Import sfw build 137
Bugs Fixed
----------
6926835 Wireshark cannot open files typed into the location bar
6930214 CVE-2010-0624: Heap-based buffer overflow in GNU Tar
6933424 Various sfw manual pages need to be adjusted to use the new OpenSolaris package names.
6937764 upgrade OpenSSL to 0.9.8n (and fix CVE-2010-0740)
=begin text
#ident "@(#)solaris_manpage.pod 1.2 10/03/16 SMI"
=end text
=head1 SOLARIS CONFIGURATION
Solaris has a service management facility to start processes and daemons
at system boot. This facility replaces the more traditional runtime
configuration scripts used by other Unix operating systems.
The Solaris service management facility is also used to implement inetd(1M).
To configure stunnel to listen on one or more ports, create the stunnel
configuration file /etc/stunnel/stunnel.conf. The configuration tokens are
explained elsewhere in this manual. A sample configuration file delivered
in /etc/stunnel can be used as a reference.
Now activate the stunnel smf(5) service using svcadm(1M).
=over 4
=item
# svcadm enable svc:/network/ssl/stunnel:default
=back
Note that the smf(5) FMRI can be abbreviated to stunnel, so following
command is also valid:
=over 4
=item
# svcadm enable stunnel
=back
Check that the service is running with the svcs(1M) command. If the stunnel
service is not online, use svcs -xv to find out why. This command will show the
name of the log file used to record any startup errors.
The stunnel smf(5) service is defined by a manifest which is part of the
service/security/stunnel package. The properties of the service can be
viewed or changed with the svcprop(1M) command.
The stunnel smf(5) service starts stunnel process(es) which listen for
incoming connections. An alternative way of achieving this is to use
INETD MODE described elsewhere in this manual. This method is advantageous
if the service useage is intermittant, or when many services need to use
stunnel because each service can be enabled or disabled independently.
When configuring inetd(1M) to listen on the required ports, the
stunnel process(es) are started only when a connection is established.
The INETD MODE section of this manual describes editing /etc/inetd.conf
to configure inetd(1M), although this file exists in Solaris, the services
controlled by inetd(1M) are in fact configured using smf(5) manifests.
To configure inetd(1M) on Solaris to start a stunnel process:
=over 4
=item *
Check that the service has an entry in /etc/services.
=item *
Check to see if there is already a smf(5) service running on this port
using svcs(1M) and disable any existing service with svcadm(1M).
=item *
Create a stunnel configuration file, for example:
/etc/stunnel/stunnel_imap.conf
=item *
Create a scratch template file and add the /etc/inetd.conf entry to
this file (see INETD MODE).
=item *
Use the inetconv(1M) command to create a inetd(1M) service manifest and
register the service with smf(5), for example:
# inetconv -i /tmp/inetd_scratch.conf -o /var/svc/manifest/network/ssl
=item *
The newly created service can be managed with svcadm(1M).
=back
=head1 ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
___________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|___________________________|
| Availability | service/security/stunnel |
|_____________________________|___________________________|
| Interface Stability | Uncommitted |
|_____________________________|___________________________|
=head1 SOURCE CODE
Source for stunnel is available on http://opensolaris.org.