stunnel: Add info how to run echo-client over encrypted link

It is possible to use existing echo-client.c app in Linux and
pipe the network traffic inside a SSL tunnel. This requires that
the Zephyr echo-server sample has TLS support enabled.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>

README

@@ -64,3 +64,45 @@ output.
 
 Be sure to use Python 3, as it requires a function from the socket module
 that's only available in this version (wrapper around if_nametoindex(3)).
+
+
+Using encrypted SSL link with echo-* programs
+=============================================
+
+Install stunnel
+
+Fedora:
+# dnf install stunnel
+
+Ubuntu:
+# apt-get install stunnel4 -y
+
+Finally run the stunnel script in Linux
+$ ./stunnel.sh
+
+And connect echo-client to this SSL tunnel (note that the IP address
+is the address of Linux host where the tunnel end point is located).
+
+# ./echo-client 2001:db8::2 -t
+
+If you want to re-create the certificates in echo-server in Zephyr samples,
+then they can be created like this (note that you do not need to do this as
+the certs have been prepared already in echo-server sample sources):
+
+$ openssl genrsa -out key.pem 1024
+$ openssl req -new -x509 -key key.pem -out echo-apps-cert.pem -days 10000 \
+	-subj '/CN=localhost'
+
+The cert that is to be embedded into test_certs.h in echo-server, can be
+generated like this:
+$ openssl x509 -in echo-apps-cert.pem  -C -noout
+
+The private key to be embedded into test_certs.h in echo-server can be
+generated like this:
+$ openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in key.pem \
+	  -out pkcs8.der
+
+And then create byte array that can be embedded into
+samples/net/echo_server/src/test_certs.h from that pkcs8.der file like this:
+
+$ hexdump -e '8/1 "0x%02x, " "\n"' pkcs8.der | sed 's/0x  ,//g'

echo-apps-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9jCCAV+gAwIBAgIJAPGbT01SK760MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0xNzA2MTQxMjE2NTZaFw00NDEwMzAxMjE2NTZaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+09bBufEuK+TaBsNY9sKSh5lFPbuoJEK3+PS2roSvH2iV5c22xiSeyWp06LZxSxDy
+j796zQkVg8LCVJa5dfTcVxebgj0A+sEkYaIQlLsDsZ2+voqLjrxTg8SAqe8yrJJa
+/yDlOVZb2tKQSS5kyyjA+1A2mZJQqAguDKTUp3iii60CAwEAAaNQME4wHQYDVR0O
+BBYEFMVyoJTuZr8UOiS4VhxAdVxtPK8RMB8GA1UdIwQYMBaAFMVyoJTuZr8UOiS4
+VhxAdVxtPK8RMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAIfBCLNRY
+cZmFHb9rdARjY4CS/klpS8DygTxToE+xf2/U6BnW8C5xaMK3mc/qgJLdHbF5GvEB
++pVgNWXmu5Q4/DB4QkolkktneN9o25c2ayBJb15s5HObsswhEdCT5KlYwozvSRKf
+xVDXoclW3WvMxZp3sAPbPHDvrviRgu644Is=
+-----END CERTIFICATE-----

stunnel.conf

@@ -0,0 +1,28 @@
+; Configuration file for stunnel to create SSL pipe between
+; echo-* programs running in Linux and Zephyr
+
+foreground = yes
+output = /dev/stdout
+syslog = no
+; Debugging level (7 is greatest debugging output)
+;debug = 7
+TIMEOUTconnect = 10
+TIMEOUTclose = 10
+
+[echo-client-ipv6]
+accept = 2001:db8::2:4242
+CApath = .
+CAfile = echo-apps-cert.pem
+verifyPeer = yes
+checkHost = localhost
+client = yes
+connect = 2001:db8::1:4242
+
+[echo-client-ipv4]
+accept = 192.0.2.2:4242
+CApath = .
+CAfile = echo-apps-cert.pem
+verifyPeer = yes
+checkHost = localhost
+client = yes
+connect = 192.0.2.1:4242

stunnel.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CONF_FILE=stunnel.conf
+
+if [ ! -f $CONF_FILE ]; then
+    echo "$0: Configuration file $CONF_FILE not found"
+    exit 1
+fi
+
+stunnel $CONF_FILE