wbrawner/homebrew-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
homebrew-core/Formula/stunnel.rb
Rob Austein 39022ebf82 stunnel: Add TLSv1.1 and TLSv1.2 support 
The system copy of OpenSSL is too old to support TLS versions 1.1 and
1.2.  This matters because TLS v1.2 includes a number of ciphers that
are stronger than anything available in earlier versions, so people
who need to use those ciphers need TLS 1.2 support.

stunnel enables TLSv1.2 and the stronger ciphers automatically when
compiled with a sufficiently recent version of OpenSSL, so the change
here is just to add the usual "--with-brewed-openssl" option to the
stunnel formula.

Closes Homebrew/homebrew#23319.

Signed-off-by: Adam Vandenberg <flangy@gmail.com>
2013-11-17 11:41:30 -08:00

131 lines
4.2 KiB
Ruby
Raw Blame History

require 'formula'
class Stunnel < Formula
homepage 'http://www.stunnel.org/'
url 'ftp://ftp.stunnel.org/stunnel/archive/4.x/stunnel-4.56.tar.gz'
mirror 'http://ftp.nluug.nl/pub/networking/stunnel/stunnel-4.56.tar.gz'
sha256 '9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293'
# We need Homebrew OpenSSL for TLSv1.2 support
option 'with-brewed-openssl', 'Build with Homebrew OpenSSL instead of the system version'
depends_on "openssl" if MacOS.version <= :leopard or build.with?('brewed-openssl')
# This patch installs a bogus .pem in lieu of interactive cert generation.
# - additionally stripping carriage-returns
def patches
DATA
end
def install
args = [
"--disable-dependency-tracking",
"--disable-libwrap",
"--prefix=#{prefix}",
"--sysconfdir=#{etc}",
"--mandir=#{man}",
]
if MacOS.version <= :leopard or build.with?('brewed-openssl')
args << "--with-ssl-dir=#{Formula.factory('openssl').opt_prefix}"
end
system "./configure", *args
system "make install"
end
def caveats
<<-EOS.undent
A bogus SSL server certificate has been installed to:
#{etc}/stunnel/stunnel.pem
This certificate will be used by default unless a config file says otherwise!
In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
EOS
end
end
__END__
diff --git a/tools/stunnel.cnf b/tools/stunnel.cnf
index d8c3174..5ad26e0 100644
--- a/tools/stunnel.cnf
+++ b/tools/stunnel.cnf
@@ -1,42 +1,30 @@
-# OpenSSL configuration file to create a server certificate
-# by Michal Trojnara 1998-2013
-
-[ req ]
-# the default key length is secure and quite fast - do not change it
-default_bits = 2048
-# comment out the next line to protect the private key with a passphrase
-encrypt_key = no
-distinguished_name = req_dn
-x509_extensions = cert_type
-
-[ req_dn ]
-countryName = Country Name (2 letter code)
-countryName_default = PL
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Mazovia Province
-
-localityName = Locality Name (eg, city)
-localityName_default = Warsaw
-
-organizationName = Organization Name (eg, company)
-organizationName_default = Stunnel Developers
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = Provisional CA
-
-0.commonName = Common Name (FQDN of your server)
-0.commonName_default = localhost
-
-# To create a certificate for more than one name uncomment:
-# 1.commonName = DNS alias of your server
-# 2.commonName = DNS alias of your server
-# ...
-# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
-# to see how Netscape understands commonName.
-
-[ cert_type ]
-nsCertType = server
-
+# OpenSSL configuration file to create a server certificate
+# by Michal Trojnara 1998-2013
+
+[ req ]
+# the default key length is secure and quite fast - do not change it
+default_bits = 2048
+# comment out the next line to protect the private key with a passphrase
+encrypt_key = no
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+countryName = PL
+stateOrProvinceName = Mazovia Province
+localityName = Warsaw
+organizationName = Stunnel Developers
+organizationalUnitName = Provisional CA
+0.commonName = localhost
+
+# To create a certificate for more than one name uncomment:
+# 1.commonName = DNS alias of your server
+# 2.commonName = DNS alias of your server
+# ...
+# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
+# to see how Netscape understands commonName.
+
+[ cert_type ]
+nsCertType = server
+
--
1.7.9
Reference in a new issue View git blame Copy permalink