pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[.joined/pkgsrc/trunk]: .joined/pkgsrc/security/tlswrapper Add tlswrapper, an...
details: https://anonhg.NetBSD.org/.joined/pkgsrc/rev/c1d5807d998f
branches: trunk
changeset: 371099:c1d5807d998f
user: schmonz <schmonz%pkgsrc.org@localhost>
date: Tue Jan 04 21:39:03 2022 +0000
description:
Add tlswrapper, an UCSPI/inetd-style TLS encryption wrapper.
tlswrapper is an TLS encryption wrapper between remote client and local
program prog. Systemd.socket/inetd/tcpserver/... creates the server
connection, tlswrapper encrypts/decrypts data stream and reads/writes
data from/to the program prog as follows:
Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog
By running separate instance of tlswrapper for each TLS connection, a
vulnerability in the code (e.g. bug in the TLS library) can't be used to
compromise the memory of another connection.
To protect against secret-information leaks to the network connection
(such Heartbleed) tlswrapper runs two independent processes for every
TLS connection. One process holds secret-keys and runs secret-keys
operations and second talks to the network. Processes communicate with
each other through UNIX pipes.
diffstat:
security/tlswrapper/DESCR | 16 ++++++++++++++++
security/tlswrapper/Makefile | 36 ++++++++++++++++++++++++++++++++++++
security/tlswrapper/PLIST | 5 +++++
security/tlswrapper/distinfo | 5 +++++
4 files changed, 62 insertions(+), 0 deletions(-)
diffs (78 lines):
diff -r 0b3ea1bf843a -r c1d5807d998f security/tlswrapper/DESCR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/DESCR Tue Jan 04 21:39:03 2022 +0000
@@ -0,0 +1,16 @@
+tlswrapper is an TLS encryption wrapper between remote client and local
+program prog. Systemd.socket/inetd/tcpserver/... creates the server
+connection, tlswrapper encrypts/decrypts data stream and reads/writes
+data from/to the program prog as follows:
+
+Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog
+
+By running separate instance of tlswrapper for each TLS connection, a
+vulnerability in the code (e.g. bug in the TLS library) can't be used to
+compromise the memory of another connection.
+
+To protect against secret-information leaks to the network connection
+(such Heartbleed) tlswrapper runs two independent processes for every
+TLS connection. One process holds secret-keys and runs secret-keys
+operations and second talks to the network. Processes communicate with
+each other through UNIX pipes.
diff -r 0b3ea1bf843a -r c1d5807d998f security/tlswrapper/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/Makefile Tue Jan 04 21:39:03 2022 +0000
@@ -0,0 +1,36 @@
+# $NetBSD: Makefile,v 1.1 2022/01/04 21:39:03 schmonz Exp $
+
+GITHUB_PROJECT= tlswrapper
+GITHUB_TAG= 20220101
+DISTNAME= ${GITHUB_PROJECT}
+PKGNAME= ${GITHUB_PROJECT}-${GITHUB_TAG}
+CATEGORIES= security net
+MASTER_SITES= ${MASTER_SITE_GITHUB:=janmojzis/}
+
+MAINTAINER= schmonz%NetBSD.org@localhost
+HOMEPAGE= https://github.com/janmojzis/tlswrapper/
+COMMENT= UCSPI/inetd-style TLS encryption wrapper
+#LICENSE= # TODO: (see mk/license.mk)
+
+TEST_TARGET= test
+
+BUILD_DEFS+= VARBASE TLSWRAPPER_CHROOT
+OWN_DIRS+= ${TLSWRAPPER_CHROOT}
+MAKE_ENV+= EMPTYDIR=${TLSWRAPPER_CHROOT:Q}
+
+INSTALLATION_DIRS= bin man/man1
+
+post-extract:
+ ${RM} -f ${WRKSRC}/bearssl.sh
+
+do-install:
+ cd ${WRKSRC}; \
+ for i in tlswrapper tlswrapper-tcp; do \
+ ${INSTALL_PROGRAM} $${i} \
+ ${DESTDIR}${PREFIX}/bin; \
+ ${INSTALL_MAN} man/$${i}.1 \
+ ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \
+ done
+
+.include "../../security/bearssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r 0b3ea1bf843a -r c1d5807d998f security/tlswrapper/PLIST
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/PLIST Tue Jan 04 21:39:03 2022 +0000
@@ -0,0 +1,5 @@
+@comment $NetBSD: PLIST,v 1.1 2022/01/04 21:39:03 schmonz Exp $
+bin/tlswrapper
+bin/tlswrapper-tcp
+man/man1/tlswrapper-tcp.1
+man/man1/tlswrapper.1
diff -r 0b3ea1bf843a -r c1d5807d998f security/tlswrapper/distinfo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/distinfo Tue Jan 04 21:39:03 2022 +0000
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2022/01/04 21:39:03 schmonz Exp $
+
+BLAKE2s (tlswrapper-20220101.tar.gz) = aad0a74ffe7a494e037a7bce1f28ff643e545f9bd456d5298dbdd2c1dc41c83d
+SHA512 (tlswrapper-20220101.tar.gz) = df1c3505cb44468099c2ce439c1d75731a24722474e55fe7868f52d91d414adfa4fc3575826ac9a7c6fb6491752622985d87d691d44e847c8897148350b1acce
+Size (tlswrapper-20220101.tar.gz) = 239414 bytes
Home |
Main Index |
Thread Index |
Old Index