25749851 modify default stunnel.conf to include correct CA certificate directory
authorVladimir Kotal <Vladimir.Kotal@oracle.com>
Tue, 21 Mar 2017 03:04:36 -0700
changeset 7780 15924840297f
parent 7779 76d3a92dbebb
child 7782 7e015829bd8d
25749851 modify default stunnel.conf to include correct CA certificate directory
components/stunnel/Makefile
components/stunnel/patches/00_stunnel.conf.patch
--- a/components/stunnel/Makefile	Mon Mar 20 16:30:34 2017 -0700
+++ b/components/stunnel/Makefile	Tue Mar 21 03:04:36 2017 -0700
@@ -42,6 +42,8 @@
 TEST_TARGET= $(NO_TESTS)
 include $(WS_MAKE_RULES)/common.mk
 
+PATCH_LEVEL = 0
+
 # need /usr/perl5/bin on path to access pod2man perl script, used by 
 # the build to create docs
 COMPONENT_BUILD_ENV +=  PATH=$(USRDIR)/perl5/bin:$(PATH)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/stunnel/patches/00_stunnel.conf.patch	Tue Mar 21 03:04:36 2017 -0700
@@ -0,0 +1,49 @@
+Patch origin: in-house
+Patch status: Solaris-specific; not suitable for upstream
+
+Changes CA directory in the sample configuration file.
+
+--- tools/stunnel.conf-sample.in	2016-07-05 14:27:57.000000000 -0700
++++ tools/stunnel.conf-sample.in	2017-03-21 02:49:10.831006080 -0700
[email protected]@ -45,10 +45,10 @@
+ 
+ ; ***************************************** Example TLS client mode services
+ 
+-; The following examples use /etc/ssl/certs, which is the common location
+-; of a hashed directory containing trusted CA certificates.  This is not
+-; a hardcoded path of the stunnel package, as it is not related to the
+-; stunnel configuration in @[email protected]/stunnel/.
++; The following examples use /etc/openssl/certs, which is the location
++; of directory containing hashed links to trusted CA certificate on Solaris.
++; This is not a hardcoded path of the stunnel package, as it is not related
++; to the stunnel configuration in @[email protected]/stunnel/.
+ 
+ [gmail-pop3]
+ client = yes
[email protected]@ -55,7 +55,7 @@
+ accept = 127.0.0.1:110
+ connect = pop.gmail.com:995
+ verifyChain = yes
+-CApath = /etc/ssl/certs
++CApath = /etc/openssl/certs
+ checkHost = pop.gmail.com
+ OCSPaia = yes
+ 
[email protected]@ -64,7 +64,7 @@
+ accept = 127.0.0.1:143
+ connect = imap.gmail.com:993
+ verifyChain = yes
+-CApath = /etc/ssl/certs
++CApath = /etc/openssl/certs
+ checkHost = imap.gmail.com
+ OCSPaia = yes
+ 
[email protected]@ -73,7 +73,7 @@
+ accept = 127.0.0.1:25
+ connect = smtp.gmail.com:465
+ verifyChain = yes
+-CApath = /etc/ssl/certs
++CApath = /etc/openssl/certs
+ checkHost = smtp.gmail.com
+ OCSPaia = yes
+