[SCM] The rsync repository. - branch master updated

Rsync CVS commit messages rsync-cvs at lists.samba.org
Mon Jun 15 16:39:34 UTC 2020 

The branch, master has been updated
       via  00ec415a Tweak the stunnel4 Verify config; tweak the rsync-ssl docs/usage.
       via  ec8035ce A minor NEWS tweak.
      from  775f64f4 Add a warning header to the generated help-*.h files.

https://git.samba.org/?p=rsync.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 00ec415a6965cf36bb05a7efbfdcc693ea2e0195
Author: Wayne Davison <wayne at opencoder.net>
Date:   Mon Jun 15 09:21:28 2020 -0700

    Tweak the stunnel4 Verify config; tweak the rsync-ssl docs/usage.

commit ec8035cef90babb5ef07c0e5303753d7170e2a9f
Author: Wayne Davison <wayne at opencoder.net>
Date:   Mon Jun 15 09:21:26 2020 -0700

    A minor NEWS tweak.

-----------------------------------------------------------------------

Summary of changes:
 NEWS.md        |  4 ++--
 rsync-ssl      | 11 ++++++-----
 rsync-ssl.1.md | 22 +++++++++++++---------
 3 files changed, 21 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/NEWS.md b/NEWS.md
index f2b808de..32163f8a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -173,8 +173,8 @@ Protocol: 31 (unchanged)
    autoconf include-file check.
 
  - Converted the man pages from yodl to markdown. They are now processed via a
-   simple python3 script using the cmarkgfm OR commonmark library.  This should
-   make it easier to package rsync, since yodl has gotten obscure.
+   simple python3 script using the cmarkgfm **or** commonmark library.  This
+   should make it easier to package rsync, since yodl has gotten obscure.
 
  - Improved some configure checks to work better with strict C99 compilers.
 
diff --git a/rsync-ssl b/rsync-ssl
index f48f44f8..4f0e86ba 100755
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -72,21 +72,21 @@ function rsync_ssl_helper {
 	caopt="-verify_return_error -verify 4"
 	# stunnel:
 	cafile=""
-	verify=0
+	verify=""
     elif [[ "$RSYNC_SSL_CA_CERT" == "" ]]; then
 	# RSYNC_SSL_CA_CERT set but empty -do NO verifications:
 	# openssl:
 	caopt="-verify 1"
 	# stunnel:
 	cafile=""
-	verify=0
+	verify="verifyChain = no"
     else
 	# RSYNC_SSL_CA_CERT set - use CA AND verify:
 	# openssl:
 	caopt="-CAfile $RSYNC_SSL_CA_CERT -verify_return_error -verify 4"
 	# stunnel:
 	cafile="CAfile = $RSYNC_SSL_CA_CERT"
-	verify=3
+	verify="verifyChain = yes"
     fi
 
     port="${RSYNC_PORT:-0}"
@@ -118,7 +118,7 @@ debug = crit
 connect = $hostname:$port
 client = yes
 TIMEOUTclose = 0
-verify = $verify
+$verify
 $certopt
 $cafile
 EOF
@@ -146,7 +146,8 @@ function path_search {
 }
 
 if [[ "$#" == 0 ]]; then
-    echo "Usage: rsync-ssl [--type=openssl|stunnel] RSYNC_ARG [...]" 1>&2
+    echo "Usage: rsync-ssl [--type=SSL_TYPE] RSYNC_ARG [...]" 1>&2
+    echo "The SSL_TYPE can be stunnel or openssl"
     exit 1
 fi
 
diff --git a/rsync-ssl.1.md b/rsync-ssl.1.md
index c8def0fa..c16b9657 100644
--- a/rsync-ssl.1.md
+++ b/rsync-ssl.1.md
@@ -5,7 +5,7 @@ rsync-ssl - a helper script for connecting to an ssl rsync daemon
 # SYNOPSIS
 
 ```
-rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS
+rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS
 ```
 
 # DESCRIPTION
@@ -13,26 +13,25 @@ rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS
 The rsync-ssl script helps you to run an rsync copy to/from an rsync daemon
 that requires ssl connections.
 
-If the **first** arg is a `--type=NAME` option, the script will only use that
-particular program to open an ssl connection instead of trying to find an
+# OPTIONS
+
+If the **first** arg is a `--type=SSL_TYPE` option, the script will only use
+that particular program to open an ssl connection instead of trying to find an
 stunnel or openssl executable via a simple heuristic (assuming that the
 `RSYNC_SSL_TYPE` environment variable is not set as well -- see below).  This
-option must be one of `--type=openssl` or `--type=stunnel`.  The equal sign is
+option must specify one of `openssl` or `stunnel`.  The equal sign is
 required for this particular option.
 
 All the other options are passed through to the rsync command, so consult the
 **rsync** manpage for more information on how it works.
 
-Note that the stunnel connection type requires at least version 4 of stunnel,
-which should be the case on modern systems.
-
 # ENVIRONMENT VARIABLES
 
 The ssl helper scripts are affected by the following environment variables:
 
 0.  `RSYNC_SSL_TYPE` Specifies the program type that should be used to open the
-    ssl connection.  It must be one of "openssl" or "stunnel".  The
-    `--type=NAME` option overrides this, if specified.
+    ssl connection.  It must be one of `openssl` or `stunnel`.  The
+    `--type=SSL_TYPE` option overrides this, when specified.
 0.  `RSYNC_SSL_PORT` If specified, the value is the port number that is used as
     the default when the user does not specify a port in their rsync command.
     When not specified, the default port number is 874.  (Note that older rsync
@@ -49,6 +48,11 @@ The ssl helper scripts are affected by the following environment variables:
     connection type is set to openssl.  If unspecified, the $PATH is searched
     for "openssl".
 
+# CAVEATS
+
+Note that using an stunnel connection requires at least version 4 of stunnel,
+which should be the case on modern systems.
+
 # EXAMPLES
 
 >     rsync-ssl -aiv example.com::src/ dest


-- 
The rsync repository.

More information about the rsync-cvs mailing list