From f6131611e15a644312e3c4baf5b8f6387c2930e7 Mon Sep 17 00:00:00 2001 From: khramshinr Date: Wed, 29 May 2024 19:46:20 +0600 Subject: T5735: Stunnel CLI and configuration Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config --- .../include/stunnel/address.xml.i | 20 ++++++ .../include/stunnel/connect.xml.i | 11 ++++ interface-definitions/include/stunnel/listen.xml.i | 11 ++++ .../include/stunnel/protocol-options.xml.i | 75 ++++++++++++++++++++++ .../include/stunnel/protocol-value-cifs.xml.i | 6 ++ .../include/stunnel/protocol-value-connect.xml.i | 6 ++ .../include/stunnel/protocol-value-imap.xml.i | 6 ++ .../include/stunnel/protocol-value-nntp.xml.i | 6 ++ .../include/stunnel/protocol-value-pgsql.xml.i | 6 ++ .../include/stunnel/protocol-value-pop3.xml.i | 6 ++ .../include/stunnel/protocol-value-proxy.xml.i | 6 ++ .../include/stunnel/protocol-value-smtp.xml.i | 6 ++ .../include/stunnel/protocol-value-socks.xml.i | 6 ++ interface-definitions/include/stunnel/psk.xml.i | 30 +++++++++ interface-definitions/include/stunnel/ssl.xml.i | 11 ++++ 15 files changed, 212 insertions(+) create mode 100644 interface-definitions/include/stunnel/address.xml.i create mode 100644 interface-definitions/include/stunnel/connect.xml.i create mode 100644 interface-definitions/include/stunnel/listen.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-options.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-cifs.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-connect.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-imap.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-nntp.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-pgsql.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-pop3.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-proxy.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-smtp.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-socks.xml.i create mode 100644 interface-definitions/include/stunnel/psk.xml.i create mode 100644 interface-definitions/include/stunnel/ssl.xml.i (limited to 'interface-definitions/include/stunnel') diff --git a/interface-definitions/include/stunnel/address.xml.i b/interface-definitions/include/stunnel/address.xml.i new file mode 100644 index 000000000..d2901d595 --- /dev/null +++ b/interface-definitions/include/stunnel/address.xml.i @@ -0,0 +1,20 @@ + + + + Hostname or IP address + + ipv4 + IPv4 address + + + hostname + hostname + + + + + + Invalid FQDN or IP address + + + diff --git a/interface-definitions/include/stunnel/connect.xml.i b/interface-definitions/include/stunnel/connect.xml.i new file mode 100644 index 000000000..cd6246a00 --- /dev/null +++ b/interface-definitions/include/stunnel/connect.xml.i @@ -0,0 +1,11 @@ + + + + Connect to a remote address + + + #include + #include + + + diff --git a/interface-definitions/include/stunnel/listen.xml.i b/interface-definitions/include/stunnel/listen.xml.i new file mode 100644 index 000000000..13d0986ee --- /dev/null +++ b/interface-definitions/include/stunnel/listen.xml.i @@ -0,0 +1,11 @@ + + + + Accept connections on specified address + + + #include + #include + + + diff --git a/interface-definitions/include/stunnel/protocol-options.xml.i b/interface-definitions/include/stunnel/protocol-options.xml.i new file mode 100644 index 000000000..2f0202875 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-options.xml.i @@ -0,0 +1,75 @@ + + + + Advanced protocol options + + + + + Authentication type for the protocol negotiations + + basic ntlm plain login + + + basic + The default 'connect' authentication type + + + ntlm + Supported authentication types for the 'connect' protocol + + + plain + The default 'smtp' authentication type + + + login + Supported authentication types for the 'smtp' protocol + + + (basic|ntlm|plain|login) + + + + + + Domain for the 'connect' protocol. + + domain + domain + + + + + + + + + Destination address for the 'connect' protocol + + + #include + #include + + + + + Password for the protocol negotiations + + txt + Authentication password + + + + + + Username for the protocol negotiations + + txt + Authentication username + + + + + + diff --git a/interface-definitions/include/stunnel/protocol-value-cifs.xml.i b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i new file mode 100644 index 000000000..5b9484750 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i @@ -0,0 +1,6 @@ + + + cifs + Proprietary (undocummented) extension of CIFS protocol + + diff --git a/interface-definitions/include/stunnel/protocol-value-connect.xml.i b/interface-definitions/include/stunnel/protocol-value-connect.xml.i new file mode 100644 index 000000000..3c30e71ca --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-connect.xml.i @@ -0,0 +1,6 @@ + + + connect + Based on RFC 2817 - Upgrading to TLS Within HTTP/1.1, section 5.2 - Requesting a Tunnel with CONNECT + + diff --git a/interface-definitions/include/stunnel/protocol-value-imap.xml.i b/interface-definitions/include/stunnel/protocol-value-imap.xml.i new file mode 100644 index 000000000..033e5479b --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-imap.xml.i @@ -0,0 +1,6 @@ + + + imap + Based on RFC 2595 - Using TLS with IMAP, POP3 and ACAP + + diff --git a/interface-definitions/include/stunnel/protocol-value-nntp.xml.i b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i new file mode 100644 index 000000000..60a6c02c6 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i @@ -0,0 +1,6 @@ + + + nntp + Based on RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) + + diff --git a/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i new file mode 100644 index 000000000..fd3a166ec --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i @@ -0,0 +1,6 @@ + + + pgsql + Based on PostgreSQL frontend/backend protocol + + diff --git a/interface-definitions/include/stunnel/protocol-value-pop3.xml.i b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i new file mode 100644 index 000000000..1c8af53e5 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i @@ -0,0 +1,6 @@ + + + pop3 + Based on RFC 2449 - POP3 Extension Mechanism + + diff --git a/interface-definitions/include/stunnel/protocol-value-proxy.xml.i b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i new file mode 100644 index 000000000..a4c20d1b0 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i @@ -0,0 +1,6 @@ + + + proxy + Passing of the original client IP address with HAProxy PROXY protocol version 1 + + diff --git a/interface-definitions/include/stunnel/protocol-value-smtp.xml.i b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i new file mode 100644 index 000000000..66ca20426 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i @@ -0,0 +1,6 @@ + + + smtp + Based on RFC 2487 - SMTP Service Extension for Secure SMTP over TLS + + diff --git a/interface-definitions/include/stunnel/protocol-value-socks.xml.i b/interface-definitions/include/stunnel/protocol-value-socks.xml.i new file mode 100644 index 000000000..e110be5db --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-socks.xml.i @@ -0,0 +1,6 @@ + + + socks + SOCKS versions 4, 4a, and 5 are supported + + diff --git a/interface-definitions/include/stunnel/psk.xml.i b/interface-definitions/include/stunnel/psk.xml.i new file mode 100644 index 000000000..db11a93d3 --- /dev/null +++ b/interface-definitions/include/stunnel/psk.xml.i @@ -0,0 +1,30 @@ + + + + Pre-shared key name + + + + + ID for authentication + + txt + ID used for authentication + + + + + + pre-shared secret key + + txt + pre-shared secret key are required to be at least 16 bytes long, which implies at least 32 characters for hexadecimal key + + + + + + + + + diff --git a/interface-definitions/include/stunnel/ssl.xml.i b/interface-definitions/include/stunnel/ssl.xml.i new file mode 100644 index 000000000..8aba299e9 --- /dev/null +++ b/interface-definitions/include/stunnel/ssl.xml.i @@ -0,0 +1,11 @@ + + + + SSL Certificate, SSL Key and CA + + + #include + #include + + + -- cgit v1.2.3