# hooks addon for stunnel4
# need stunnel4 package

if [ ! $TCOS_ENABLE_SSL ]; then
  _verbose "(10ssl_tunnel) TCOS_ENABLE_SSL disabled"
else
 stat_before

   [ -x /usr/bin/stunnel4 ]  && cpifexists /usr/bin/stunnel4   /usr/bin/
   [ -x /usr/sbin/stunnel4 ]  && cpifexists /usr/sbin/stunnel4   /usr/bin/
   [ -x /usr/bin/openssl ]  && cpifexists /usr/bin/openssl   /usr/bin/

   mkdir -p $DESTDIR/etc/stunnel
   mkdir -p $DESTDIR/usr/lib/ssl
   cpifexists /usr/lib/ssl/openssl.cnf /usr/lib/ssl
   #cpifexists /usr/lib/libcrypto.so.0.9.8 /usr/lib/
   #cpifexists /usr/lib/libssl.so.0.9.8 /usr/lib/

   [ -e ${DESTDIR}/usr/lib/i686/cmov/libcrypto.so.0.9.8 ] && mv -f ${DESTDIR}/usr/lib/i686/cmov/libcrypto.so.0.9.8 ${DESTDIR}/usr/lib/libcrypto.so.0.9.8 2>/dev/null
   [ -e ${DESTDIR}/usr/lib/i686/cmov/libssl.so.0.9.8 ] && mv -f ${DESTDIR}/usr/lib/i686/cmov/libssl.so.0.9.8 ${DESTDIR}/usr/lib/libssl.so.0.9.8 2>/dev/null

cat << EOF > ${DESTDIR}/etc/stunnel/stunnel.conf
cert = /etc/stunnel/tcos.pem
sslVersion=all
foreground=yes
syslog=no
session=1
delay=no
chroot=/var/lib/stunnel4/
setuid=root
setgid=root
pid=/stunnel4.pid
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
;socket=a:SO_REUSEADDR=0
;compression=rle
;debug=7
output=/var/log/stunnel.log
pty=no
;transparent=yes
;verify=1

[tcosxmlrpc]
accept=8999
connect=8998
TIMEOUTclose=0
TIMEOUTconnect=2
TIMEOUTidle=2
EOF

   #if [ -e /etc/tcos/ssl/tcos-custom.pem ]; then
   #  cp /etc/tcos/ssl/tcos-custom.pem  ${DESTDIR}/etc/stunnel/tcos.pem
   #else
   #  cp /etc/tcos/ssl/tcos.pem         ${DESTDIR}/etc/stunnel/tcos.pem
   #fi
   #chmod 600 $DESTDIR/etc/stunnel/tcos.pem
   mkdir -p $DESTDIR/var/lib/stunnel4/


   cat << EOF > ${DESTDIR}/scripts/tcos-bottom/60stunnel
#!/bin/sh
#

# new header not using prereqs
if [ "\$1" = "prereqs" ]; then
  echo ""
  exit 0
fi


quiet=n

. /scripts/functions
. /conf/tcos.conf
. /conf/tcos-run-functions

nosslxmlrpc=\$(read_cmdline_var "nosslxmlrpc" "0") 
if [ "\${nosslxmlrpc}" = "1" ]; then 
  _log "SSL XMLRPC disabled from cmdline" 
  exit 0 
fi

  [ -e /etc/stunnel/tcos.pem ] && rm -f /etc/stunnel/tcos.pem 2>/dev/null
  openssl req -new -x509 -nodes -days 365 -out /etc/stunnel/tcos.pem -keyout /etc/stunnel/tcos.pem -subj "/C=/ST=/L=/CN=localhost/emailAddress=root@localhost" 2>/dev/null
  dd if=/dev/urandom of=/tmp/temp_file_ssl count=2 2>/dev/null
  openssl dhparam -rand /tmp/temp_file_ssl 256 >> /etc/stunnel/tcos.pem 2>/dev/null
  chmod 600 /etc/stunnel/tcos.pem 2>/dev/null
  rm -f /tmp/temp_file_ssl 2>/dev/null

  stunnel4 >/dev/null 2>&1 &
exit 0

EOF

   chmod +x  ${DESTDIR}/scripts/tcos-bottom/60stunnel

 stat_after "SSL secure XMLRPC connection"

fi # end of TCOS_ENABLE_SSL