blob: ae4fe356915e48c51c953a60cd6ce653f5c0556d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
require 'formula'
class Stunnel < Formula
homepage 'http://www.stunnel.org/'
url 'ftp://ftp.stunnel.org/stunnel/archive/4.x/stunnel-4.53.tar.gz'
md5 'ab3bfc915357d67da18c73f73610d593'
# This patch installs a bogus .pem in lieu of interactive cert generation.
# - additionally stripping carriage-returns
def patches
DATA
end
def install
system "./configure", "--disable-dependency-tracking",
"--disable-libwrap",
"--prefix=#{prefix}",
"--sysconfdir=#{etc}"
"--mandir=#{man}"
system "make install"
end
def caveats
<<-EOS.undent
A bogus SSL server certificate has been installed to:
#{etc}/stunnel/stunnel.pem
This certificate will be used by default unless a config file says otherwise!
In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
EOS
end
end
__END__
diff --git a/tools/stunnel.cnf b/tools/stunnel.cnf
index d8c3174..5ad26e0 100644
--- a/tools/stunnel.cnf
+++ b/tools/stunnel.cnf
@@ -1,42 +1,30 @@
-# OpenSSL configuration file to create a server certificate
-# by Michal Trojnara 1998-2012
-
-[ req ]
-# the default key length is secure and quite fast - do not change it
-default_bits = 2048
-# comment out the next line to protect the private key with a passphrase
-encrypt_key = no
-distinguished_name = req_dn
-x509_extensions = cert_type
-
-[ req_dn ]
-countryName = Country Name (2 letter code)
-countryName_default = PL
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Mazovia Province
-
-localityName = Locality Name (eg, city)
-localityName_default = Warsaw
-
-organizationName = Organization Name (eg, company)
-organizationName_default = Stunnel Developers
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = Provisional CA
-
-0.commonName = Common Name (FQDN of your server)
-0.commonName_default = localhost
-
-# To create a certificate for more than one name uncomment:
-# 1.commonName = DNS alias of your server
-# 2.commonName = DNS alias of your server
-# ...
-# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
-# to see how Netscape understands commonName.
-
-[ cert_type ]
-nsCertType = server
-
+# OpenSSL configuration file to create a server certificate
+# by Michal Trojnara 1998-2012
+
+[ req ]
+# the default key length is secure and quite fast - do not change it
+default_bits = 2048
+# comment out the next line to protect the private key with a passphrase
+encrypt_key = no
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+countryName = PL
+stateOrProvinceName = Mazovia Province
+localityName = Warsaw
+organizationName = Stunnel Developers
+organizationalUnitName = Provisional CA
+0.commonName = localhost
+
+# To create a certificate for more than one name uncomment:
+# 1.commonName = DNS alias of your server
+# 2.commonName = DNS alias of your server
+# ...
+# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
+# to see how Netscape understands commonName.
+
+[ cert_type ]
+nsCertType = server
+
--
1.7.9
|
