|
Stunnel FAQ: Compiling/Installing
Chapter Contents:
This section gives you basic information on how to
install the Stunnel software.
To use the pre-compiled Windows binaries do the following:
- Download
stunnel.exe
distribution sites.
- Download the
libssl32.dll and
libeay32.dll from the
distribution sites, found in the Win32 directory.
Copy them into the
\windows\system directory.
Note: these files contain the crypto libraries used
by stunnel. They are from a default compliation of
OpenSSL, but may contain algorithms that are patented
in your country.
Either compile OpenSSL yourself manually, or
check with your lawyers to see if you can use these
precompiled versions. They'll be happy to bill you for their
time.
- Download the
stunnel.pem from the Win32
directory.
- Skip to the running Stunnel section.
These instructions are also contained in the
INSTALL.W32 file.
First you must already have either OpenSSL or SSLeay compiled
for your system. Stunnel itself does not have any cryptographic
algorithms in it, instead it links against the functions
contained in one of the two above packages.
Since RSA is no longer patented,
under no circumstances should you even consider
compiling Stunnel or your SSL library with RSAref.
It's no longer needed, and RSAref has not been
supported by RSA in years.
- FreeBSD:
If you are on FreeBSD, then you may already have the sources
to OpenSSL and stunnel on your system. Simply do the following:
machine# cd /usr/ports/security/stunnel
machine# make install
It will compile and install both OpenSSL and stunnel for you.
If you don't have the necessary source files in your system, those
are automatically fetched for you. Easy and convenient :-)
- Unix in general:
To install stunnel from the sources, download the tar
files and place them in a temporary directory. Read the
INSTALL file. Then do the following:
machine# gzip -dc stunnel-VERSION.tar.gz | tar -xvf -
machine# cd stunnel-VERSION
machine# ./configure
machine# make
machine# make install
Assuming all went well you should now have stunnel installed in
/usr/local
- Windows:
Stunnel is known to compile with the mingw
compiler
and the Visual C++ compiler. It is best if you compile stunnel
with the
same compiler you used for compiling OpenSSL or SSLeay.
You must uncompress and unpack the stunnel-VERSION.tar.gz
file onto your hard drive. Various zip/unzip programs can handle
that format. (Suggestions to the Webmaster
are welcome.)
A Makefile.W32 is provided on the distribution sites
for compiling stunnel on the Windows platform. You do not need
to run the configure steps above.
The purpose of the configure script
is to determine a few compile-time options specific to
your computer and environment.
Aside from the standard GNU configure
options, there are a few stunnel-specific flags you
can give:
--with-ssl=DIR
- DIR is the name of the directory in which
your OpenSSL/SSLeay libraries and certs directory
is. If you've installed your SSL library in a
non-standard location specify it here.
- --with-pem-dir=DIR
- Where to find the stunnel.pem file.
- --with-cert-dir=DIR
- Default directory to look for certificate hashes.
- --with-cert-file=FILE
- File containing concatenated trusted certificates.
--with-random=FILE
- FILE is the name of a file (socket, etc)
which can provide random numbers for stunnel.
Defaults to /dev/urandom which is
the standard location on most Linux and *BSD
systems.
- --with-egd-socket=FILE
- The pathname to your EGD (Entropy Gathering Daemon)
or PRNGD (Pseudo Random Number Generating Daemon)
socket, used when you don't have suitable
random data in /dev/urandom, etc. See the
man page.
- --with-tcp-wrappers
- Include TCP wrapper (libwrap) support (default).
- --without-tcp-wrappers
- Don't include TCP wrapper (libwrap) support.
- --enable-ssllib-cs
- Use the OpenSSL library certificate verification
sources in addition to those specified with
-A and -a arguments.
|
