1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
require 'formula'
class Stunnel < Formula
homepage 'http://www.stunnel.org/'
url 'ftp://ftp.stunnel.org/stunnel/archive/4.x/stunnel-4.56.tar.gz'
mirror 'http://ftp.nluug.nl/pub/networking/stunnel/stunnel-4.56.tar.gz'
sha256 '9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293'
# We need Homebrew OpenSSL for TLSv1.2 support
option 'with-brewed-openssl', 'Build with Homebrew OpenSSL instead of the system version'
depends_on "openssl" if MacOS.version <= :leopard or build.with?('brewed-openssl')
# This patch installs a bogus .pem in lieu of interactive cert generation.
# - additionally stripping carriage-returns
def patches
DATA
end
def install
args = [
"--disable-dependency-tracking",
"--disable-libwrap",
"--prefix=#{prefix}",
"--sysconfdir=#{etc}",
"--mandir=#{man}",
]
if MacOS.version <= :leopard or build.with?('brewed-openssl')
args << "--with-ssl-dir=#{Formula.factory('openssl').opt_prefix}"
end
system "./configure", *args
system "make install"
end
def caveats
<<-EOS.undent
A bogus SSL server certificate has been installed to:
#{etc}/stunnel/stunnel.pem
This certificate will be used by default unless a config file says otherwise!
In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
EOS
end
end
__END__
diff --git a/tools/stunnel.cnf b/tools/stunnel.cnf
index d8c3174..5ad26e0 100644
--- a/tools/stunnel.cnf
+++ b/tools/stunnel.cnf
@@ -1,42 +1,30 @@
-# OpenSSL configuration file to create a server certificate
-# by Michal Trojnara 1998-2013
-
-[ req ]
-# the default key length is secure and quite fast - do not change it
-default_bits = 2048
-# comment out the next line to protect the private key with a passphrase
-encrypt_key = no
-distinguished_name = req_dn
-x509_extensions = cert_type
-
-[ req_dn ]
-countryName = Country Name (2 letter code)
-countryName_default = PL
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Mazovia Province
-
-localityName = Locality Name (eg, city)
-localityName_default = Warsaw
-
-organizationName = Organization Name (eg, company)
-organizationName_default = Stunnel Developers
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = Provisional CA
-
-0.commonName = Common Name (FQDN of your server)
-0.commonName_default = localhost
-
-# To create a certificate for more than one name uncomment:
-# 1.commonName = DNS alias of your server
-# 2.commonName = DNS alias of your server
-# ...
-# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
-# to see how Netscape understands commonName.
-
-[ cert_type ]
-nsCertType = server
-
+# OpenSSL configuration file to create a server certificate
+# by Michal Trojnara 1998-2013
+
+[ req ]
+# the default key length is secure and quite fast - do not change it
+default_bits = 2048
+# comment out the next line to protect the private key with a passphrase
+encrypt_key = no
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+countryName = PL
+stateOrProvinceName = Mazovia Province
+localityName = Warsaw
+organizationName = Stunnel Developers
+organizationalUnitName = Provisional CA
+0.commonName = localhost
+
+# To create a certificate for more than one name uncomment:
+# 1.commonName = DNS alias of your server
+# 2.commonName = DNS alias of your server
+# ...
+# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
+# to see how Netscape understands commonName.
+
+[ cert_type ]
+nsCertType = server
+
--
1.7.9
|
