Hi,
I took the liberty of reworking the patch presented in http://www.stunnel.org/pipermail/stunnel-users/2010-July/002711.html to fix the issues raised in http://www.stunnel.org/pipermail/stunnel-users/2010-August/002719.html
The main reason why the substitution didn't work is because it should not be done during configure-time but inside the Makefile as described in the Autoconf manual http://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html...
The patch is attached to this email or you can browse the patch at https://github.com/dago/stunnel/compare/master...sysconfdir
The patch is against 5.18b3 (is there a public repo available to make patches?)
It would be great if the change could be applied.
Best regards
-- Dago
Hi,
I took the liberty of reworking the patch presented in http://www.stunnel.org/pipermail/stunnel-users/2010-July/002711.html to fix the issues raised in http://www.stunnel.org/pipermail/stunnel-users/2010-August/002719.html
The patch is available at https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/stunnel/trunk... or you can browse the patch more nicely at https://github.com/dago/stunnel/compare/master...sysconfdir
(I posted yesterday with the patch inline but it didn’t went through as the patch is rather big due to a rename)
The main reason why the substitution didn't work in the previous patch is because the substitution should not be done during configure-time but inside the Makefile as described in the Autoconf manual http://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html...
The patch is against 5.18b3 (is there a public repo available to make patches?)
It would be great if the change could be applied.
Best regards
-- Dago
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01.06.2015 10:01, Dagobert Michelsen wrote:
The patch is available at https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/stunnel/trunk...
or you can browse the patch more nicely at
Thank you very much for your work. There are a few issues with the patch I hopefully fixed: 1. It does not include the newly created .in files in the tarball. "make distcheck" is a great tool to diagnose this kind of issues. 2. The last rule for "stunnel.pod" creates recursive dependency. 3. "CApath = /etc/ssl/certs" is supposed to point to the OS trusted certificate store, and not something installed locally.
is there a public repo available to make patches?
No, there isn't.
It would be great if the change could be applied.
It will be included in the next release.
Mike
Hi Mike,
Am 01.06.2015 um 14:00 schrieb Michal Trojnara Michal.Trojnara@mirt.net:
On 01.06.2015 10:01, Dagobert Michelsen wrote:
The patch is available at https://buildfarm.opencsw.org/source/xref/opencsw/csw/mgar/pkg/stunnel/trunk...
or you can browse the patch more nicely at
Thank you very much for your work. There are a few issues with the patch I hopefully fixed:
- It does not include the newly created .in files in the tarball.
"make distcheck" is a great tool to diagnose this kind of issues.
This was intended as I didn’t want to clutter up the patch with generated files you will most certainly regenerate anyway before release. I can inclide them next time if it helps.
- The last rule for "stunnel.pod" creates recursive dependency.
Ah, good catch.
- "CApath = /etc/ssl/certs" is supposed to point to the OS trusted
certificate store, and not something installed locally.
This was somewhat intended. As I did the patch for OpenCSW we are shipping basically our own userland to Solaris which also has a different certstore. I understand that this should not go to /usr/local/etc by default, but that also means I need another way to customize it. I’ll look how this is done in other projects and propose a patch.
It would be great if the change could be applied.
It will be included in the next release.
Cool :-)
Best regards
— Dago
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01.06.2015 14:35, Dagobert Michelsen wrote:
- It does not include the newly created .in files in the
tarball. "make distcheck" is a great tool to diagnose this kind of issues.
This was intended as I didn’t want to clutter up the patch with generated files you will most certainly regenerate anyway before release. I can inclide them next time if it helps.
My comment was not about the content of the files, but about the rules to include them in the tarballs. Makefile.am not only controls the result of "make" and "make install", but also "make dist". Your patch produces makefiles that generate uninstallable source tarballs.
- "CApath = /etc/ssl/certs" is supposed to point to the OS
trusted certificate store, and not something installed locally.
This was somewhat intended. As I did the patch for OpenCSW we are shipping basically our own userland to Solaris which also has a different certstore. I understand that this should not go to /usr/local/etc by default, but that also means I need another way to customize it. I’ll look how this is done in other projects and propose a patch.
I see your point. /etc/ssl/certs is probably the best default for most modern distros.
Mike
Hi Mike,
Am 01.06.2015 um 14:45 schrieb Michal Trojnara Michal.Trojnara@mirt.net:
On 01.06.2015 14:35, Dagobert Michelsen wrote:
- It does not include the newly created .in files in the
tarball. "make distcheck" is a great tool to diagnose this kind of issues.
This was intended as I didn’t want to clutter up the patch with generated files you will most certainly regenerate anyway before release. I can inclide them next time if it helps.
My comment was not about the content of the files, but about the rules to include them in the tarballs. Makefile.am not only controls the result of "make" and "make install", but also "make dist". Your patch produces makefiles that generate uninstallable source tarballs.
I see, next time I'll run distcheck.
- "CApath = /etc/ssl/certs" is supposed to point to the OS
trusted certificate store, and not something installed locally.
This was somewhat intended. As I did the patch for OpenCSW we are shipping basically our own userland to Solaris which also has a different certstore. I understand that this should not go to /usr/local/etc by default, but that also means I need another way to customize it. I’ll look how this is done in other projects and propose a patch.
I see your point. /etc/ssl/certs is probably the best default for most modern distros.
Would it be possible to include something like —with-ca-bundle=<file> —with-ca-path=<path> as implemented in Curl? https://github.com/bagder/curl/blob/master/acinclude.m4#L2553
Best regards
— Dago
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01.06.2015 16:07, Dagobert Michelsen wrote:
Would it be possible to include something like —with-ca-bundle=<file> —with-ca-path=<path> as implemented in Curl? https://github.com/bagder/curl/blob/master/acinclude.m4#L2553
It's definitely feasible, although adding a ./configure option seems to be an overkill for something that (in case of stunnel) is only used to generate a configuration example...
Please take a look at stunnel-5.18b4. It includes the -sysconfdir / - --localstatedir stuff and the new "include" configuration file option.
Mike
-
Dagobert Michelsen -
Michal Trojnara