upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-04-29 18:08:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
5477 commits 26 branches 284 tags 45 MiB
Commit graph

37 commits

Author SHA1 Message Date
Franco Fichtner
31f4ce7879 security/stunnel: bump revision 2025-07-21 10:03:57 +02:00
Ad Schellevis
e08583f46b security/stunnel - use configd caching to ease priv separation. 2025-07-20 17:14:15 +02:00
Patrick M. Hausen
6864606351
security/stunnel Add LDAP and NNTP to supported STARTTLS protocols (#4788) 2025-07-03 14:21:44 +02:00
Franco Fichtner
f240ec0fce plugins: run style-model 2025-07-02 10:46:07 +02:00
Monviech
4b4ec29eca
mvc: Replace camelCase API notation with snake_case (#4767) 
* mvc: Replace camelCase API notation with snake_case

* mvc: Replace camelCase API notation with snake_case, fixed some special cases in www/caddy
 2025-06-23 14:45:51 +02:00
Ad Schellevis
a186956c52 security/stunnel - fix regression caused by changed parent save() method (e36123c99f) 2023-12-26 12:38:23 +01:00
Franco Fichtner
57ebc7510f plugins: strip $FreeBSD$ since gone in src.git 2023-09-06 08:28:11 +02:00
Franco Fichtner
13fd1434fc security/stunnel: update model 2023-09-01 08:40:38 +02:00
Franco Fichtner
1a97275116 security/stunnel: revision bump 2023-04-24 07:22:50 +02:00
Ad Schellevis
244833b867 security/stunnel - flush CRL when requested, the code persist the CRL was isolated in 7fec5111bd, the old openssl_crl_* functions where deprecated some time ago. closes https://github.com/opnsense/plugins/issues/3401 2023-04-22 18:26:04 +02:00
Franco Fichtner
f045045354 plugins: annotate support tier levels in plugins 
PR: https://github.com/opnsense/core/issues/5983
 2023-01-18 14:57:32 +01:00
Franco Fichtner
e8ef909a94 security/stunnel: fix missing include 2023-01-11 07:55:00 +01:00
Franco Fichtner
3f94700af5 plugins: logoptions= using wrong syslog.LOG_DAEMON value 2023-01-09 12:27:17 +01:00
Johnny S. Lee
cc42b52878
security/stunnel: Add missing inclusion (#3240) 
PHP Fatal error:  Uncaught Error: Call to undefined function log_msg() in /usr/local/etc/inc/plugins.inc:251
Stack trace:
 0 /usr/local/opnsense/scripts/stunnel/generate_certs.php(89): plugins_configure('crl')
 1 {main}
  thrown in /usr/local/etc/inc/plugins.inc on line 251
 2022-12-30 08:19:31 +01:00
Franco Fichtner
ec1aad4c69 security/stunnel: improve pkg-descr a little 2022-07-07 08:13:38 +02:00
Ad Schellevis
6ee383dffc security/stunnel: remove optional setting chainIntermediateCAs and ship chain by default. ref https://github.com/opnsense/plugins/pull/2854 
While working on the documentation I noticed my previous comment was wrong, which also invalidates the need for an optional setting. When it comes to the "CAfile" setting, the chain shouldn't be provided, for the listener (the server cert) it shouldn't matter at all if you ship the chain since it's not part of the authentication.

This commits simplifies https://github.com/opnsense/plugins/pull/2854 by removing the option. The current documentation online doesn't need any modifications for this.
 2022-07-04 16:54:45 +02:00
Franco Fichtner
06a8d618fb security/stunnel: newline for sanity in previous 2022-07-04 15:02:48 +02:00
Ad Schellevis
d162124a4f Squashed commit of the following: 
commit e873aa41591442e16ec0581fa8b6e8696a1821ff
Author: Ad Schellevis <ad@opnsense.org>
Date:   Mon Jul 4 14:23:32 2022 +0200

    security/stunnel: Add option to chain intermediate CAs (https://github.com/opnsense/plugins/pull/2854), better explain impact and add move to advanced

commit 1e86212ad7
Author: Johnny S. Lee <6614805+johnnyslee@users.noreply.github.com>
Date:   Mon Feb 21 09:52:26 2022 +0800

    security/stunnel: Allow GUI usage of restart action

    For example, we can now select "Restart Stunnel" from
    `Service/ACME-Client/Automations>Run-Command>System-or-Plugin-Command`
    in GUI.

commit 005af925b1
Author: Johnny S. Lee <6614805+johnnyslee@users.noreply.github.com>
Date:   Mon Feb 21 09:45:28 2022 +0800

    security/stunnel: Add option to chain intermediate CAs

    Add an option, defaults disabled, to chain intermediate CAs which is
    required when using ACME cert.
 2022-07-04 14:36:27 +02:00
Franco Fichtner
db3fb848d9 plugins: style sweep 2022-05-11 12:07:59 +02:00
Ad Schellevis
45030fabf4 security/stunnel - with the deprecation of __items on our model fields make sure non of our plugins uses the old magic property. 
Traversing __items is actually the same as usnig iterateItems(), which should be a valid replacement.

ref fc8890851a cc @swhite2
 2022-04-22 19:17:28 +02:00
Franco Fichtner
8c253fee03 security/stunnel: bump version 2022-03-01 10:04:56 +01:00
Johnny S. Lee
510d55c006
security/stunnel: Fix connect format for IPv6 addresses (#2852) 
The current code generates conf line:
```
connect = [::1]:53
```

will end up producing the following:
```
Error resolving "[::1]": Neither nodename nor servname known (EAI_NONAME)
```

stunnel(8) states that an address parameter of an option may be either:
> ...
> A colon-separated pair of IP address (either IPv4, IPv6, or domain name)
  and port number.
> ...

which means there should not be special treatment on IPv6 addresses.
 2022-02-21 08:55:21 +01:00
Ad Schellevis
f557e2b09a XMLRPC / HA-Sync: add services keyword (introduced https://github.com/opnsense/core/issues/4834) in xmlrpc templates for existing plugins. 2021-03-24 16:35:09 +01:00
Franco Fichtner
7845166d0d security/stunnel: new version 2021-03-05 13:52:44 +01:00
Nicola Bonavita
ca30bb9ab6
security/stunnel: Add client mode option to services (#2166) 2021-03-05 11:12:06 +01:00
Franco Fichtner
cdd4d15db7 security: bump revision numbers 2021-02-22 15:14:23 +01:00
fhloston
a56b2acd3e
stunnel: add protocol support to stunnel (#2022) 2020-09-24 17:00:15 +02:00
Ad Schellevis
4716fb18a2 stunnel identd: increase request_queue_size, default 5 is quite low. While here, switch to threading tcp server to better cope with concurrent requests 2020-08-17 13:00:55 +02:00
Ad Schellevis
8d10ac6a0d stunnel: missing copyright section 2020-06-26 14:06:35 +02:00
Ad Schellevis
72980508a7 security/stunnel prepare release version 2020-05-26 21:02:37 +02:00
Ad Schellevis
1f7654103d stunnel: new revision 2020-05-20 06:13:59 +02:00
Ad Schellevis
e845256b1a stunnel: minor bug fixes 
- used wrong pid for ident status
- reload syslog on service start
- missing condition in syslog template (hence the service reload)

for https://github.com/opnsense/plugins/issues/1829
 2020-05-20 06:11:29 +02:00
Ad Schellevis
84585d959b stunnel: minor cleanups and versioning, closes https://github.com/opnsense/plugins/issues/1829 2020-05-20 00:57:15 +02:00
Ad Schellevis
9510a17266 whitespace 2020-05-20 00:34:04 +02:00
Ad Schellevis
3d4416cf26
Stunnel: add identd (#1845) 
stunnel: add identd service and plumbing
 2020-05-22 13:12:28 +02:00
Franco Fichtner
7f90141b60 security/stunnel: style and sync 2020-05-18 16:40:47 +02:00
Ad Schellevis
2a8b0a58ed
stunnel: initial release (#1840) 
* stunnel: boilerplate for https://github.com/opnsense/plugins/issues/1829

* stunnel: work in progress for https://github.com/opnsense/plugins/issues/1829

* stunnel: add service control and acl for https://github.com/opnsense/plugins/issues/1829

* stunnel: add cipher selection for https://github.com/opnsense/plugins/issues/1829

Since stunnel uses different parameter pairs for TLSv1.[1,2] and TLSv1.3, we'll try to sort them out in our config template.
When no TLSv1.3 ciphers are allowed, we should limit the sslVersionMax parameter as well as it seems.

* stunnel: set TLS1.2 as minimum

* stunnel: disable rc conf when no services are active https://github.com/opnsense/plugins/issues/1829

* stunnel: CRL support for https://github.com/opnsense/plugins/issues/1829

* stunnel: simplify cert creation, combine cert+key in one file. for https://github.com/opnsense/plugins/issues/1829

* stunnel: syslog and log viewer for https://github.com/opnsense/plugins/issues/1829

* stunnel: add hasync anchor, for https://github.com/opnsense/plugins/issues/1829
 2020-05-18 15:31:18 +02:00