Created
March 7, 2014 15:59
-
-
Save jmaciasluque/9414210 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'formula' | |
class Stunnel < Formula | |
homepage 'http://www.stunnel.org/' | |
url 'ftp://ftp.nluug.nl/pub/networking/stunnel/archive/4.x/stunnel-4.56.tar.gz' | |
mirror 'http://ftp.nluug.nl/pub/networking/stunnel/archive/4.x/stunnel-4.56.tar.gz' | |
sha256 '9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293' | |
# We need Homebrew OpenSSL for TLSv1.2 support | |
option 'with-brewed-openssl', 'Build with Homebrew OpenSSL instead of the system version' | |
depends_on "openssl" if MacOS.version <= :leopard or build.with?('brewed-openssl') | |
# This patch installs a bogus .pem in lieu of interactive cert generation. | |
# - additionally stripping carriage-returns | |
def patches | |
DATA | |
end | |
def install | |
args = [ | |
"--disable-dependency-tracking", | |
"--disable-libwrap", | |
"--prefix=#{prefix}", | |
"--sysconfdir=#{etc}", | |
"--mandir=#{man}", | |
] | |
if MacOS.version <= :leopard or build.with?('brewed-openssl') | |
args << "--with-ssl-dir=#{Formula["openssl"].opt_prefix}" | |
end | |
system "./configure", *args | |
system "make install" | |
end | |
def caveats | |
<<-EOS.undent | |
A bogus SSL server certificate has been installed to: | |
#{etc}/stunnel/stunnel.pem | |
This certificate will be used by default unless a config file says otherwise! | |
In your stunnel configuration, specify a SSL certificate with | |
the "cert =" option for each service. | |
EOS | |
end | |
end | |
__END__ | |
diff --git a/tools/stunnel.cnf b/tools/stunnel.cnf | |
index d8c3174..5ad26e0 100644 | |
--- a/tools/stunnel.cnf | |
+++ b/tools/stunnel.cnf | |
@@ -1,42 +1,30 @@ | |
-# OpenSSL configuration file to create a server certificate | |
-# by Michal Trojnara 1998-2013 | |
- | |
-[ req ] | |
-# the default key length is secure and quite fast - do not change it | |
-default_bits = 2048 | |
-# comment out the next line to protect the private key with a passphrase | |
-encrypt_key = no | |
-distinguished_name = req_dn | |
-x509_extensions = cert_type | |
- | |
-[ req_dn ] | |
-countryName = Country Name (2 letter code) | |
-countryName_default = PL | |
-countryName_min = 2 | |
-countryName_max = 2 | |
- | |
-stateOrProvinceName = State or Province Name (full name) | |
-stateOrProvinceName_default = Mazovia Province | |
- | |
-localityName = Locality Name (eg, city) | |
-localityName_default = Warsaw | |
- | |
-organizationName = Organization Name (eg, company) | |
-organizationName_default = Stunnel Developers | |
- | |
-organizationalUnitName = Organizational Unit Name (eg, section) | |
-organizationalUnitName_default = Provisional CA | |
- | |
-0.commonName = Common Name (FQDN of your server) | |
-0.commonName_default = localhost | |
- | |
-# To create a certificate for more than one name uncomment: | |
-# 1.commonName = DNS alias of your server | |
-# 2.commonName = DNS alias of your server | |
-# ... | |
-# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html | |
-# to see how Netscape understands commonName. | |
- | |
-[ cert_type ] | |
-nsCertType = server | |
- | |
+# OpenSSL configuration file to create a server certificate | |
+# by Michal Trojnara 1998-2013 | |
+ | |
+[ req ] | |
+# the default key length is secure and quite fast - do not change it | |
+default_bits = 2048 | |
+# comment out the next line to protect the private key with a passphrase | |
+encrypt_key = no | |
+distinguished_name = req_dn | |
+x509_extensions = cert_type | |
+prompt = no | |
+ | |
+[ req_dn ] | |
+countryName = PL | |
+stateOrProvinceName = Mazovia Province | |
+localityName = Warsaw | |
+organizationName = Stunnel Developers | |
+organizationalUnitName = Provisional CA | |
+0.commonName = localhost | |
+ | |
+# To create a certificate for more than one name uncomment: | |
+# 1.commonName = DNS alias of your server | |
+# 2.commonName = DNS alias of your server | |
+# ... | |
+# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html | |
+# to see how Netscape understands commonName. | |
+ | |
+[ cert_type ] | |
+nsCertType = server | |
+ | |
-- | |
1.7.9 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment