From 55c1d659cfc5822edbbd685b06df695a7ef744c7 Mon Sep 17 00:00:00 2001
From: jakob <jakob@openbsd.org>
Date: Sun, 5 Dec 1999 18:25:54 +0000
Subject: [PATCH] SSL encryption wrapper for standard network daemons

---
 security/stunnel/Makefile         | 20 ++++++++++++++++++++
 security/stunnel/files/md5        |  3 +++
 security/stunnel/patches/patch-aa | 12 ++++++++++++
 security/stunnel/patches/patch-ab | 28 ++++++++++++++++++++++++++++
 security/stunnel/patches/patch-ac | 19 +++++++++++++++++++
 security/stunnel/patches/patch-ad | 20 ++++++++++++++++++++
 security/stunnel/patches/patch-ae | 30 ++++++++++++++++++++++++++++++
 security/stunnel/pkg/COMMENT      |  1 +
 security/stunnel/pkg/DESCR        |  9 +++++++++
 security/stunnel/pkg/MESSAGE      |  4 ++++
 security/stunnel/pkg/PLIST        |  2 ++
 11 files changed, 148 insertions(+)
 create mode 100644 security/stunnel/Makefile
 create mode 100644 security/stunnel/files/md5
 create mode 100644 security/stunnel/patches/patch-aa
 create mode 100644 security/stunnel/patches/patch-ab
 create mode 100644 security/stunnel/patches/patch-ac
 create mode 100644 security/stunnel/patches/patch-ad
 create mode 100644 security/stunnel/patches/patch-ae
 create mode 100644 security/stunnel/pkg/COMMENT
 create mode 100644 security/stunnel/pkg/DESCR
 create mode 100644 security/stunnel/pkg/MESSAGE
 create mode 100644 security/stunnel/pkg/PLIST

diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
new file mode 100644
index 00000000000..5d52fcbfdc6
--- /dev/null
+++ b/security/stunnel/Makefile
@@ -0,0 +1,20 @@
+# $OpenBSD: Makefile,v 1.1.1.1 1999/12/05 18:25:54 jakob Exp $
+
+DISTNAME=	stunnel-3.4a
+CATEGORIES=	security
+
+MAINTAINER=     jakob@openbsd.org
+
+MASTER_SITES=	http://opensores.thebunker.net/pub/mirrors/stunnel/ \
+		http://mike.daewoo.com.pl/computer/stunnel/ \
+		ftp://ftp.fu-berlin.de/unix/security/stunnel/ \
+		ftp://ftp.uni-freiburg.de/pub/net/stunnel/ \
+		ftp://ftp.all.de/pub2/unix/security/stunnel/
+
+GNU_CONFIGURE=	yes
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/stunnel ${PREFIX}/sbin
+	${INSTALL_MAN} ${WRKSRC}/stunnel.8 ${PREFIX}/man/man8
+
+.include <bsd.port.mk>
diff --git a/security/stunnel/files/md5 b/security/stunnel/files/md5
new file mode 100644
index 00000000000..61aca3bf24a
--- /dev/null
+++ b/security/stunnel/files/md5
@@ -0,0 +1,3 @@
+MD5 (stunnel-3.4a.tar.gz) = 8bfd8ce5221999022fb9e927d46dca73
+RMD160 (stunnel-3.4a.tar.gz) = dbc07f0c2faa141923f73ff1325af121d56fee67
+SHA1 (stunnel-3.4a.tar.gz) = 8e6b2bacf45eb58d89b661cefa4b80722fd74093
diff --git a/security/stunnel/patches/patch-aa b/security/stunnel/patches/patch-aa
new file mode 100644
index 00000000000..54ea936bd77
--- /dev/null
+++ b/security/stunnel/patches/patch-aa
@@ -0,0 +1,12 @@
+--- env.c.orig	Mon Sep  6 16:28:15 1999
++++ env.c	Mon Sep  6 16:29:01 1999
+@@ -20,7 +20,8 @@
+ 
+ /* getpeername can't be declarated in a normal way */
+ #define getpeername no_getpeername
+-#include <arpa/inet.h>
++#include <sys/types.h>
++#include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <stdlib.h>
+ #undef getpeername
diff --git a/security/stunnel/patches/patch-ab b/security/stunnel/patches/patch-ab
new file mode 100644
index 00000000000..9c922a78002
--- /dev/null
+++ b/security/stunnel/patches/patch-ab
@@ -0,0 +1,28 @@
+--- ssl.c.orig	Tue Jul 13 15:23:44 1999
++++ ssl.c	Fri Oct 15 23:57:41 1999
+@@ -52,13 +52,13 @@
+ #else /* USE_WIN32 */
+ 
+ /* directory for certificate */
+-#define CERT_DIR ssldir "/certs"
++#define CERT_DIR "/etc/ssl"
+ 
+ /* default certificate */
+-#define DEFAULT_CERT CERT_DIR "/stunnel.pem"
++#define DEFAULT_CERT CERT_DIR "/private/stunnel.pem"
+ 
+ /* additional directory (hashed!) with trusted CA client certs */
+-#define CA_DIR CERT_DIR "/mytrusted"
++#define CA_DIR CERT_DIR "/trusted"
+ 
+ /* certificate used for sign our client certs */
+ #define CLIENT_CA ssldir "/bin/demoCA/cacert.pem"
+@@ -202,7 +202,7 @@
+                 strerror(errno));
+             goto dh_failed;
+         }
+-        if(!(dh=PEM_read_bio_DHparams(bio, NULL, NULL))) {
++        if(!(dh=PEM_read_bio_DHparams(bio, NULL, NULL, NULL))) {
+             log(LOG_ERR, "Could not load DH parameters from %s",
+                 options.certfile);
+             goto dh_failed;
diff --git a/security/stunnel/patches/patch-ac b/security/stunnel/patches/patch-ac
new file mode 100644
index 00000000000..01f2dd7e19f
--- /dev/null
+++ b/security/stunnel/patches/patch-ac
@@ -0,0 +1,19 @@
+--- stunnel.c.orig	Tue Jul 13 15:34:28 1999
++++ stunnel.c	Fri Oct 15 23:58:12 1999
+@@ -41,13 +41,13 @@
+ #else /* USE_WIN32 */
+ 
+ /* directory for certificate */
+-#define CERT_DIR ssldir "/certs"
++#define CERT_DIR "/etc/ssl"
+ 
+ /* default certificate */
+-#define DEFAULT_CERT CERT_DIR "/stunnel.pem"
++#define DEFAULT_CERT CERT_DIR "/private/stunnel.pem"
+ 
+ /* additional directory (hashed!) with trusted CA client certs */
+-#define CA_DIR CERT_DIR "/mytrusted"
++#define CA_DIR CERT_DIR "/trusted"
+ 
+ #endif /* USE_WIN32 */
+ 
diff --git a/security/stunnel/patches/patch-ad b/security/stunnel/patches/patch-ad
new file mode 100644
index 00000000000..f91290da228
--- /dev/null
+++ b/security/stunnel/patches/patch-ad
@@ -0,0 +1,20 @@
+--- Makefile.in.orig	Mon Jul 12 19:36:10 1999
++++ Makefile.in	Sat Oct 16 00:00:05 1999
+@@ -8,7 +8,7 @@
+ libdir=@libdir@
+ mandir=@mandir@/man8
+ ssldir=@ssldir@
+-certdir=$(ssldir)/certs
++certdir=/etc/ssl
+ @SET_MAKE@
+ VERSION=stunnel-@VERSION@
+ CC=@CC@
+@@ -21,7 +21,7 @@
+ 
+ # standard external rules
+ 
+-all: stunnel stunnel.so
++all: stunnel
+ 
+ install: installdirs $(DESTFILES)
+ 
diff --git a/security/stunnel/patches/patch-ae b/security/stunnel/patches/patch-ae
new file mode 100644
index 00000000000..f62bfcbab24
--- /dev/null
+++ b/security/stunnel/patches/patch-ae
@@ -0,0 +1,30 @@
+--- stunnel.8.in.orig	Mon Jul 12 18:23:56 1999
++++ stunnel.8.in	Sat Oct 16 00:12:27 1999
+@@ -41,7 +41,7 @@
+ .B -p pemfile
+ certificate (*.pem) file name
+ .RS
+-default: @sslcnf@/certs/stunnel.pem for server mode,
++default: /etc/ssl/private/stunnel.pem for server mode,
+ none for client mode
+ .RE
+ .TP
+@@ -57,7 +57,7 @@
+ .B -a directory
+ client certificate directory for -v 3 option
+ .RS
+-default: @sslcnf@/certs/trusted
++default: /etc/ssl/trusted
+ .RE
+ .TP
+ .B -t timeout
+@@ -152,7 +152,8 @@
+ There are available SSL enabled versions of FTP and telnet daemons, however.
+ .SH SEE ALSO
+ .BR tcpd (8),
+-.BR inetd (8)
++.BR inetd (8),
++.BR ssl (8)
+ .TP
+ .BI http://mike.daewoo.com.pl/computer/stunnel
+ Stunnel home page
diff --git a/security/stunnel/pkg/COMMENT b/security/stunnel/pkg/COMMENT
new file mode 100644
index 00000000000..36598179fcc
--- /dev/null
+++ b/security/stunnel/pkg/COMMENT
@@ -0,0 +1 @@
+SSL encryption wrapper for standard network daemons
diff --git a/security/stunnel/pkg/DESCR b/security/stunnel/pkg/DESCR
new file mode 100644
index 00000000000..411bf75de43
--- /dev/null
+++ b/security/stunnel/pkg/DESCR
@@ -0,0 +1,9 @@
+The stunnel program is designed to work  as  SSL  encryption
+wrapper between remote client and local (inetd-startable) or
+remote server. The concept is that having non-SSL aware dae-
+mons  running  on  your  system you can easily setup them to
+communicate with clients over secure SSL channel.
+
+stunnel can be used to add  SSL  functionality  to  commonly
+used  inetd  daemons  like  POP-2,  POP-3  and  IMAP servers
+without any changes in the programs' code.
diff --git a/security/stunnel/pkg/MESSAGE b/security/stunnel/pkg/MESSAGE
new file mode 100644
index 00000000000..0b666b170f1
--- /dev/null
+++ b/security/stunnel/pkg/MESSAGE
@@ -0,0 +1,4 @@
+After stunnel is installed, you have to create a server certificate and
+put the result in /etc/ssl/private/stunnel.pem. For more information on
+how to create certificates, read ssl(8). For more information on stunnel,
+read stunnel(8).
diff --git a/security/stunnel/pkg/PLIST b/security/stunnel/pkg/PLIST
new file mode 100644
index 00000000000..c9ccf2473c1
--- /dev/null
+++ b/security/stunnel/pkg/PLIST
@@ -0,0 +1,2 @@
+sbin/stunnel
+man/man8/stunnel.8