script for stunnel

scripts/start_stunnel.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# This script creates a stunnel certificate for https
+# and starts a tunnel from :80 to :443. It's meant as en example so
+# use it with care.
+#
+# An example for the openssl config file can be found in
+# conf-examples/openssl.cnf .
+#
+
+set -eu
+
+test $# -ne 2 && echo "Usage: $(basename $0) OPENSSL_CONF_FILE CERT_FILE" && exit 1
+
+TMP_FILE=/tmp/cryptobox-cert.tmp
+## vcert values are in openssl.conf
+#OPENSSL_CONF_FILE="../conf-examples/openssl.cnf"
+OPENSSL_CONF_FILE="$1"
+## filename for the created cert
+#CERTFILE="cryptobox.cert"
+CERTFILE="$2"
+## source & destination ports
+SRC_PORT="8080"
+DST_PORT="443"
+
+
+[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
+# this command creates the certificate
+# the "\n" are required, because the certbuilding asks for 5 returns
+echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
+chmod 600 "$CERTFILE"
+
+# next step needs a lot of randomdata
+dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
+openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
+rm "$TMP_FILE"
+
+## print out cert values
+#openssl x509 -subject -dates -fingerprint -in stunnel.pem
+
+stunnel -p ${CERTFILE} -r localhost:${SRC_PORT} -d ${DST_PORT}