use strict;
use warnings;
use Cwd;
+use Cwd 'abs_path';
use serverhelp qw(
server_pidfilename
my $ver_minor;
my $fips_support;
my $stunnel_version;
+my $tstunnel_windows;
my $socketopt;
my $cmd;
my $idnum = 1; # dafault stunneled server instance number
my $proto = 'https'; # default secure server protocol
my $conffile; # stunnel configuration file
+my $capath; # certificate chain PEM folder
my $certfile; # certificate chain PEM file
#***************************************************************************
$conffile = "$path/stunnel.conf";
+$capath = abs_path($path);
$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
+$certfile = abs_path($certfile);
my $ssltext = uc($proto) ." SSL/TLS:";
}
#***************************************************************************
+# Find out if we are running on Windows using the tstunnel binary
+#
+if($stunnel =~ /tstunnel(\.exe)?"?$/) {
+ $tstunnel_windows = 1;
+
+ # replace Cygwin and MinGW drives within paths
+ $capath =~ s/^(\/cygdrive)?\/(\w)\//$2\:\//;
+ $certfile =~ s/^(\/cygdrive)?\/(\w)\//$2\:\//;
+}
+
+#***************************************************************************
# Build command to execute for stunnel 3.X versions
#
if($stunnel_version < 400) {
$SIG{TERM} = \&exit_signal_handler;
# stunnel configuration file
if(open(STUNCONF, ">$conffile")) {
- print STUNCONF "
- CApath = $path
- cert = $certfile
- debug = $loglevel
- socket = $socketopt";
+ print STUNCONF "CApath = $capath\n";
+ print STUNCONF "cert = $certfile\n";
+ print STUNCONF "debug = $loglevel\n";
+ print STUNCONF "socket = $socketopt\n";
if($fips_support) {
# disable fips in case OpenSSL doesn't support it
- print STUNCONF "
- fips = no";
+ print STUNCONF "fips = no\n";
}
- if($stunnel !~ /tstunnel(\.exe)?"?$/) {
- print STUNCONF "
- output = $logfile
- pid = $pidfile
- foreground = yes";
+ if(!$tstunnel_windows) {
+ # do not use Linux-specific options on Windows
+ print STUNCONF "output = $logfile\n";
+ print STUNCONF "pid = $pidfile\n";
+ print STUNCONF "foreground = yes\n";
}
- print STUNCONF "
- [curltest]
- accept = $accept_port
- connect = $target_port";
+ print STUNCONF "\n";
+ print STUNCONF "[curltest]\n";
+ print STUNCONF "accept = $accept_port\n";
+ print STUNCONF "connect = $target_port\n";
if(!close(STUNCONF)) {
print "$ssltext Error closing file $conffile\n";
exit 1;
if($verbose) {
print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
print "cmd: $cmd\n";
- print "CApath = $path\n";
+ print "CApath = $capath\n";
print "cert = $certfile\n";
- print "pid = $pidfile\n";
print "debug = $loglevel\n";
print "socket = $socketopt\n";
- print "output = $logfile\n";
- print "foreground = yes\n";
+ if($fips_support) {
+ print "fips = no\n";
+ }
+ if(!$tstunnel_windows) {
+ print "pid = $pidfile\n";
+ print "output = $logfile\n";
+ print "foreground = yes\n";
+ }
print "\n";
print "[curltest]\n";
print "accept = $accept_port\n";
#***************************************************************************
# Run tstunnel on Windows.
#
-if($stunnel =~ /tstunnel(\.exe)?"?$/) {
+if($tstunnel_windows) {
# Fake pidfile for tstunnel on Windows.
if(open(OUT, ">$pidfile")) {
print OUT $$ . "\n";