Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Stunnel
1.2. Name of Document Author/Supplier:
Author: Mark Fenwick
1.3 Date of This Document:
10 June, 2008
4. Technical Description
This case adds the open source stunnel (http://www.stunnel.org) command
to the Solaris WOS. Stability levels are Uncommitted, release binding
is Patch/Micro.
Overview:
The stunnel command allows the arbitrary encryption of TCP connections
with SSL, the encryption mechanisms are provided by the OpenSSL
library, which is already part of Solaris.
Stunnel allows non-SSL aware daemons and protocol (such as POP, IMAP,
HTTP) to use SSL encryption.
For example, an unprivileged user can start stunnel from the command
line so that it listens on a ephemeral port number. The configuration
file provided by the user will define what stunnel should do with TCP
connections to the localhost on this port number. This could be used by
a non-SSL aware mail client to communicate securely with a SSL
protected mail server.
Another usage would be to provide SSL protection for a network service
listening on a well known port, the decrypted traffic is proxied to the
unmodified network daemon. This configuration can be used to provide
HTTPS support for a web server that does not support SSL.
When stunnel is used to provide a SSL protected system service on a
well known port, the stunnel command needs to be started by a
privileged user. It should be started when the system boots, for this
reason a Solaris specific smf(5) manifest is provided to enable a
stunnel service.
The svc:/network/stunnel:default service is disabled by default because
it requires configuration before use. A sample configuration file is
also provided.
The following CR is used to track this case:
6712365 Intergration of stunnel into Solaris
Packaging:
SUNWstunnelr - stunnel root components
SUNWstunnelu - stunnel user components
Exported Interfaces:
+-------------------------------------+-----------------+---------------------+
|Interfaces: | Classification: | Comments: |
+-------------------------------------+-----------------+---------------------+
/var/svc/manifest/network/stunnel.xml Uncommitted stunnel manifest
svc:/network/stunnel:default Uncommitted stunnel FMRI
/usr/bin/stunnel Uncommitted stunnel executable
/etc/stunnel Uncommitted stunnel configuration
/etc/stunnel/stunnel.sample Uncommitted stunnel sample config
/usr/share/man/man1/stunnel.1 Uncommitted stunnel man page
Imported Interfaces:
+-------------------------------------+-----------------+---------------------+
|Interfaces: | Classification: | Comments: |
+-------------------------------------+-----------------+---------------------+
OpenSSL External/Uncommitted
References:
The stunnel website: http://www.stunnel.org/
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
SFW
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
