From c60ecbe2ffc425e22c635c3d6b15189f06ab4685 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 4 Feb 2016 18:50:14 +0100
Subject: Default to stunnel4 with checkHost - this will break unless one runs
 stretch or newer

---
 bin/ftpsync          |  2 +-
 bin/rsync-ssl-tunnel | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

(limited to 'bin')

diff --git a/bin/ftpsync b/bin/ftpsync
index c96f8f5..2242cfe 100755
--- a/bin/ftpsync
+++ b/bin/ftpsync
@@ -487,7 +487,7 @@ done
 RSYNC_SSL=${RSYNC_SSL:-"false"}
 RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-"1873"}
 RSYNC_SSL_CAPATH=${RSYNC_SSL_CAPATH:-"/etc/ssl/certs"}
-RSYNC_SSL_METHOD=${RSYNC_SSL_METHOD:-"socat"}
+RSYNC_SSL_METHOD=${RSYNC_SSL_METHOD:-"stunnel4"}
 
 if [[ true != ${RSYNC_SSL} ]]; then
   RSYNC_SSL_OPTIONS=""
diff --git a/bin/rsync-ssl-tunnel b/bin/rsync-ssl-tunnel
index 82fb9eb..d0daaf7 100755
--- a/bin/rsync-ssl-tunnel
+++ b/bin/rsync-ssl-tunnel
@@ -39,13 +39,16 @@ fi
 RSYNC_HOST="$1"; shift
 RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-"1873"}
 RSYNC_SSL_CAPATH=${RSYNC_SSL_CAPATH:-"/etc/ssl/certs"}
-RSYNC_SSL_METHOD=${RSYNC_SSL_METHOD:-"socat"}
+RSYNC_SSL_METHOD=${RSYNC_SSL_METHOD:-"stunnel4"}
 
 method_stunnel() {
+  skip_host_check="$1"; shift
+
   tmp="`tempfile`"
   trap "rm -f '$tmp'" EXIT
 
-  cat << EOF > "$tmp"
+  (
+    cat << EOF
 # This file has been automatically created by ftpsync for syncing
 # from ${RSYNC_HOST}.
 #
@@ -62,6 +65,10 @@ output = /dev/stderr
 
 connect = ${RSYNC_HOST}:${RSYNC_SSL_PORT}
 EOF
+    if ! [ "$skip_host_check" = 1 ]; then
+      echo "checkHost = ${RSYNC_HOST}"
+    fi
+  ) > "$tmp"
 
   exec stunnel4 "$tmp"
   echo >&2 "Failed to exec stunnel4"
@@ -76,7 +83,10 @@ method_socat() {
 
 case ${RSYNC_SSL_METHOD:-} in
   stunnel4)
-    method_stunnel
+    method_stunnel 0
+    ;;
+  stunnel4-old)
+    method_stunnel 1
     ;;
   socat)
     method_socat
-- 
cgit v1.2.3