Charlie Brady wrote:
On Tue, 26 Apr 2005, Bob wrote:
John Peacock wrote:
I think the consensus (in July/August 2004) was to use stunnel as a wrapper around qpsmtpd, e.g.
exec tcpserver (flags) stunnel (flags) qpsmtpd
and stunnel (of recent enough vintage) will just proxy the SMTP transaction for you.
...
How would sslserver compare?
sslserver (http://www.superscript.com/ucspi-ssl/sslserver.html) is a problem for anyone who wishes to distribute binaries, as its source code doesn't come with any license. The provenance of the source code isn't clear either, although clearly much of it comes from djb.
--- Charlie
There's a license or debian and bsd wouldn't touch it. I suggest reading what debian and bsd say about ucspi-tcp, daemontools, what the license is. djb hasn't carped at debian or Felix Leitner or the ldapdns guy or bsd. bsd says "license indistinct" for one thing.
The idea is that sslserver is a drop in replacement for tcpserver, but it's not quite that for me.
sslserver encapsulates a connection. I have it serving https right now but there is an error logged. Haven't tried sslserver qpsmtpd.
http://www.superscript.com/ucspi-ssl/sslperl.html
sslperl forks the requested number of children, each listening for TCP client connections. Before handling any requests, each child parses and runs the perl code in /file/. The file should end with a true expression, like a module.
To handle a request, a child process executes /prog/ as a perl subroutine, with file descriptor 0 reading from the network and file descriptor 1 writing to the network. Before handling the request, the child sets certain environment variables, a la sslserver <http://www.superscript.com/ucspi-ssl/sslserver.html>.
Each invocation of /prog/ handles a single request. It is called within a loop, with one iteration per request, and therefore must release any resources allocated to handle a particular request.
If /prog/ exits while handling a request, sslperl will start a new child process.
_________
Felix Leitner borrowed from djb. I can use his gatling and fnord, but can't compile tlsgatling. fnord-cgi has php patch but I haven't tried it. I'm running fnord-cgi under sslserver.
-Bob Dodds
#libowfat
ldconfig -v
cd /usr/src
[ -d "/usr/src/libowfat" ] || mkdir -p /usr/src/libowfat
CVSROOT=':pserver:[EMAIL PROTECTED]:/cvs'
export CVSROOT
cvs -z9 co libowfat
cd /usr/src/libowfat
sed -i -e 's/ -Wstrict-aliasing.*$//' GNUmakefile
make all
make install
#dietlibc
cd /usr/src
[ -d "dietlibc" ] || mkdir -p /usr/src/dietlibc
CVSROOT=':pserver:[EMAIL PROTECTED]:/cvs'
export CVSROOT
cvs -z9 co dietlibc
cd /usr/src/dietlibc
make
install bin-i386/diet /usr/local/bin
mkdir -p /opt/diet/bin
ln -s /usr/local/bin/diet /opt/diet/bin/diet
#sslserver--
pushd /usr/src > /dev/null
[ -d "/usr/src/ucspi-ssl" ] && rm -r /usr/src/ucspi-ssl
mkdir -p /usr/src/ucspi-ssl
cd /usr/src/ucspi-ssl
elinks http://www.superscript.com/ucspi-ssl/install.html
tar -xvvzf ucspi-ssl-*.tar.gz
rm *.tar *.gz
cd host/superscript.com/net/ucspi-ssl-*
# the following are my paths, you'd have to edit them--
echo /etc/fnords/CA/certs > \
/usr/src/ucspi-ssl/host/superscript.com/net/ucspi-ssl-*/src/conf-cadir
echo /etc/fnords/CA/certs/cacert.pem > \
/usr/src/ucspi-ssl/host/superscript.com/net/ucspi-ssl-*/src/conf-cafile
echo /etc/fnords/CA/certs/cert.pem > \
/usr/src/ucspi-ssl/host/superscript.com/net/ucspi-ssl-*/src/conf-certfile
echo 'TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!LOW:@STRENGTH' > \
/usr/src/ucspi-ssl/host/superscript.com/net/ucspi-ssl-*/src/conf-ciphers
echo /etc/fnords/CA/certs/dh1024.pem > \
/usr/src/ucspi-ssl/host/superscript.com/net/ucspi-ssl-*/src/conf-dhfile
echo /etc/fnords/CA/certs/key.pem > \
/usr/src/ucspi-ssl/host/superscript.com/net/ucspi-ssl-*/src/conf-keyfile
package/compile
package/rts
for p in sslserver sslconnect sslcat sslclient sslperl
do package/install $p
done
