<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Dmitry,<br>
Shortly speaking : per user envvars are meaningless for WCE
..phones, as there is no way to switch from a user to another on
those devices. At a time WCE was used on "handeld PC", where things
could be slightly different.<br>
So I recommend that, when your customized stunnel is loading conf
file, and after you have "tokenized" the file to get env-vars name,<br>
you mimic system calls with a stub that always return the same
values RELATIVE to "." folder,<br>
ie where the stunnel executable has been installed on the phone.<br>
This is the SOLE path that is reliable on a WCE phone.<br>
<br>
Clearly, your envars will be "path to something" I guess : typically
path to the cert file.<br>
for this example your cert file on a phone will always be in
"./mycert.crt".<br>
<br>
For a win32 platform, there will be either a system wide stunnel
running (so who will set up envvars to give to the stunnel env ?
another system script ? with the risk that this script be modified
by malicious code ?),<br>
or a "one user at a time"- wide stunnel running : it will not be
possible to get many processes running stunnel at the same time
(just because, whatever envvar you use, all your processes may
conflict when listening to "accept" sockets) unless ... you
customize "accept" port through envvars ?<br>
for me this is quite dangerous : customizing accept or -even more
dangerous- connect ports through envars is really easy in user space
for any malicious code (to redirect the trafic..).<br>
So I still do not see clearly the interest for stunnel to decode
envvars on the fly in conf file.<br>
<br>
If you are looking for conf file automated generation on large
sites, I already gave the trick in a 1-line sed command :<br>
<pre>cat stunnel_template.conf | sed -r -e "s/^(.*)$/C\:\\Progra~2\\GnuWin32\\bin\\echo.EXE \1/e" > stunnel.conf</pre>
You may argue that this trick can lead to same security breach than
explained above ...but ... NOT for system-wide stunnel for which
-normally- the stunnel.conf file can NOT be modified.<br>
Even for system-wide stunnel, any malicious sw that can tweak the
system registry will be able to redirect stunnel trafic...<br>
So this is why I do not encourage this patch.<br>
<br>
Apart from that, technically speaking, you can go forward by
creating a stub for getenv or expandstring w32 functions.<br>
<br>
To setup a wce dev environment, see this page :
<a class="moz-txt-link-freetext" href="http://delaage.pierre.free.fr">http://delaage.pierre.free.fr</a><br>
The link for evc4 is now broken : use this instead :
<a class="moz-txt-link-freetext" href="http://download.microsoft.com/download/C/3/F/C3F8B58B-9753-4C2E-8B96-2DFE3476A2F7/eVC4.exe">http://download.microsoft.com/download/C/3/F/C3F8B58B-9753-4C2E-8B96-2DFE3476A2F7/eVC4.exe</a><br>
<br>
I will refresh this web page later with more recent stunnel
codebase.<br>
<br>
Yours sincerely<br>
Pierre<br>
<br>
<div class="moz-cite-prefix">Le 28/09/2016 20:26, Dmitry Bakshaev a
écrit :<br>
</div>
<blockquote
cite="mid:CAK9DdiHEpWqDUPvQCiFxAtSH35GCiZgkuEjtU6mGb=MBsAkENg@mail.gmail.com"
type="cite">
<div dir="ltr">Hello Pierre!<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-09-10 14:00 GMT+04:00 Pierre
Delaage <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:delaage.pierre@free.fr" target="_blank">delaage.pierre@free.fr</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> Hi Dmitry,<br>
I reviewed our previous discussion on setting up stunnel
by envvars...<br>
<br>
On WCE, if you really want to have a unic code to manage
envvars...<br>
well ok, you have to write a stub for
ExpandEnvironmentStrings,<br>
that either performs %XX% replacement from predefined
values OR reads those values from a wce-specific
"pseudo-env-txtfile".<br>
</div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div>1. <a moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/ee490554%28v=winembedded.60%29.aspx">https://msdn.microsoft.com/en-us/library/ee490554(v=winembedded.60).aspx</a><br>
</div>
<div>registry values under:<br>
</div>
<div>[HKEY_LOCAL_MACHINE\init\BootVars]<br>
</div>
<div>"name" = "value"</div>
<div>it's like "global","system","shared".<br>
</div>
<div><br>
</div>
<div>
<div>2. <a moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/aa453706.aspx">https://msdn.microsoft.com/en-us/library/aa453706.aspx</a></div>
</div>
<div><a moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/aa516912.aspx">https://msdn.microsoft.com/en-us/library/aa516912.aspx</a><br>
</div>
<div>it's way to emulate :</div>
<div>getenv("APPDATA");</div>
<div>getenv("USERNAME");<br>
</div>
<div>....</div>
<div>something like (pseudocode):</div>
<div>if( !strcmp(name, "APPDATA") ){</div>
<div> SHGetSpecialFolderLocation(NULL, CSIDL_APPDATA, ...);</div>
<div> ...get "value"...</div>
<div>} else if(!strcmp(name, "USERNAME")){</div>
<div> GetUserNameEx(NameWindowsCeLocal ...)</div>
<div> ...get "value"...</div>
<div>} else ...</div>
<div><br>
</div>
<div>yes, syntax for "variables" must be %XX% - same as on
windows.<br>
</div>
<div>I think is not necessary to substitute the contents of
the config file ("pseudo-env-txtfile") to another config
file (stunnel.conf).<br>
</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> <br>
As there is only ONE user in WCE, it is quite
straightforward to write such stub, that will be
universal for any wce terminal:<br>
the predefined values can be identical for any wce
terminal.<br>
<br>
</div>
</blockquote>
<div><br>
</div>
<div>I am not familiar with WCE developlemt tools. I read
about it:<br>
</div>
<div><a moz-do-not-send="true"
href="http://stackoverflow.com/questions/3463420/how-to-create-applications-for-windows-ce">http://stackoverflow.com/questions/3463420/how-to-create-applications-for-windows-ce</a><br>
</div>
<div><a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Windows_CE#Development_tools">https://en.wikipedia.org/wiki/Windows_CE#Development_tools</a><br>
</div>
<div><a moz-do-not-send="true"
href="https://www.microsoft.com/en-us/download/details.aspx?id=17284">https://www.microsoft.com/en-us/download/details.aspx?id=17284</a><br>
</div>
<div><a moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/ms905342.aspx">https://msdn.microsoft.com/en-us/library/ms905342.aspx</a><br>
</div>
<div>INSTALL.WCE</div>
<div>makew32.bat<br>
</div>
<div>and completely puzzled by the number of versions,
variants & etc.</div>
<div>also I do not have the experience, tools and devices
for building and testing WCE apps.<br>
</div>
<div><br>
</div>
<div>currently patch done for win32 (using
native ExpandEnvironmentStringsA) and *nix
(ExpandEnvironmentStringsA stub),</div>
<div> it's tested and worked.<br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> NB : I already mentioned that
(re)configuring stunnel through envars is not safe, at
least on Win32 platforms:<br>
on those systems, env vars are stored in the registry
(and synchronised with specific system calls): every
malicious sw that can hack the registry can change env
vars, it is of course very easy in we use "user" env
vars, not system env vars.<br>
<br>
</div>
</blockquote>
<div><br>
</div>
<div>"user" env vars values has no effect on "system" env
vars.</div>
<div>to change "system"/"other user" env vars admin/owner
privileges required.</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>