Changeset 372898b
- Timestamp:
- 04/15/2014 04:59:00 PM (10 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 51889b4
- Parents:
- 0a2b7e09
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r0a2b7e09 r372898b 167 167 <!ENTITY shadow-version "4.1.5.1"> 168 168 <!ENTITY ssh-askpass-version "&openssh-version;"> 169 <!ENTITY stunnel-version " 4.56">169 <!ENTITY stunnel-version "5.00"> 170 170 <!ENTITY sudo-version "1.8.10p2"> 171 171 <!ENTITY tripwire-version "2.4.2.2"> -
introduction/welcome/changelog.xml
r0a2b7e09 r372898b 49 49 <itemizedlist> 50 50 <listitem> 51 <para>[bdubbs] - stunnel-5.00. Fixes 52 <ulink url="&blfs-ticket-root;4770">#4770</ulink>.</para> 53 </listitem> 54 <listitem> 51 55 <para>[fernando] - xvid-1.3.3. Fixes 52 56 <ulink url="&blfs-ticket-root;4948">#4948</ulink>.</para> -
postlfs/security/stunnel.xml
r0a2b7e09 r372898b 7 7 <!ENTITY stunnel-download-http "http://mirrors.zerg.biz/stunnel/stunnel-&stunnel-version;.tar.gz"> 8 8 <!ENTITY stunnel-download-ftp "ftp://ftp.stunnel.org/stunnel/stunnel-&stunnel-version;.tar.gz"> 9 <!ENTITY stunnel-md5sum " ac4c4a30bd7a55b6687cbd62d864054c">10 <!ENTITY stunnel-size "5 32KB">11 <!ENTITY stunnel-buildsize "6. 0MB">12 <!ENTITY stunnel-time "0. 2SBU">9 <!ENTITY stunnel-md5sum "4f00fd0faf99e3c9cf258a19dd83d14a"> 10 <!ENTITY stunnel-size "580 KB"> 11 <!ENTITY stunnel-buildsize "6.2 MB"> 12 <!ENTITY stunnel-time "0.1 SBU"> 13 13 ]> 14 14 … … 63 63 </itemizedlist> 64 64 65 <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>66 <itemizedlist spacing="compact">67 <listitem>68 <para>Required patch: <ulink69 url="&patch-root;/stunnel-&stunnel-version;-setuid-1.patch"/></para>70 </listitem>71 </itemizedlist> -->72 73 65 <bridgehead renderas="sect3">stunnel Dependencies</bridgehead> 74 66 75 67 <bridgehead renderas="sect4">Required</bridgehead> 76 <para role="required"><xref linkend="openssl"/></para> 68 <para role="required"> 69 <xref linkend="openssl"/> 70 </para> 71 72 <bridgehead renderas="sect4">Optional</bridgehead> 73 <para role="optional"> 74 <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink> 75 </para> 77 76 78 77 <para condition="html" role="usernotes">User Notes: … … 94 93 95 94 <note> 96 <para>A signed SSL Certificate and a Private Key is necessary to run 97 the <command>stunnel</command> daemon. If you own, or have already98 created asigned SSL Certificate you wish to use, copy it to95 <para>A signed SSL Certificate and a Private Key is necessary to run the 96 <command>stunnel</command> daemon. If you own, or have already created a 97 signed SSL Certificate you wish to use, copy it to 99 98 <filename>/etc/stunnel/stunnel.pem</filename> before starting the build 100 99 (ensure only <systemitem class="username">root</systemitem> has read and 101 write access), otherwise you will be 102 prompted to create one during the installation process. The 103 <filename class="extension">.pem</filename> file must be formatted as 104 shown below:</para> 100 write access). The <filename class="extension">.pem</filename> file must 101 be formatted as shown below:</para> 105 102 106 103 <screen><literal>-----BEGIN PRIVATE KEY----- … … 120 117 <screen><userinput>./configure --prefix=/usr \ 121 118 --sysconfdir=/etc \ 122 --localstatedir=/var \ 123 --disable-fips && 119 --localstatedir=/var && 124 120 make</userinput></screen> 125 121 … … 129 125 130 126 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen> 127 128 <para>To create the <filename>stunnel.pem</filename> in the 129 <filename class="directory">/etc/stunnel</filename> directory, 130 you need to create one. The following command prompts you 131 for the necessary information. Ensure you reply to the</para> 132 133 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen> 134 135 <para>prompt with the name or IP address you will be using 136 to access the service(s).</para> 137 138 <para>To generate a certificate, as the 139 <systemitem class="username">root</systemitem> user, run:</para> 140 141 <screen role="root"><userinput>make cert</userinput></screen> 131 142 132 143 </sect2> … … 135 146 <title>Command Explanations</title> 136 147 137 <para><parameter>--disable-fips</parameter>: This switch disables FIPS support138 which will cause <application>Stunnel</application> to fail to start if139 it is enabled.</para>140 141 148 <para><command>make docdir=... install</command>: This command installs the 142 149 package, changes the documentation installation directory to standard 143 naming conventions and, if you did not copy an 144 <filename>stunnel.pem</filename> file to the 145 <filename class="directory">/etc/stunnel</filename> directory, prompts you 146 for the necessary information to create one. Ensure you reply to the</para> 147 148 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen> 149 150 <para>prompt with the name or IP address you will be using 151 to access the service(s).</para> 150 naming conventions.</para> 152 151 153 152 </sect2> … … 184 183 <screen role="root"><userinput>cat >/etc/stunnel/stunnel.conf << "EOF" && 185 184 <literal>; File: /etc/stunnel/stunnel.conf 185 186 ; Note: The pid and output locations are relative to the chroot location. 186 187 187 188 pid = /run/stunnel.pid … … 190 191 setuid = stunnel 191 192 setgid = stunnel 192 cert = /etc/stunnel/stunnel.pem</literal> 193 cert = /etc/stunnel/stunnel.pem 194 195 ;debug = 7 196 ;output = stunnel.log 197 198 ;[https] 199 ;accept = 443 200 ;connect = 80 201 ;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL 202 ;; Microsoft implementations do not use SSL close-notify alert and thus 203 ;; they are vulnerable to truncation attacks 204 ;TIMEOUTclose = 0</literal> 193 205 194 206 EOF … … 243 255 <seg>stunnel and stunnel3</seg> 244 256 <seg>libstunnel.so</seg> 245 <seg>/etc/stunnel, /usr/lib/stunnel, 246 /usr/share/doc/stunnel-&stunnel-version;, and 247 /var/lib/stunnel</seg> 257 <seg>/etc/stunnel, 258 /usr/lib/stunnel, 259 /usr/share/doc/stunnel-&stunnel-version;, and 260 /var/lib/stunnel</seg> 248 261 </seglistitem> 249 262 </segmentedlist>
Note:
See TracChangeset
for help on using the changeset viewer.