Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge commit 'v4.36+xforwarded-for'

  • Loading branch information...
commit 49ba57c6b24cf1d2e4f110ebb5bd792afe47e5ae 2 parents a51c443 + 6ece2bc
Jeremy Hinegardner authored
Showing with 60,714 additions and 0 deletions.
  1. +4 −0 AUTHORS
  2. +5 −0 BUGS
  3. +33 −0 COPYING
  4. +339 −0 COPYRIGHT.GPL
  5. +9 −0 CREDITS
  6. +937 −0 ChangeLog
  7. +40 −0 INSTALL
  8. +45 −0 INSTALL.FIPS
  9. +46 −0 INSTALL.W32
  10. +45 −0 INSTALL.WCE
  11. +39 −0 Makefile.am
  12. +781 −0 Makefile.in
  13. +1 −0  NEWS
  14. +22 −0 PORTS
  15. +30 −0 README
  16. +30 −0 TODO
  17. +956 −0 aclocal.m4
  18. +1,526 −0 auto/config.guess
  19. +1,658 −0 auto/config.sub
  20. +589 −0 auto/depcomp
  21. +519 −0 auto/install-sh
  22. +8,413 −0 auto/ltmain.sh
  23. +367 −0 auto/missing
  24. +111 −0 auto/mkinstalldirs
  25. +14,267 −0 configure
  26. +422 −0 configure.ac
  27. +31 −0 doc/Makefile.am
  28. +484 −0 doc/Makefile.in
  29. +190 −0 doc/en/VNC_StunnelHOWTO.html
  30. +143 −0 doc/pl/faq.stunnel-2.html
  31. +744 −0 doc/pl/tworzenie_certyfikatow.html
  32. +876 −0 doc/stunnel.8
  33. +582 −0 doc/stunnel.fr.8
  34. +671 −0 doc/stunnel.fr.html
  35. +638 −0 doc/stunnel.fr.pod
  36. +990 −0 doc/stunnel.html
  37. +907 −0 doc/stunnel.pl.8
  38. +1,026 −0 doc/stunnel.pl.html
  39. +972 −0 doc/stunnel.pl.pod
  40. +941 −0 doc/stunnel.pod
  41. +7,377 −0 m4/libtool.m4
  42. +368 −0 m4/ltoptions.m4
  43. +123 −0 m4/ltsugar.m4
  44. +23 −0 m4/ltversion.m4
  45. +92 −0 m4/lt~obsolete.m4
  46. +67 −0 src/Makefile.am
  47. +699 −0 src/Makefile.in
  48. +1,258 −0 src/client.c
  49. +435 −0 src/common.h
  50. +630 −0 src/ctx.c
  51. +70 −0 src/env.c
  52. +143 −0 src/evc.mak
  53. +244 −0 src/file.c
  54. +1,048 −0 src/gui.c
  55. +296 −0 src/libwrap.c
  56. +308 −0 src/log.c
  57. +8 −0 src/make.bat
  58. +73 −0 src/makece.bat
  59. +45 −0 src/makew32.bat
  60. +193 −0 src/mingw.mak
  61. +746 −0 src/network.c
  62. +73 −0 src/nogui.c
  63. +2,219 −0 src/options.c
  64. +75 −0 src/os2.mak
  65. +614 −0 src/protocol.c
  66. +491 −0 src/prototypes.h
  67. +221 −0 src/pty.c
  68. +428 −0 src/resolver.c
  69. +17 −0 src/resources.h
  70. +71 −0 src/resources.rc
  71. +288 −0 src/ssl.c
  72. +551 −0 src/sthreads.c
  73. +231 −0 src/str.c
  74. +613 −0 src/stunnel.c
  75. BIN  src/stunnel.exe
  76. BIN  src/stunnel.ico
  77. +76 −0 src/stunnel3.in
  78. +71 −0 src/vc.mak
Sorry, we could not display the entire diff because it was too big.
4 AUTHORS
View
@@ -0,0 +1,4 @@
+stunnel authors
+
+Michal Trojnara <Michal.Trojnara@mirt.net>
+
5 BUGS
View
@@ -0,0 +1,5 @@
+stunnel known bugs
+
+
+- Shared library for transparent proxy does not support IPv6.
+
33 COPYING
View
@@ -0,0 +1,33 @@
+stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
+
+Copyright (C) 1998-2011 Michal Trojnara
+
+This program is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation; either version 2 of the License, or (at your option) any later
+version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+this program; if not, see <http://www.gnu.org/licenses>.
+
+Linking stunnel statically or dynamically with other modules is making
+a combined work based on stunnel. Thus, the terms and conditions of the
+GNU General Public License cover the whole combination.
+
+In addition, as a special exception, the copyright holder of stunnel gives you
+permission to combine stunnel with free software programs or libraries that
+are released under the GNU LGPL and with code included in the standard release
+of OpenSSL under the OpenSSL License (or modified versions of such code, with
+unchanged license). You may copy and distribute such a system following the
+terms of the GNU GPL for stunnel and the licenses of the other code concerned.
+
+Note that people who make modified versions of stunnel are not obligated to
+grant this special exception for their modified versions; it is their choice
+whether to do so. The GNU General Public License gives permission to release
+a modified version without this exception; this exception also makes it
+possible to release a modified version which carries forward this exception.
+
339 COPYRIGHT.GPL
View
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ Appendix: How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
9 CREDITS
View
@@ -0,0 +1,9 @@
+Special thx to:
+
+* Adam Hernik <adas@infocentrum.com>
+* Pawel Krawczyk <kravietz@ceti.com.pl>
+* Brian Hatch <bri@stunnel.org>
+* Dirk O. Siebnich <dok@vossnet.de> for PTY support
+
+and many others...
+
937 ChangeLog
View
@@ -0,0 +1,937 @@
+stunnel change log
+
+
+Version 4.36, 2011.05.03, urgency: LOW:
+* New features
+ - Updated Win32 DLLs for OpenSSL 1.0.0d.
+ - Dynamic memory management for strings manipulation:
+ no more static STRLEN limit, lower stack footprint.
+ - Strict public key comparison added for "verify = 3" certificate
+ checking mode (thx to Philipp Hartwig).
+ - Backlog parameter of listen(2) changed from 5 to SOMAXCONN:
+ improved behavior on heavy load.
+ - Example tools/stunnel.service file added for systemd service manager.
+* Bugfixes
+ - Missing pthread_attr_destroy() added to fix memory leak (thx to
+ Paul Allex and Peter Pentchev).
+ - Fixed the incorrect way of setting FD_CLOEXEC flag.
+ - Fixed --enable-libwrap option of ./configure script.
+ - /opt/local added to OpenSSL search path for MacPorts compatibility.
+ - Workaround implemented for signal handling on MacOS X.
+ - A trivial bug fixed in the stunnel.init script.
+ - Retry implemented on EAI_AGAIN error returned by resolver calls.
+
+Version 4.35, 2011.02.05, urgency: LOW:
+* New features
+ - Updated Win32 DLLs for OpenSSL 1.0.0c.
+ - Transparent source (non-local bind) added for FreeBSD 8.x.
+ - Transparent destination ("transparent = destination") added for Linux.
+* Bugfixes
+ - Fixed reload of FIPS-enabled stunnel.
+ - Compiler options are now auto-detected by ./configure script
+ in order to support obsolete versions of gcc.
+ - Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler.
+ - CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10.
+ Irreparable race condition leaks remain on other Unix platforms.
+ This issue may have security implications on some deployments.
+ - Directory lib64 included in the OpenSSL library search path.
+ - Windows CE compilation fixes (thx to Pierre Delaage).
+ - Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().
+* Domain name changes (courtesy of Bri Hatch)
+ - http://stunnel.mirt.net/ --> http://www.stunnel.org/
+ - ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
+ - stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
+ - stunnel-users@mirt.net --> stunnel-users@stunnel.org
+ - stunnel-announce@mirt.net --> stunnel-announce@stunnel.org
+
+Version 4.34, 2010.09.19, urgency: LOW:
+* New features
+ - Updated Win32 DLLs for OpenSSL 1.0.0a.
+ - Updated Win32 DLLs for zlib 1.2.5.
+ - Updated automake to version 1.11.1
+ - Updated libtool to version 2.2.6b
+ - Added ECC support with a new service-level "curve" option.
+ - DH support is now enabled by default.
+ - Added support for OpenSSL builds with some algorithms disabled.
+ - ./configure modified to support cross-compilation.
+ - Sample stunnel.init updated based on Debian init script.
+* Bugfixes
+ - Implemented fixes in user interface to enter engine PIN.
+ - Fixed a transfer() loop issue on socket errors.
+ - Fixed missing WIN32 taskbar icon while displaying a global option error.
+
+Version 4.33, 2010.04.05, urgency: MEDIUM:
+* New features
+ - Win32 DLLs for OpenSSL 1.0.0.
+ This library requires to c_rehash CApath/CRLpath directories on upgrade.
+ - Win32 DLLs for zlib 1.2.4.
+ - Experimental support for local mode on WIN32 platform.
+ Try "exec = c:\windows\system32\cmd.exe".
+* Bugfixes
+ - Inetd mode fixed.
+
+Version 4.32, 2010.03.24, urgency: MEDIUM:
+* New features
+ - New service-level "libwrap" option for run-time control whether
+ /etc/hosts.allow and /etc/hosts.deny are used for access control.
+ Disabling libwrap significantly increases performance of stunnel.
+ - Win32 DLLs for OpenSSL 0.9.8m.
+* Bugfixes
+ - Fixed a transfer() loop issue with SSLv2 connections.
+ - Fixed a "setsockopt IP_TRANSPARENT" warning with "local" option.
+ - Logging subsystem bugfixes and cleanup.
+ - Installer bugfixes for Vista and later versions of Windows.
+ - FIPS mode can be enabled/disabled at runtime.
+
+Version 4.31, 2010.02.03, urgency: MEDIUM:
+* New features
+ - Log file reopen on USR1 signal was added.
+* Bugfixes
+ - Some regression issues introduced in 4.30 were fixed.
+
+Version 4.30, 2010.01.21, urgency: LOW/EXPERIMENTAL:
+* New features
+ - Graceful configuration reload with HUP signal on Unix
+ and with GUI on Windows.
+
+Version 4.29, 2009.12.02, urgency: MEDIUM:
+* New feature sponsored by Searchtech Limited http://www.astraweb.com/
+ - sessiond, a high performance SSL session cache was built for stunnel.
+ A new service-level "sessiond" option was added. sessiond is
+ available for download on ftp://ftp.stunnel.org/stunnel/sessiond/ .
+ stunnel clusters will be a lot faster, now!
+* Bugfixes
+ - "execargs" defaults to the "exec" parameter (thx to Peter Pentchev).
+ - Compilation fixes added for AIX and old versions of OpenSSL.
+ - Missing "fips" option was added to the manual.
+
+Version 4.28, 2009.11.08, urgency: MEDIUM:
+* New features
+ - Win32 DLLs for OpenSSL 0.9.8l.
+ - Transparent proxy support on Linux kernels >=2.6.28.
+ See the manual for details.
+ - New socket options to control TCP keepalive on Linux:
+ TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
+ - SSL options updated for the recent version of OpenSSL library.
+* Bugfixes
+ - A serious bug in asynchronous shutdown code fixed.
+ - Data alignment updated in libwrap.c.
+ - Polish manual encoding fixed.
+ - Notes on compression implementation in OpenSSL added to the manual.
+
+Version 4.27, 2009.04.16, urgency: MEDIUM:
+* New features
+ - Win32 DLLs for OpenSSL 0.9.8k.
+ - FIPS support was updated for openssl-fips 1.2.
+ - New priority failover strategy for multiple "connect" targets,
+ controlled with "failover=rr" (default) or "failover=prio".
+ - pgsql protocol negotiation by Marko Kreen <markokr@gmail.com>.
+ - Building instructions were updated in INSTALL.W32 file.
+* Bugfixes
+ - Libwrap helper processes fixed to close standard
+ input/output/error file descriptors.
+ - OS2 compilation fixes.
+ - WCE fixes by Pierre Delaage <delaage.pierre@free.fr>.
+
+Version 4.26, 2008.09.20, urgency: MEDIUM:
+* New features
+ - Win32 DLLs for OpenSSL 0.9.8i.
+ - /etc/hosts.allow and /etc/hosts.deny no longer need to be
+ copied to the chrooted directory, as the libwrap processes
+ are no longer chrooted.
+ - A more informative error messages for invalid port number
+ specified in stunnel.conf file.
+ - Support for Microsoft Visual C++ 9.0 Express Edition.
+* Bugfixes
+ - Killing all libwrap processes at stunnel shutdown fixed.
+ - A minor bug in stunnel.init sample SysV startup file fixed.
+
+Version 4.25, 2008.06.01, urgency: MEDIUM:
+* New features
+ - Win32 DLLs for OpenSSL 0.9.8h.
+* Bugfixes
+ - Spawning libwrap processes delayed until privileges are dropped.
+ - Compilation fix for systems without struct msghdr.msg_control.
+
+Version 4.24, 2008.05.19, urgency: HIGH:
+* Bugfixes
+ - OCSP code was fixed to properly reject revocated certificates.
+
+Version 4.23, 2008.05.03, urgency: HIGH:
+* Bugfixes
+ - Local privilege escalation bug on Windows NT based
+ systems fixed. A local user could exploit stunnel
+ running as a service to gain localsystem privileges.
+
+Version 4.22, 2008.03.28, urgency: MEDIUM:
+* New features
+ - Makefile was updated to use standard autoconf variables:
+ sysconfdir, localstatedir and pkglibdir.
+ - A new global option to control logging to syslog:
+ syslog = yes|no
+ Simultaneous logging to a file and the syslog is now possible.
+ - A new service level option to control stack size:
+ stack = <number of bytes>
+* Bugfixes
+ - Restored chroot() to be executed after decoding numerical
+ userid and groupid values in drop_privileges().
+ - A few bugs fixed the in the new libwrap support code.
+ - TLSv1 method used by default in FIPS mode instead of
+ SSLv3 client and SSLv23 server methods.
+ - OpenSSL GPL license exception update based on
+ http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
+
+Version 4.21, 2007.10.27, urgency: LOW/EXPERIMENTAL:
+* New features sponsored by Open-Source Software Institute
+ - Initial FIPS 140-2 support (see INSTALL.FIPS for details).
+ Win32 platform is not currently supported.
+* New features
+ - Experimental fast support for non-MT-safe libwrap is provided
+ with pre-spawned processes.
+ - Stunnel binary moved from /usr/local/sbin to /usr/local/bin
+ in order to meet FHS and LSB requirements.
+ Please delete the /usr/local/sbin/stunnel when upgrading.
+ - Added code to disallow compiling stunnel with pthreads when
+ OpenSSL is compiled without threads support.
+ - Win32 DLLs for OpenSSL 0.9.8g.
+ - Minor manual update.
+ - TODO file updated.
+* Bugfixes
+ - Dynamic locking callbacks added (needed by some engines to work).
+ - AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments.
+ - On some systems libwrap requires yp_get_default_domain from libnsl,
+ additional checking for libnsl was added to the ./configure script.
+ - Sending a list of trusted CAs for the client to choose the right
+ certificate restored.
+ - Some compatibility issues with NTLM authentication fixed.
+ - Taskbar icon (unless there is a config file parsing error) and
+ "Save As" disabled in the service mode for local Win32 security
+ (it's much like Yeti -- some people claim they have seen it).
+
+Version 4.20, 2006.11.30, urgency: MEDIUM:
+* Release notes
+ - The new transfer() function has been well tested.
+ I recommend upgrading any previous version with this one.
+* Bugfixes
+ - Fixed support for encrypted passphases on Unix (broken in 4.19).
+ - Reduced amount of debug logs.
+ - A minor man page update.
+
+Version 4.19, 2006.11.11, urgency: LOW/EXPERIMENTAL:
+* Release notes
+ - There are a lot of new features in this version. I recommend
+ to test it well before upgrading your mission-critical systems.
+* New features
+ - New service-level option to specify OCSP server flag:
+ OCSPflag = <flag>
+ - "protocolCredentials" option changed to "protocolUsername"
+ and "protocolPassword"
+ - NTLM support to be enabled with the new service-level option:
+ protocolAuthentication = NTLM
+ - imap protocol negotiation support added.
+ - Passphrase cache was added so the user does not need to reenter
+ the same passphrase for each defined service any more.
+ - New service-level option to retry connect+exec section:
+ retry = yes|no
+ - Local IP and port is logged for each established connection.
+ - Win32 DLLs for OpenSSL 0.9.8d.
+* Bugfixes
+ - Serious problem with SSL_WANT_* retries fixed.
+ The new code requires extensive testing!
+
+Version 4.18, 2006.09.26, urgency: MEDIUM:
+* Bugfixes
+ - GPF on entering private key pass phrase on Win32 fixed.
+ - Updated OpenSSL Win32 DLLs.
+ - Minor configure script update.
+
+Version 4.17, 2006.09.10, urgency: MEDIUM:
+* New features
+ - Win32 DLLs for OpenSSL 0.9.8c.
+* Bugfixes
+ - Problem with detecting getaddrinfo() in ./configure fixed.
+ - Compilation problem due to misplaced #endif in ssl.c fixed.
+ - Duplicate 220 in smtp_server() function in protocol.c fixed.
+ - Minor os2.mak update.
+ - Minor update of safestring()/safename() macros.
+
+Version 4.16, 2006.08.31, urgency: MEDIUM:
+* New features sponsored by Hewlett-Packard
+ - A new global option to control engine:
+ engineCtrl = <command>[:<parameter>]
+ - A new service-level option to select engine to read private key:
+ engineNum = <engine number>
+ - OCSP support:
+ ocsp = <URL>
+* New features
+ - A new option to select version of SSL protocol:
+ sslVersion = all|SSLv2|SSLv3|TLSv1
+ - Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
+ - OS2 support by Paul Smedley (http://smedley.info)
+* Bugfixes
+ - An ordinary user can install stunnel again.
+ - Compilation problem with --enable-dh fixed.
+ - Some minor compilation warnings fixed.
+ - Service-level CRL cert store implemented.
+ - GPF on protocol negotiations fixed.
+ - Problem detecting addrinfo() on Tru64 fixed.
+ - Default group is now detected by configure script.
+ - Check for maximum number of defined services added.
+ - OpenSSL_add_all_algorithms() added to SSL initialization.
+ - configure script sections reordered to detect pthread library funcions.
+ - RFC 2487 autdoetection improved. High resolution s_poll_wait()
+ not currently supported by UCONTEXT threading.
+ - More precise description of cert directory file names (thx to Muhammad
+ Muquit).
+* Other changes
+ - Maximum number of services increased from 64 to 256 when poll() is used.
+
+Version 4.15, 2006.03.11, urgency: LOW:
+* Release notes
+ - There are a lot of new features in this version. I recommend
+ to test it well before upgrading your mission-critical systems.
+* Bugfixes
+ - Fix for pthreads on Solaris 10.
+ - Attempt to autodetect socklen_t type in configure script.
+ - Default threading model changed to pthread for better portability.
+ - DH parameters are not included in the certificate by default.
+* New features sponsored by Software House http://www.swhouse.com/
+ - Most SSL-related options (including client, cert, key) are now
+ available on service level, so it is possible to have an SSL
+ client and an SSL server in a single stunnel process.
+ - Windows CE (version 3.0 and higher) support.
+* New features
+ - Client mode CONNECT protocol support (RFC 2817 section 5.2).
+ http://www.ietf.org/rfc/rfc2817.txt
+ - Retrying exec+connect services added.
+* File locations are more compliant to Filesystem Hierarchy Standard 2.3
+ - configuration and certificates are in $prefix/etc/stunnel/
+ - binaries are in $prefix/sbin/
+ - default pid file is $prefix/var/run/stunnel.pid
+ - manual is $prefix/man/man8/stunnel.8
+ - other docs are in $prefix/share/doc/stunnel/
+ - libstunnel is in $prefix/lib
+ - chroot directory is setup in $prefix/var/lib/stunnel/
+ this directory is chmoded 1770 and group nogroup
+
+Version 4.14, 2005.11.02, urgency: HIGH:
+* Bugfixes
+ - transfer() fixed to avoid random stalls introduced in version 4.12.
+ - poll() error handing bug fixed.
+ - Checking for dynamic loader libraries added again.
+ - Default pidfile changed from $localstatedir/run/stunnel.pid
+ to $localstatedir/stunnel/stunnel.pid.
+ - Basic SSL library initalization moved to the beginning of execution.
+* Release notes
+ - This is an important bugfix release. Upgrade is recommended.
+
+Version 4.13, 2005.10.21, urgency: MEDIUM:
+* DLLs for OpenSSL 0.9.7i included because protection faults were reported
+ in 0.9.8 and 0.9.8a.
+* New features
+ - Libwrap code is executed as a separate process (no more delays due
+ to a global and potentially long critical section).
+* Bugfixes
+ - Problem with zombies in UCONTEXT threading fixed.
+ - Workaround for non-standard makecontext() uc_stack.ss_sp parameter
+ semantics on SGI IRIX.
+ - Protection fault in signals handling on IRIX fixed.
+ - Problem finding pthread library on AIX fixed.
+ - size_t printf() fixed in stack_info() (the previous fix didn't work).
+ - socklen_t is used instead of int where required.
+
+Version 4.12, 2005.09.29, urgency: MEDIUM:
+* New features
+ - Win32 installer added.
+ - New Win32 commandline options: -start and -stop.
+ - Log level and thread number are reported to syslog.
+ - DLLs for OpenSSL 0.9.8.
+ - stunnel.spec updated by neeo <neeo@irc.pl>.
+* Bugfixes
+ - Use of broken poll() is disabled on Mac OS X.
+ - Yet another transfer() infinite loop condition fixed.
+ - Workaround for a serious M$ bug (KB177346).
+ - IPv6 DLLs allocation problem resulting in GPF on W2K fixed.
+ - zlib added to shared libraries (OpenSSL may need it).
+ - size_t printf() fixed in stack_info().
+* Release notes
+ - This is a bugfix release. Upgrade is recommended.
+
+Version 4.11, 2005.07.09, urgency: MEDIUM:
+* New features
+ - New ./configure option --with-threads to select thread model.
+ - ./configure option --with-tcp-wrappers renamed to --disable-libwrap.
+ I hope the meaning of the option is much more clear, now.
+* Bugfixes
+ - Workaround for non-standard makecontext() uc_stack.ss_sp parameter
+ semantics on Sparc/Solaris 9 and earlier.
+ - scan_waiting_queue() no longer drops contexts.
+ - Inetd mode coredumps with UCONTEXT fixed.
+ - Cleanup context is no longer used.
+ - Releasing memory of the current context is delayed.
+ - Win32 headers reordered for Visual Studio 7.
+ - Some Solaris compilation warnings fixed.
+ - Rejected inetd mode without 'connect' or 'exec'.
+* Release notes
+ - UCONTEXT threading seems stable, now. Upgrade is recommended.
+
+Version 4.10, 2005.04.23, urgency: LOW/EXPERIMENTAL:
+* DLLs for OpenSSL 0.9.7g.
+* Bugfixes
+ - Missing locking on Win32 platform was added (thx to Yi Lin
+ <yi.lin@convergys.com>)
+ - Some problems with closing SSL fixed.
+* New features
+ - New UCONTEXT user-level non-preemptive threads model is used
+ on systems that support SYSV-compatible ucontext.h.
+ - Improved stunnel3 script with getopt-compatible syntax.
+* Release notes
+ - This version should be thoroughly tested before using it in the
+ mission-critical environment.
+
+Version 4.09, 2005.03.26, urgency: MEDIUM:
+* DLLs for OpenSSL 0.9.7f.
+* Bugfixes
+ - Compilation problem with undeclarated socklen_t fixed.
+ - TIMEOUTclose is not used when there is any data in the buffers.
+ - Stunnel no longer relies on close_notify with SSL 2.0 connections,
+ since SSL 2.0 protocol does not have any alerts defined.
+ - Closing SSL socket when there is some data in SSL output buffer
+ is detected and reported as an error.
+ - Install/chmod race condition when installing default certificate fixed.
+ - Stunnel no longer installs signal_handler on ignored signals.
+
+Version 4.08, 2005.02.27, urgency: LOW:
+* New features
+ - New -quiet option was added to install NT service without a message box.
+* Bugfixes
+ - Using $(DESTDIR) in tools/Makefile.am.
+ - Define NI_NUMERICHOST and NI_NUMERICSERV when needed.
+ - Length of configuration file line increased from 256B to 16KB.
+ - Stunnel sends close_notify when a close_notify is received from SSL
+ peer and all remaining data is sent to SSL peer.
+ - Some fixes for bugs detected by the watchdog.
+* Release notes
+ - There were many changes in the transfer() function (the main loop).
+ - This version should be thoroughly tested before using it in the
+ mission-critical environment.
+
+Version 4.07, 2005.01.03, urgency: MEDIUM:
+* Bugfixes
+ - Problem with infinite poll() timeout negative, but not equal to -1 fixed.
+ - Problem with a file descriptor ready to be read just after a non-blocking
+ connect call fixed.
+ - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed.
+ - IP address and TCP port textual representation length (IPLEN) increased
+ to 128 bytes.
+ - OpenSSL engine support is only used if engine.h header file exists.
+ - Broken NT Service mode on Win32 platform fixed.
+ - Support for IPv4-only Win32 machines restored.
+
+Version 4.06, 2004.12.26, urgency: LOW:
+* New feature sponsored by SURFnet http://www.surfnet.nl/
+ - IPv6 support (to be enabled with ./configure --enable-ipv6).
+* New features
+ - poll() support - no more FD_SETSIZE limit!
+ - Multiple connect=host:port options are allowed in a single service
+ section. Remote hosts are connected using round-robin algorithm.
+ This feature is not compatible with delayed resolver.
+ - New 'compression' option to enable compression. To use zlib
+ algorithm you have to enable it when building OpenSSL library.
+ - New 'engine' option to select a hardware engine.
+ - New 'TIMEOUTconnect' option with 10 seconds default added.
+ - stunnel3 perl script to emulate version 3.x command line options.
+ - French manual updated by Bernard Choppy <choppy AT free POINT fr>.
+ - A watchdog to detect transfer() infinite loops added.
+ - Configuration file comment character changed from '#' to ';'.
+ '#' will still be recognized to keep compatibility.
+ - MT-safe getaddrinfo() and getnameinfo() are used where available
+ to get better performance on resolver calls.
+ - Automake upgraded from 1.4-p4 to 1.7.9.
+* Bugfixes
+ - log() changed to s_log() to avoid conflicts on some systems.
+ - Common CRIT_INET critical section introduced instead of separate
+ CRIT_NTOA and CRIT_RESOLVER to avoid potential problems with
+ libwrap (TCP Wrappers) library.
+ - CreateThread() finally replaced with _beginthread() on Win32.
+ - make install creates $(localstatedir)/stunnel.
+ $(localstatedir)/stunnel/dev/zero is also created on Solaris.
+ - Race condition with client session cache fixed.
+ - Other minor bugfixes.
+* Release notes
+ - Win32 port requires Winsock2 to work.
+ Some Win95 systems may need a free update from Microsoft.
+ http://www.microsoft.com/windows95/downloads/
+ - Default is *not* to use IPv6 '::' for accept and '::1' for
+ connect. For example to accept pop3s on IPv6 you could use:
+ 'accept = :::995'. I hope the new syntax is clear enough.
+
+Version 4.05, 2004.02.14, urgency: MEDIUM:
+* New feature sponsored by SURFnet http://www.surfnet.nl/
+ - Support for CIFS aka SMB protocol SSL negotiation.
+* New features
+ - CRL support with new CRLpath and CRLfile global options.
+ - New 'taskbar' option on Win32 (thx to Ken Mattsen
+ <ken.Mattsen@roxio.com>).
+ - New -fd command line parameter to read configuration
+ from a specified file descriptor instead of a file.
+ - accept is reported as error when no '[section]' is
+ defined (in stunnel 4.04 it was silently ignored causing
+ problems for lusers who did not read the fine manual).
+ - Use fcntl() instead of ioctlsocket() to set socket
+ nonblocking where it is supported.
+ - Basic support for hardware engines with OpenSSL >= 0.9.7.
+ - French manual by Bernard Choppy <choppy@imaginet.fr>.
+ - Thread stack size reduced to 64KB for maximum scalability.
+ - Added optional code to debug thread stack usage.
+ - Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
+* Bugfixes
+ - TCP wrappers code moved to CRIT_NTOA critical section
+ since it uses static inet_ntoa() result buffer.
+ - SSL_ERROR_SYSCALL handling problems fixed.
+ - added code to retry nonblocking SSL_shutdown() calls.
+ - Use FD_SETSIZE instead of 16 file descriptors in inetd
+ mode.
+ - fdscanf groks lowercase protocol negotiation commands.
+ - Win32 taskbar GDI objects leak fixed.
+ - Libwrap detection bug in ./configure script fixed.
+ - grp.h header detection fixed for NetBSD and possibly
+ other systems.
+ - Some other minor updates.
+
+Version 4.04, 2003.01.12, urgency: MEDIUM:
+* New feature sponsored by SURFnet http://www.surfnet.nl/
+ - Encrypted private key can be used with Win32 GUI.
+* New features
+ - New 'options' configuration option to setup
+ OpenSSL library hacks with SSL_CTX_set_options().
+ - 'service' option also changes the name for
+ TCP Wrappers access control in inetd mode.
+ - Support for BeOS (thx to Mike I. Kozin <mik@sbor.net>)
+ - SSL is negotiated before connecting remote host
+ or spawning local process whenever possible.
+ - REMOTE_HOST variable is always placed in the
+ enrivonment of a process spawned with 'exec'.
+ - Whole SSL error stack is dumped on errors.
+ - 'make cert' rule is back (was missing since 4.00).
+ - Manual page updated (special thanks to Brian Hatch).
+ - TODO updated.
+* Bugfixes
+ - Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
+ - Unsafe functions are removed from SIGCHLD handler.
+ - Several bugs in auth_user() fixed.
+ - Incorrect port when using 'local' option fixed.
+ - OpenSSL tools '-rand' option is no longer directly
+ used with a device (like '/dev/urandom').
+ Temporary random file is created with 'dd' instead.
+* DLLs for OpenSSL 0.9.7.
+
+Version 4.03, 2002.10.27, urgency: HIGH:
+* NT Service (broken since 4.01) is operational again.
+* Memory leak in FORK environments fixed.
+* sigprocmask() mistake corrected.
+* struct timeval is reinitialized before select().
+* EAGAIN handled in client.c for AIX.
+* Manual page updated.
+
+Version 4.02, 2002.10.21, urgency: HIGH:
+* Serious bug in ECONNRESET handling fixed.
+
+Version 4.01, 2002.10.20, urgency: MEDIUM:
+* New features
+ - OpenVMS support.
+ - Polish manual and some manual updates.
+ - 'service' option added on Win32 platform.
+ - Obsolete FAQ has been removed.
+ - Log file is created with 0640 mode.
+ - exec->connect service sections (need more testing).
+* Bugfixes
+ - EINTR ingored in main select() loop.
+ - Fixed problem with stunnel closing connections on
+ TIMEOUTclose before all the data is sent.
+ - Fixed EWOULDBLOCK on writesocket problem.
+ - Potential DOS in Win32 GUI fixed.
+ - Solaris compilation problem fixed.
+ - Libtool configuration problems fixed.
+ - Signal mask is cleared just before exec in local mode.
+ - Accepting sockets and log file descriptors are no longer
+ leaked to the child processes.
+Special thanks to Steve Grubb for the source code audit.
+
+Version 4.00, 2002.08.30, urgency: LOW:
+* New features sponsored by MAXIMUS http://www.maximus.com/
+ - New user interface (config file).
+ - Single daemon can listen on multiple ports, now.
+ - Native Win32 GUI added.
+ - Native NT/2000/XP service added.
+ - Delayed DNS lookup added.
+* Other new features
+ - All the timeouts are now configurable including
+ TIMEOUTclose that can be set to 0 for MSIE and other
+ buggy clients that do not send close_notify.
+ - Stunnel process can be chrooted in a specified directory.
+ - Numerical values for setuid() and setgid() are allowed, now.
+ - Confusing code for setting certificate defaults introduced in
+ version 3.8p3 was removed to simplify stunnel setup.
+ There are no built-in defaults for CApath and CAfile options.
+ - Private key file for a certificate can be kept in a separate
+ file. Default remains to keep it in the cert file.
+ - Manual page updated.
+ - New FHS-compatible build system based on automake and libtool.
+* Bugfixes
+ - `SSL socket closed on SSL_write' problem fixed.
+ - Problem with localtime() crashing Solaris 8 fixed.
+ - Problem with tcp wrappers library detection fixed.
+ - Cygwin (http://www.cygwin.com/) support added.
+ - __svr4__ macro defined for Sun C/C++ compiler.
+* DLLs for OpenSSL 0.9.6g.
+
+Version 3.22, 2001.12.20, urgency: HIGH:
+* Format string bug fixed in protocol.c
+ smtp, pop3 and nntp in client mode were affected.
+ (stunnel clients could be attacked by malicious servers)
+* Certificate chain can be supplied with -p option or in stunnel.pem.
+* Problem with -r and -l options used together fixed.
+* memmove() instead of memcpy() is used to move data in buffers.
+* More detailed information about negotiated ciphers is printed.
+* New ./configure options: '--enable-no-rsa' and '--enable-dh'.
+
+Version 3.21c, 2001.11.11, urgency: LOW:
+* autoconf scripts upgraded to version 2.52.
+* Problem with pthread_sigmask on Darwin fixed (I hope).
+* Some documentation typos corrected.
+* Attempt to ignore EINTR in transfer().
+* Shared library version reported on startup.
+* DLLs for OpenSSL 0.9.6b.
+
+Version 3.21b, 2001.11.03, urgency: MEDIUM:
+* File descriptor leak on failed connect() fixed.
+
+Version 3.21a, 2001.10.31, urgency: MEDIUM:
+* Small bug in Makefile fixed.
+
+Version 3.21, 2001.10.31, urgency: MEDIUM:
+* Problem with errno and posix threads fixed.
+* It is assumed that system has getopt() if it has getopt.h header file.
+* SSL_CLIENT_DN and SSL_CLIENT_I_DN environment variables set in local mode
+ (-l) process. This feature doesn't work if
+ client mode (-c) or protocol negotiation (-n) is used.
+* Winsock error descriptions hardcoded (English version only).
+* SetConsoleCtrlHandler() used to handle CTRL+C, logoff and shutdown on Win32.
+* Stunnel always requests peer certificate with -v 0.
+* sysconf()/getrlimit() used to calculate number of clients allowed.
+* SSL mode changed for OpenSSL >= 0.9.6.
+* close-on-exec option used to avoid socket inheriting.
+* Buffer size increased from 8KB to 16KB.
+* fdscanf()/fdprintf() changes:
+ - non-blocking socket support,
+ - timeout after 1 minute of inactivity.
+* auth_user() redesigned to force 1 minute timeout.
+* Some source arrangement towards 4.x architecture.
+* No need for 'goto' any more.
+* New Makefile 'test' rule. It performs basic test of
+ standalone/inetd, remote/local and server/client mode.
+* pop3 server mode support added.
+
+Version 3.20, 2001.08.15, urgency: LOW:
+* setsockopt() optlen set according to the optval for Solaris.
+* Minor NetBSD compatibility fixes by Martti Kuparinen.
+* Minor MSVC6 compatibility fixes by Patrick Mayweg.
+* SSL close_notify timeout reduced to 10 seconds of inactivity.
+* Socket close instead of reset on close_notify timeout.
+* Some source arrangement and minor bugfixes.
+
+Version 3.19, 2001.08.10, urgency: MEDIUM:
+* Critical section added around non MT-safe TCP Wrappers code.
+* Problem with 'select: Interrupted system call' error fixed.
+* errno replaced with get_last_socket_error() for Win32.
+* Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
+* Local mode process pid logged.
+* Default FQDN (localhost) removed from stunnel.cnf
+* ./configure changed to recognize POSIX threads library on OSF.
+* New -O option to set socket options.
+
+Version 3.18, 2001.07.31, urgency: MEDIUM:
+* MAX_CLIENTS is calculated based on FD_SETSIZE, now.
+* Problems with closing SSL in transfer() fixed.
+* -I option to bind a static local IP address added.
+* Debug output of info_callback redesigned.
+
+Version 3.17, 2001.07.29, urgency: MEDIUM:
+* Problem with coredump on exit with active threads fixed.
+* Timeout for transfer() function added:
+ - 1 hour if socket is open for read
+ - 1 minute if socket is closed for read
+
+Version 3.16, 2001.07.22, urgency: MEDIUM:
+* Some transfer() bugfixes/improvements.
+* STDIN/STDOUT are no logner assumed to be non-socket decriptors.
+* Problem with --with-tcp-wrappers patch fixed.
+* pop3 and nntp support bug fixed by Martin Germann.
+* -o option to append log messages to a file added.
+* Changed error message for SSL error 0.
+
+Version 3.15, 2001.07.15, urgency: MEDIUM:
+* Serious bug resulting in random transfer() hangs fixed.
+* Separate file descriptors are used for inetd mode.
+* -f (foreground) logs are now stamped with time.
+* New ./configure option: --with-tcp-wrappers by Brian Hatch.
+* pop3 protocol client support (-n pop3) by Martin Germann.
+* nntp protocol client support (-n nntp) by Martin Germann.
+* RFC 2487 (smtp STARTTLS) client mode support.
+* Transparency support for Tru64 added.
+* Some #includes for AIX added.
+
+Version 3.14, 2001.02.21, urgency: LOW:
+* Pidfile creation algorithm has been changed.
+
+Version 3.13, 2001.01.25, urgency: MEDIUM:
+* pthread_sigmask() argument in sthreads.c corrected.
+* OOB data is now handled correctly.
+
+Version 3.12, 2001.01.24, urgency: LOW:
+* Attempted to fix problem with zombies in local mode.
+* Patch for 64-bit machines by Nalin Dahyabhai <nalin@redhat.com> applied.
+* Tiny bugfix for OSF cc by Dobrica Pavlinusic <dpavlin@rot13.org> added.
+* PORTS file updated.
+
+Version 3.11, 2000.12.21, urgency: MEDIUM:
+* New problem with zombies fixed.
+* Attempt to be integer-size independed.
+* SIGHUP handler added.
+
+Version 3.10, 2000.12.19, urgency: MEDIUM:
+* Internal thread synchronization code added.
+* libdl added to stunnel dependencies if it exists.
+* Manpage converted to sdf format.
+* stunnel deletes pid file before attempting to create it.
+* Documentation updates.
+* -D option now takes [facility].level as argument. 0-7 still supported.
+* Problems with occasional zombies in FORK mode fixed.
+* 'stunnel.exe' rule added to Makefile.
+ You can cross-compile stunnel.exe on Unix, now.
+ I'd like to be able to compile OpenSSL this way, too...
+
+Version 3.9, 2000.12.13, urgency: HIGH:
+* Updated temporary key generation:
+ - stunnel is now honoring requested key-lengths correctly,
+ - temporary key is changed every hour.
+* transfer() no longer hangs on some platforms.
+ Special thanks to Peter Wagemans for the patch.
+* Potential security problem with syslog() call fixed.
+
+Version 3.8p4, 2000.06.25 bri@stunnel.org:
+* fixes for Windows platform
+
+Version 3.8p3, 2000.06.24 bri@stunnel.org:
+* Compile time definitions for the following:
+ --with-cert-dir
+ --with-cert-file
+ --with-pem-dir
+ --enable-ssllib-cs
+* use daemon() function instead of daemonize, if available
+* fixed FreeBSD threads checking (patch from robertw@wojo.com)
+* added -S flag, allowing you to choose which default verify
+ sources to use
+* relocated service name output logging until after log_open.
+ (no longer outputs log info to inetd socket, causing bad SSL)
+* -V flag now outputs the default values used by stunnel
+* Removed DH param generation in Makefile.in
+* Moved stunnel.pem to sample.pem to keep people from blindly using it
+* Removed confusing stunnel.pem check from Makefile.
+
+* UPGRADE NOTE: this version seriously changes several previous stunnel
+ default behaviours. There are no longer any default cert file/dirs
+ compilied into stunnel, you must use the --with-cert-dir and
+ --with-cert-file configure arguments to set these manually, if desired.
+ Stunnel does not use the underlying ssl library defaults by default
+ unless configured with --enable-ssllib-cs. Note that these can always
+ be enabled at run time with the -A,-a, and -S flags.
+ Additionally, unless --with-pem-dir is specified at compile time,
+ stunnel will default to looking for stunnel.pem in the current directory.
+
+Version 3.8p2, 2000.06.13 bri@stunnel.org:
+* Fixes for Win32 platform
+* Minor output formatting changes
+* Fixed version number in files
+
+Version 3.8p1, 2000.06.11 bri@stunnel.org:
+* Added rigerous PRNG seeding
+* PID changes (and related security-fix)
+* Man page fixes
+* Client SSL Session-IDs now used
+* -N flag to specify tcpwrapper service name
+
+Version 3.8, 2000.02.24:
+* Checking for threads in c_r library for FreeBSD.
+* Some compatibility fixes for Ultrix.
+* configure.in has been cleaned up.
+ Separate directories for SSL certs and SSL libraries/headers
+ are no longer supported. SSL ports maintainers should create
+ softlinks in the main openssl directory if necessary.
+* Added --with-ssl option to specify SSL directory.
+* Added setgid (-g) option.
+ (Special thanks to Brian Hatch for his feedback and support)
+* Added pty.c based on a Public Domain code by Tatu Ylonen
+* Distribution files are now signed with GnuPG
+
+Version 3.7, 2000.02.10:
+* /usr/pkg added to list of possible SSL directories for pkgsrc installs
+ of OpenSSL under NetBSD.
+* Added the -s option, which setuid()s to the specified user when running
+ in daemon mode. Useful for cyrus imapd.
+ (both based on patch by George Coulouris)
+* PTY code ported to Solaris. The port needs some more testing.
+* Added handler for SIGINT.
+* Added --with-random option to ./configure script.
+* Fixed some problems with autoconfiguration on Solaris and others.
+ It doesn't use config.h any more.
+* /var/run changed to @localstatedir@/stunnel for better portability.
+ The directory is chmoded a=rwx,+t.
+* FAQ has been updated.
+
+3.6 2000.02.03
+* Automatic RFC 2487 detection based on patch by Pascual Perez and Borja Perez.
+* Non-blocking sockets not used by default.
+* DH support is disabled by default.
+* (both can be enabled in ssl.c)
+
+3.5 2000.02.02
+* Support for openssl 0.9.4 added.
+* /usr/ssl added to configure by Christian Zuckschwerdt.
+* Added tunneling for PPP through the addition of PTY handling.
+* Added some documentation.
+
+3.4a 1999.07.13 (bugfix release)
+* Problem with cipher negotiation fixed.
+* setenv changed to putenv.
+
+3.4 1999.07.12
+* Local transparent proxy added with LD_PRELOADed shared library.
+* DH code rewritten.
+* Added -C option to set cipher list.
+* stderr fflushed after fprintf().
+* Minor portability bugfixes.
+* Manual updated (but still not perfect).
+
+3.3 1999.06.18
+* Support for openssl 0.9.3 added.
+* Generic support for protocol negotiation added (protocol.c).
+* SMTP protocol negotiation support for Netscape client added.
+* Transparent proxy mode (currently works on Linux only).
+* SO_REUSEADDR enabled on listening socket in daemon mode.
+* ./configure now accepts --prefix parameter.
+* -Wall is only used with gcc compiler.
+* Makefile.in and configure.in updated.
+* SSL-related functions moved to a separate file.
+* vsprintf changed to vsnprintf in log.c on systems have it.
+* Pidfile in /var/run added for daemon mode.
+* RSAref support fix (not tested).
+* Some compatibility fixes for Solaris and NetBSD added.
+
+3.2 1999.04.28
+* RSAref support (not tested).
+* Added full duplex with non-blocking sockets.
+* RST sent instead of FIN on peer error (on error peer
+ socket is reset - not just closed).
+* RSA temporary key length changed back to 512 bits to fix
+ a problem with Netscape.
+* Added NO_RSA for US citizens having problems with patents.
+
+3.1 1999.04.22
+* Changed -l syntax (first argument specified is now argv[0]).
+* Fixed problem with options passed to locally executed daemon.
+* Fixed problem with ':' passed to libwrap in a service name:
+ - ':' has been changed to '.';
+ - user can specify his own service name as an argument.
+* RSA temporary key length changed from 512 to 1024 bits.
+* Added safecopy to avoid buffer overflows in stunnel.c.
+* Fixed problems with GPF after unsuccessful resolver call
+ and incorrect parameters passed to getopt() in Win32.
+* FAQ updated.
+
+3.0 1999.04.19
+* Some bugfixes.
+* FAQ added.
+
+3.0b7 1999.04.14
+* Win32 native port fixed (looks quite stable).
+* New transfer() function algorithm.
+* New 'make cert' to be compatible with openssl-0.9.2b.
+* Removed support for memory leaks debugging.
+
+3.0b6 1999.04.01
+* Fixed problems with session cache (by Adam).
+* Added client mode session cache.
+* Source structure, autoconf script and Makefile changed.
+* Added -D option to set debug level.
+* Added support for memory leaks debugging
+ (SSL library needs to be compiled with -DMFUNC).
+
+3.0b5 1999.03.25
+* Lots of changes to make threads work.
+* Peer (client and server) authentication works!
+* Added -V option to display version.
+
+3.0b4 1999.03.22
+* Early POSIX threads implementation.
+* Work on porting to native Win32 application started.
+
+3.0b3 1999.03.05
+* Improved behavior on heavy load.
+
+3.0b2 1999.03.04
+* Fixed -v parsing bug.
+
+3.0b1 1999.01.18
+* New user interface.
+* Client mode added.
+* Peer certificate verification added (=strong authentication).
+* Win32 port added.
+* Other minor problems fixed.
+
+2.1 1998.06.01
+* Few bugs fixed.
+
+2.0 1998.05.25
+* Remote mode added!
+* Standalone mode added!
+* tcpd functionality added by libwrap utilization.
+* DH callbacks removed by kravietZ.
+* bind loopback on Intel and other bugs fixed by kravietZ.
+* New manual page by kravietZ & myself.
+
+1.6 1998.02.24
+* Linux bind fix.
+* New TODO ideas!
+
+1.5 1998.02.24
+* make_sockets() implemented with Internet sockets instead
+ of Unix sockets for better compatibility.
+ (i.e. to avoid random data returned by getpeername(2))
+ This feature can be disabled in stunnel.c.
+
+1.4 1998.02.16
+* Ported to HP-UX, Solaris and probably other UNIXes.
+* Autoconfiguration added.
+
+1.3 1998.02.14
+* Man page by Pawel Krawczyk <kravietz@ceti.com.pl> added!
+* Copyrights added.
+* Minor errors corrected.
+
+1.2 1998.02.14
+* Separate certificate for each service added.
+* Connection logging support.
+
+1.1 1998.02.14
+* Callback functions added by Pawel Krawczyk
+* <kravietz@ceti.com.pl>.
+
+1.0 1998.02.11
+* First version with SSL support
+* - special thx to Adam Hernik <adas@infocentrum.com>.
+
+0.1 1998.02.10
+* Testing skeleton.
+
40 INSTALL
View
@@ -0,0 +1,40 @@
+stunnel Unix install notes
+
+
+1. If your machine supports POSIX threads make sure your SSL
+ library is compiled with -DTHREADS.
+
+2. Compile the software:
+
+ ./configure
+ make
+ make install
+
+ (see potential options for 'configure' at the end of this file)
+
+3. Create stunnel configuration file (stunnel.conf).
+
+4. Add stunnel invocation to your system's startup files.
+ For SysV-compatible init you can use stunnel.init script.
+
+ or
+
+ Modify /etc/services and /etc/inetd.conf, restart inetd (inetd mode).
+
+ See the manual for details.
+
+5. There are a variety of compile-time options you may supply when
+ running configure. Most commonly used are:
+
+ --with-ssl=DIR
+ where your SSL libraries and include files are installed
+
+ --with-random=FILE
+ read randomness from FILE for PRNG seeding
+
+ --with-egd-socket=FILE
+ location of Entropy Gathering Daemon socket, if running EGD
+ (for example on a machine that lacks a /dev/urandom device)
+
+ Use `./configure --help' to see all the options.
+
45 INSTALL.FIPS
View
@@ -0,0 +1,45 @@
+stunnel FIPS install notes
+
+
+FIPS support status:
+- Unix platforms are currently supported.
+- Win32 platform is currently unsupported due to some problems with
+ building and linking FIPS-enabled OpenSSL DLLs.
+
+Unix HOWTO:
+FIPS mode is autodetected if possible. You can force it with:
+ ./configure --enable-fips
+or disable with:
+ ./configure --disable-fips
+
+Preliminary WIN32 HOWTO (does NOT work, now):
+- Download and install ActivePerl:
+ http://www.activestate.com/Products/activeperl/
+- Download and install MinGW-5.1.3.exe:
+ http://www.mingw.org/download.shtml#hdr2
+ Also select "g++ compiler" for installation
+- Download and install MSYS-1.0.10.exe:
+ http://www.mingw.org/download.shtml#hdr2
+- Download OpenSSL FIPS:
+ http://www.openssl.org/source/openssl-fips-1.1.2.tar.gz
+- Execute MSYS and unpack OpenSSL:
+ tar -xzf /c/downloads/openssl-fips-1.1.2.tar.gz
+- Build the OpenSSL:
+ cd openssl-fips-1.1.2
+ ./config fips
+ make
+ make install
+ cd /usr/local/ssl/lib
+ ar xv `gcc -print-libgcc-file-name` _chkstk.o _udivdi3.o _umoddi3.o
+ mkdir /c/fipscanister/
+ cp _* fips* /c/fipscanister/
+ exit
+- Download and unpack OpenSSL 0.9.7m:
+ http://www.openssl.org/source/openssl-0.9.7m.tar.gz
+- Download and install Visual C++ 2008 Express Edition:
+ http://www.microsoft.com/express/vc/
+- Execute "Open Visual Studio 2008 Command Prompt" and build OpenSSL:
+ perl Configure VC-WIN32 fips --with-fipslibdir=c:\fipscanister
+ ms\do_ms
+ nmake -f ms\ntdll.mak
+
46 INSTALL.W32
View
@@ -0,0 +1,46 @@
+stunnel Windows install notes
+
+
+Building stunnel from source (optional):
+
+ 1) Install mingw32 cross-compiler o a Unix/Linux machine.
+ In Debian all you need is:
+ apt-get install gcc-mingw32
+ Native compilation on a Windows machine is possible, but not supported.
+
+ 2) Download the recent zlib from http://www.zlib.net/
+ Update the following definitions in win32/Makefile.gcc file:
+ SHARED_MODE=1
+ PREFIX = i586-mingw32msvc-
+ then build zlib with:
+ make -f win32/Makefile.gcc
+ and install it in mingw32 tree:
+ sudo BINARY_PATH=~/ \
+ INCLUDE_PATH=/usr/i586-mingw32msvc/include/ \
+ LIBRARY_PATH=/usr/i586-mingw32msvc/lib/ \
+ make -f win32/Makefile.gcc install
+
+ 3) Download the recent OpenSSL in unpack it to /usr/src/ directory.
+ cd /usr/src && tar zvxf ~/openssl-(version).tar.gz
+
+ 4) Build OpenSSL with cross_mingw32.sh script.
+ ftp://ftp.stunnel.org/stunnel/openssl/cross_mingw32.sh
+
+ 5) Download and unpack stunnel-(version).tar.gz.
+
+ 6) Configure stunnel.
+ cd stunnel-(version) && ./configure --with-ssl=/path/to/openssl-(version)
+
+ 7) Build windows executable.
+ cd src && make stunnel.exe
+
+
+Installing stunnel:
+
+ 1) run installer to install precompiled binaries or copy stunnel.exe and
+ OpenSSL DLLs into a directory
+
+ 2) read the manual (stunnel.html)
+
+ 3) create/edit stunnel.conf configuration file
+
45 INSTALL.WCE
View
@@ -0,0 +1,45 @@
+stunnel Windows CE install notes
+
+
+Two stunnel executables are available for Windows CE platform:
+
+ 1) stunnel.exe - version with interactive GUI
+
+ 2) tstunnel.exe - non-iteractive version for headless devices
+
+
+Building stunnel from source (optional):
+
+ 1) install the following tools:
+ evt2002web_min.exe from http://www.microsoft.com/
+ ActivePerl from http://www.activestate.com/Products/ActivePerl/
+ unzip.exe (file needs to be renamed) from
+ http://www.mirrorservice.org/sites/ftp.info-zip.org/pub/infozip/WIN32/
+
+ 2) download the OpenSSL source files (the whole directory):
+ ftp://ftp.stunnel.org/stunnel/openssl/ce/
+
+ 3) your directory should look like this:
+ build.bat
+ build.pl
+ unzip.exe
+ src\openssl-0.9.8a.zip
+ src\wcecompat-1.2.zip
+
+ 4) type "build" to build OpenSSL
+
+ 5) download and unpack stunnel-(version).tar.gz
+
+ 4) enter "stunnel-(version)\src" subdirectory
+
+ 5) type "makece" to build stunnel
+
+
+Installing stunnel:
+
+ 1) copy OpenSSL DLLs and stunnel.exe or tstunnel.exe into \stunnel directory
+
+ 2) read the manual (stunnel.html)
+
+ 3) create/edit stunnel.conf configuration file
+
39 Makefile.am
View
@@ -0,0 +1,39 @@
+## Process this file with automake to produce Makefile.in
+
+ACLOCAL_AMFLAGS = -I m4
+
+SUBDIRS = src doc tools
+
+LIBTOOL_DEPS = @LIBTOOL_DEPS@
+libtool: $(LIBTOOL_DEPS)
+ $(SHELL) ./config.status libtool
+
+EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS
+
+docdir = $(datadir)/doc/stunnel
+doc_DATA = INSTALL README COPYING AUTHORS ChangeLog \
+ INSTALL.W32 INSTALL.WCE INSTALL.FIPS \
+ BUGS PORTS COPYRIGHT.GPL CREDITS TODO
+
+distcleancheck_listfiles = \
+ find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
+
+distclean-local:
+ rm -rf autom4te.cache
+ rm -f $(distdir)-installer.exe
+
+cert:
+ (cd tools; rm -f stunnel.pem; $(MAKE) stunnel.pem)
+
+dist-hook:
+ makensis -NOCD -DSRCDIR=$(srcdir)/ $(srcdir)/tools/stunnel.nsi
+
+sign: dist
+ cp -f $(distdir).tar.gz ../dist
+ cp -f $(distdir)-installer.exe ../dist
+ gpg --yes --armor --detach-sign --force-v3-sigs \
+ ../dist/$(distdir).tar.gz
+ gpg --yes --armor --detach-sign --force-v3-sigs \
+ ../dist/$(distdir)-installer.exe
+ sha256sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha256
+
781 Makefile.in
View
@@ -0,0 +1,781 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS COPYING \
+ ChangeLog INSTALL NEWS TODO auto/config.guess auto/config.sub \
+ auto/depcomp auto/install-sh auto/ltmain.sh auto/missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(docdir)"
+DATA = $(doc_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d "$(distdir)" \
+ || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr "$(distdir)"; }; }
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFAULT_GROUP = @DEFAULT_GROUP@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBTOOL_DEPS = @LIBTOOL_DEPS@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANDOM_FILE = @RANDOM_FILE@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = $(datadir)/doc/stunnel
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+ssldir = @ssldir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+ACLOCAL_AMFLAGS = -I m4
+SUBDIRS = src doc tools
+EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS
+doc_DATA = INSTALL README COPYING AUTHORS ChangeLog \
+ INSTALL.W32 INSTALL.WCE INSTALL.FIPS \
+ BUGS PORTS COPYRIGHT.GPL CREDITS TODO
+
+distcleancheck_listfiles = \
+ find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
+
+all: all-recursive
+
+.SUFFIXES:
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool config.lt
+install-docDATA: $(doc_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
+ @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
+ done
+
+uninstall-docDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(docdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzma: distdir
+ tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+ $(am__remove_distdir)
+
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lzma*) \
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+ @$(am__cd) '$(distuninstallcheck_dir)' \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(docdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+ distclean-local distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-docDATA
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-docDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am am--refresh check check-am clean clean-generic \
+ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
+ dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-xz \
+ dist-zip distcheck distclean distclean-generic \
+ distclean-libtool distclean-local distclean-tags \
+ distcleancheck distdir distuninstallcheck dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-docDATA install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-recursive uninstall uninstall-am uninstall-docDATA
+
+libtool: $(LIBTOOL_DEPS)
+ $(SHELL) ./config.status libtool
+
+distclean-local:
+ rm -rf autom4te.cache
+ rm -f $(distdir)-installer.exe
+
+cert:
+ (cd tools; rm -f stunnel.pem; $(MAKE) stunnel.pem)
+
+dist-hook:
+ makensis -NOCD -DSRCDIR=$(srcdir)/ $(srcdir)/tools/stunnel.nsi
+
+sign: dist
+ cp -f $(distdir).tar.gz ../dist
+ cp -f $(distdir)-installer.exe ../dist
+ gpg --yes --armor --detach-sign --force-v3-sigs \
+ ../dist/$(distdir).tar.gz
+ gpg --yes --armor --detach-sign --force-v3-sigs \
+ ../dist/$(distdir)-installer.exe
+ sha256sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha256
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
1  NEWS
View
@@ -0,0 +1 @@
+See the ChangeLog file for the latest news.
22 PORTS
View
@@ -0,0 +1,22 @@
+stunnel known port maintainers
+
+
+* AmigaOS
+ - Diego Casorran <dcr8520@amiga.org>
+* Cygwin
+ - Andrew Schulman <andrex@alumni.utexas.net>
+* Debian GNU/Linux
+ - Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com>
+* FreeBSD
+ - Peter Pentchev <roam@FreeBSD.org>
+* NetBSD
+ - Martti Kuparinen <martti.kuparinen@iki.fi>
+* OpenBSD
+ - Jakob Schlyter <jakob@openbsd.org>
+* OpenSolaris
+ - Mark Fenwick <Mark.Fenwick@sun.com>
+* OS/2
+ - Paul Smedley <paul@smedley.info>
+* RedHat Linux
+ - Damien Miller <dmiller@ilogic.com.au>
+
30 README
View
@@ -0,0 +1,30 @@
+stunnel overview
+
+Short description
+
+ The stunnel program is designed to work as an SSL encryption
+ wrapper between remote client and local (inetd-startable) or
+ remote servers. The goal is to facilitate SSL encryption and
+ authentication for non-SSL-aware programs.
+
+ stunnel can be used to add SSL functionality to commonly
+ used inetd daemons like POP-2, POP-3 and IMAP servers
+ without any changes in the programs' code.
+
+Compile instructions
+
+ See INSTALL file.
+
+License
+
+ See COPYING file.
+
+Other files you should read
+
+ Changelog What I did
+ TODO What I'm going to do
+
+Reporting problems and other contacts
+
+ See FAQ file.
+
30 TODO
View
@@ -0,0 +1,30 @@
+stunnel TODO
+
+
+High priority features I'm going to support (sponsorship welcomed)
+* Separate control process running as root user on Unix.
+* Separate GUI process running as current user on Windows.
+* Features depending on replacing MinGW compiler with MSVC:
+ - Support for FIPS mode on Windows.
+ - Support for CryptoAPI certificates and private keys with CAPI engine.
+* Service-level logging configuration (separate verbosity and destination).
+* Support for Server Name Indication SSL extension
+ with SSL_CTX_set_tlsext_servername_callback().
+
+Low priority features I'm going to support (sponsorship welcomed)
+* SOCKS 4 protocol support.
+ http://archive.socks.permeo.com/protocol/socks4.protocol
+* Key renegotiation (re-handshake) for long connections.
+* Logging to NT EventLog on Windows.
+* Log file rotation with with GUI on Windows.
+* Internationalization of logged messages (i18n).
+* Generic scripting engine instead or static protocol.c.
+
+Features I prefer *not* to support (waiting for a wealthy sponsor)
+* Additional certificate checks (including wildcard comparison) based on
+ CN and X509v3 Subject Alternative Name.
+* Protocol support *after* SSL is negotiated:
+ - Support for adding X-Forwarded-For to HTTP request headers.
+ - Support for adding X-Forwarded-For to SMTP email headers.
+* Set processes title that appear on the ps(1) and top(1) commands.
+
956 aclocal.m4
View
@@ -0,0 +1,956 @@
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
+[m4_warning([this file was generated for autoconf 2.67.
+You have another version of autoconf. It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version. Point them to the right macro.
+m4_if([$1], [1.11.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too. Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], UPC, [depcc="$UPC" am_compiler_list=],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ am__universal=false
+ m4_case([$1], [CC],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac],
+ [CXX],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac])
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.