From 5e9d40f355463299b83bf4046e06ccf768dc4da6 Mon Sep 17 00:00:00 2001 From: newTomas Date: Wed, 7 Jan 2026 21:17:20 +0700 Subject: [PATCH 1/7] [stunnel] feat - Add all missing protocols --- .../opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml index 0b851ec5d0..ebcd1733c2 100644 --- a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml +++ b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml @@ -47,11 +47,18 @@ + CIFS + CAPWIN + CAPWINCTRL + CONNECT IMAP LDAP NNTP + PGSQL POP3 + PROXY SMTP + SOCKS N From 66fe71a1317cc40e3a90f3d6285008a7d611297d Mon Sep 17 00:00:00 2001 From: newTomas Date: Wed, 7 Jan 2026 21:17:42 +0700 Subject: [PATCH 2/7] [stunnel] feat - Add OCSP AIA toggle --- .../mvc/app/controllers/OPNsense/Stunnel/forms/general.xml | 7 +++++++ .../opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml | 4 ++++ .../service/templates/OPNsense/Stunnel/stunnel.conf | 6 +++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml index 958e5a830a..dfc2637f82 100644 --- a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml +++ b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml @@ -18,4 +18,11 @@ firewall (allowed by default). + + stunnel.general.enable_oscp + + checkbox + Enable OCSP certificate verification via AIA extension. Disable if OCSP server is unreachable. + + diff --git a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml index ebcd1733c2..17cdbcb821 100644 --- a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml +++ b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml @@ -18,6 +18,10 @@ 0 Y + + 1 + Y + diff --git a/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf b/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf index 0d6590d383..f1c8a6501a 100644 --- a/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf +++ b/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf @@ -6,7 +6,11 @@ chroot = /var/run/stunnel pid = {% if helpers.empty('OPNsense.Stunnel.general.chroot') %}/var/run/stunnel{% endif %}/stunnel.pid debug = info logId = unique - +{% if helpers.exists('OPNsense.Stunnel.general.enable_oscp') and OPNsense.Stunnel.general.enable_oscp == '0' %} +OCSPaia = no +{% else %} +OCSPaia = yes +{% endif %} {% if helpers.exists('OPNsense.Stunnel.services.service') %} {% for service in helpers.toList('OPNsense.Stunnel.services.service') %} From 68d51b26a609359a6c87aa82b3f5e7d96ab67709 Mon Sep 17 00:00:00 2001 From: newTomas Date: Wed, 7 Jan 2026 21:19:20 +0700 Subject: [PATCH 3/7] [stunnel] fix - Removed identd_stunnel service status detection (breaks stunnel status detection) --- .../src/opnsense/service/conf/actions.d/actions_stunnel.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf b/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf index 142f0d18a7..fa18547e6d 100644 --- a/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf +++ b/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf @@ -36,7 +36,7 @@ message:stunnel service restart description:Restart Stunnel [status] -command:/usr/local/etc/rc.d/stunnel status; /usr/local/etc/rc.d/identd_stunnel onestatus; exit 0 +command:/usr/local/etc/rc.d/stunnel status; exit 0 parameters: type:script_output message:stunnel status From 5fbd605502d14a5971ba03939219649e0d20c995 Mon Sep 17 00:00:00 2001 From: Vlad Date: Thu, 8 Jan 2026 10:30:28 +0700 Subject: [PATCH 4/7] [stunnel] refactor - Replaced helpers.exists and == '0' with helpers.empty Co-authored-by: Ad Schellevis --- .../opnsense/service/templates/OPNsense/Stunnel/stunnel.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf b/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf index f1c8a6501a..5c1ace1704 100644 --- a/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf +++ b/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf @@ -6,7 +6,7 @@ chroot = /var/run/stunnel pid = {% if helpers.empty('OPNsense.Stunnel.general.chroot') %}/var/run/stunnel{% endif %}/stunnel.pid debug = info logId = unique -{% if helpers.exists('OPNsense.Stunnel.general.enable_oscp') and OPNsense.Stunnel.general.enable_oscp == '0' %} +{% if helpers.empty('OPNsense.Stunnel.general.enable_oscp') %} OCSPaia = no {% else %} OCSPaia = yes From 42422d5bc27474e978946635f2a2fe31444fb98c Mon Sep 17 00:00:00 2001 From: Vlad Date: Fri, 9 Jan 2026 10:14:18 +0700 Subject: [PATCH 5/7] [stunnel] fix - enable_oscp default 0 now --- .../src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml index 17cdbcb821..a4abce6290 100644 --- a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml +++ b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml @@ -1,6 +1,6 @@ //OPNsense/Stunnel - 1.0.4 + 1.0.5 Stunnel TLS encryption proxy @@ -19,7 +19,7 @@ Y - 1 + 0 Y From 46a52cfb939a1316672a996537a05b1897baa60b Mon Sep 17 00:00:00 2001 From: Vlad Date: Fri, 9 Jan 2026 10:48:10 +0700 Subject: [PATCH 6/7] [stunnel] feat - Changed the text in the help for the OCSPaia settings --- .../mvc/app/controllers/OPNsense/Stunnel/forms/general.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml index dfc2637f82..334a57ca09 100644 --- a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml +++ b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml @@ -22,7 +22,7 @@ stunnel.general.enable_oscp checkbox - Enable OCSP certificate verification via AIA extension. Disable if OCSP server is unreachable. + Validate peer certificates using OCSP responders from their AIA extension. Enable if you need strict certificate revocation checking. From 86cf3b35a097693dbc05e503151207d9fe4e54c9 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 9 Jan 2026 10:41:09 +0100 Subject: [PATCH 7/7] Update security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml --- .../mvc/app/controllers/OPNsense/Stunnel/forms/general.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml index 334a57ca09..703c34372f 100644 --- a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml +++ b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml @@ -22,7 +22,6 @@ stunnel.general.enable_oscp checkbox - Validate peer certificates using OCSP responders from their AIA extension. Enable if you need strict certificate revocation checking. - + Validate peer certificates using OCSP responders from their AIA extension. Enable if you need strict certificate revocation checking.