Hello,
this is our current work-around for this issue:
$ cat /usr/bin/sslclient
#!/bin/sh
# Enrico Zini: Workaround for #739551
if [ "$*" = "-c /etc/dacs/dacs.conf -sc /etc/dacs/site.conf -uj DEBIAN
www.example.org:443" ]
then
exec /usr/bin/stunnel4 /etc/dacs/stunnel-www.example.org.conf
else
exec /usr/bin/sslclient.real "$@"
fi
$ cat stunnel-www.example.org.conf
foreground = yes
client = yes
connect = www.example.org:443
sni = www.example.org
# https://www.stunnel.org/pipermail/stunnel-users/2011-January/002881.html
verify = 3
cafile = /etc/dacs/stunnel-www.example.org.pem
debug = 3
Personally, I would appreciate it very much if DACS could reuse existing
and popular tools as much as possible instead of providing its own
versions. It would avoid problems like this one, and it would also make
security auditing easier for me.
Ciao,
Enrico
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <[email protected]>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
