
With the following /etc/init.d/stunnel script, you can easily define
some tunnels to be automatically opened on boot-up, using an
/etc/stunnel.conf like this:

# stunnel configuration file
# by Steve Haslam

# Level of verification to use [-v]
VERIFY 1

# Certificate for server mode [-p]
SERVERCERT /etc/ssl/certs/stunnel.pem

# Trusted certs directory for VERIFY 3 [-a]
#TRUSTEDCERTS /etc/ssl/certs

# Tunnel definitions (daemon mode)
TUNNEL imaps /usr/sbin/imapd -- imapd
TUNNEL pop3s /usr/sbin/ipop3d -- ipop3d

and here is the init script:

#!/bin/sh
#
# /etc/init.d/stunnel - start/stop SSL tunnels
#
# Steve Haslam 20oct99

# Make all errors fatal unless checked for
set -e

STUNNEL=/usr/sbin/stunnel

test -x $STUNNEL || exit 0

STUNNELCONF=/etc/stunnel.conf

cfgval() {
  grep "^$1" $STUNNELCONF | awk '{print $2}'
}

opts=''
verify=`cfgval VERIFY`
servercert=`cfgval SERVERCERT`
trustedcerts=`cfgval TRUSTEDCERTS`
[ -n "$verify" ] && opts="$opts -v $verify"
[ -n "$servercert" ] && opts="$opts -p $servercert"
[ -n "$trustedcerts" ] && opts="$opts -a $trustedcerts"

case $1 in
 start)
  # start stuff
  echo "Opening SSL tunnels:\c"
  grep '^TUNNEL' $STUNNELCONF | while read kw serv prog; do
    echo " $serv\c"
    $STUNNEL $opts -d $serv -l $prog
  done
  echo "."
  ;;
 stop)
  # stop stuff
  echo "Closing SSL tunnels:\c"
  grep '^TUNNEL' $STUNNELCONF | while read kw serv exe sep prog args; do
    echo " $serv\c"
    pidfile="/var/run/stunnel.$prog.pid"
    if [ -f $pidfile ]; then
      pid=`cat $pidfile`
      kill $pid
    else
      echo " (not running)\c"
    fi
  done
  echo "."
  ;;
 restart|force-reload)
  $0 stop
  $0 start
  ;;
 *)
  echo "Syntax: $0 start|stop|restart|force-reload" >&2
  exit 1
esac

-- 
Steve Haslam, Production Engineer, Excite UK     steve.haslam@excitehome.net
                               i sit and stare at the gun pointed at my head
                                       and think about all the possibilities

