[stunnel-users] anyone got a port for android?

Jason stunnel at lakedaemon.net
Fri Aug 5 14:45:55 CEST 2011

On Fri, Aug 05, 2011 at 04:06:10PM +1200, Jason Haar wrote:
> So does anyone know of a working stunnel implementation for Android (or
> even something else that does the same job?)

Android already has a certificate manager that will accept CA's, client
certs and so on.  I would focus on modifying the Java (as much as I hate
to admit it) code as opposed to any Rube Goldberg-esque implementation
with a stunnel daemon.

If you want to see how convoluted it can get, pull the Cyanogenmod
source [1] and grep for openvpn.  I'm currently working on integrating
openconnect [2] into CM, it's a hassle to put it mildly.

However, in both those cases, it's necessary because those daemons are
the only way to interact with tun.ko properly.  In your scenario,
Android and CM already have openssl / x509 support built in.

If you're just interested in doing it for yourself, take a look at
lildebi [3].  It'll create a debian chroot fs on an android phone.  Then you
just apt-get install stunnel and you're off to the races.

If you're looking for a deployable, maintainable solution, pay your
current email client provider to add certificate support.  Or, if imaps
is a possibility in your infrastructure, use k-9 [4].



[2] http://www.infradead.org/openconnect.html
[3] https://guardianproject.info/code/lildebi/
[4] http://code.google.com/p/k9mail/

More information about the stunnel-users mailing list