# Template file for 'stunnel' pkgname=stunnel version=5.44 revision=1 build_style=gnu-configure configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr" hostmakedepends="perl" makedepends="libressl-devel" checkdepends="nmap" short_desc="SSL encryption wrapper" maintainer="Toyam Cox " license="GPL-2" homepage="https://www.stunnel.org/" distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz" checksum=990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299 post_install() { rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8 vsconf tools/stunnel.conf-sample rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel } # REMARKS: # What. A. Pain. What a total pain. # Using the archive is the only way to get builds to keep working after the # new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not # enough is made conditional. # -- # It is important to note that upstream has expressly refused to support # LibreSSL. # -- # Significant thanks to the OpenBSD project for creating patch sets for 5.37 # One thing OpenBSD does that we don't do here is add a _stunnel user/group and # modify the configuration samples to chroot and use this by default. # As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to # be out of line with what libressl provides. # LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)' # This is probably not a security problem. EDIT: Well, it would break. Badly. # -- # As of 5.39_2 the code now doesn't use above function call if using LibreSSL, # and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char * # instead of an unsigned char * # -- # As of 5.41_1 there are only two sorts of code warnings: # conversion 'long int' from 'long unsigned int' for what appear to be flags # and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected # got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*) # These are not being considered issues.