM $_stunnel_pids 2>&1 >/dev/null
eend $?
}
Basic /etc/stunnel/stunnel.conf
setuid = nobody
setgid = nogroup
pid =
cert = /etc/ssl/private/example.com.pem
key = /etc/ssl/private/example.com.key
CAfile = /etc/ssl/certs/ca.example.com.pem
options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
ciphers = HIGH:!aNULL:!MD5
[imaps]
accept = 993
connect = 143
(from redmine: issue id 2777, created on 2014-03-24, closed on 2017-04-07)