# Template file for 'stunnel'
pkgname=stunnel
version=5.40
revision=1
build_style=gnu-configure
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
hostmakedepends="perl"
makedepends="libressl-devel"
short_desc="SSL encryption wrapper"
maintainer="Toyam Cox <Vaelatern@gmail.com>"
license="GPL-2"
homepage="https://www.stunnel.org/"
distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
checksum=23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff

post_install() {
	rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
	vsconf tools/stunnel.conf-sample
	rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
}

# REMARKS:
# What. A. Pain. What a total pain.
# Using the archive is the only way to get builds to keep working after the
# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
# enough is made conditional.
# Significant thanks to the OpenBSD project for creating patch sets for 5.37
# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
# modify the configuration samples to chroot and use this by default.
# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
# be out of line with what libressl provides.
# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
# This is probably not a security problem.
# As of 5.39_2 it is patched to avoid the function call if using LibreSSL,
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char
# * instead of an unsigned char *