502b3013f1
* New features:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH
parameters are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete
export ciphers).
- refresh stunnel-listenqueue-option.patch
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=49
50 lines
1.6 KiB
Diff
50 lines
1.6 KiB
Diff
--- src/options.c
|
|
+++ src/options.c
|
|
@@ -1484,6 +1484,25 @@
|
|
break;
|
|
}
|
|
|
|
+ /* listenqueue */
|
|
+ switch(cmd) {
|
|
+ case CMD_INIT:
|
|
+ section->listenqueue=SOMAXCONN;
|
|
+ break;
|
|
+ case CMD_EXEC:
|
|
+ if(strcasecmp(opt, "listenqueue"))
|
|
+ break;
|
|
+ section->listenqueue=atoi(arg);
|
|
+ return (section->listenqueue?NULL:"Bad verify level");
|
|
+ case CMD_DEFAULT:
|
|
+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
|
|
+ break;
|
|
+ case CMD_HELP:
|
|
+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending onnections may grow to (max SOMAXCONN)", "listenqueue");
|
|
+ break;
|
|
+ }
|
|
+
|
|
+
|
|
if(cmd==CMD_EXEC)
|
|
return option_not_found;
|
|
return NULL; /* OK */
|
|
--- src/prototypes.h
|
|
+++ src/prototypes.h
|
|
@@ -165,6 +165,7 @@
|
|
int timeout_close; /* maximum close_notify time */
|
|
int timeout_connect; /* maximum connect() time */
|
|
int timeout_idle; /* maximum idle connection time */
|
|
+ int listenqueue; /* Listen backlog */
|
|
enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
|
|
|
|
/* service-specific data for protocol.c */
|
|
--- src/stunnel.c
|
|
+++ src/stunnel.c
|
|
@@ -248,7 +248,7 @@
|
|
}
|
|
s_log(LOG_DEBUG, "Service %s bound to %s",
|
|
opt->servname, local_address);
|
|
- if(listen(opt->fd, SOMAXCONN)) {
|
|
+ if(listen(opt->fd, opt->listenqueue)) {
|
|
sockerror("listen");
|
|
closesocket(opt->fd);
|
|
return 1;
|