#
# jonama by Gomez Henri <nri@mail.dotcom.fr>
#

What's this ?
_____________

Jonama is a piece of software acting as a relay between a client
over the Net and your internal systems.

It was developped which security in mind :
* Use of SSL protocol to identify remotes and crypt channels.
* Use of Unix mechanisms like chroot and setuid, to minimize rights and actions.



Why ?
_____

I was looking for an SSL relay but each implementation
(sslwrap, stunnel, bjorb) didn't support CA mode and load-balancing.
Since I work on RPM for mod_ssl, I decided to grab parts of
this software to start my very own SSL relay.


Features
________

As of version 1.0, Jonama's feature :

* Stand-alone server (no use of inetd wrapper).

* SSL v2/v3/TLS 1 via SSLeay.

* Multiples services proxying (ie telnet, imap, pop).

* CA mode for reject of clients without valid 
  certificates (SSLeay CA.sh).

* Services could use multiples remotes servers, 
  with automatic backup or load balancing (connection/traffic).

* Free software.



Needed software/hardware
________________________

All you need is Unix Box and free software.

* A free Unix, like Linux or FreeBSD.
* SSL libraries (SSLeay or OpenSSL).


Some Hints
----------

Generate random data

cat /var/log/* | ssleay md5 > /etc/jonama/conf/ssl.crt/.rnd


Create directories

mkdir -p /etc/jonama/conf/ssl.crt/certs
mkdir -p /etc/jonama/conf/ssl.crt/crl
mkdir -p /etc/jonama/conf/ssl.crt/newcerts
mkdir -p /etc/jonama/conf/ssl.crt/newreqs


Create Datas

if [ "1" -o ! -f /etc/jonama/conf/ssl.crt/serial ]; then
	echo "01" > /etc/jonama/conf/ssl.crt/serial
        touch /etc/jonama/conf/ssl.crt/index.txt
fi


