Hi,
I'm new to stunnel and have run into some unexpected behavior. I'm
inclined to think it's a bug, but perhaps I'm misunderstanding some
things.
I'm running FreeBSD 6.2 with stunnel 4.21 (installed via ports
collection). I'm able to configure things properly when using stunnel
in daemon mode, but am unable to run stunnel from inetd when I set the
debug level to 7.
Here's the config file I'm using,
cert = /usr/local/CA/stunnel.pem
key = /usr/local/CA/stunnel.pem
sslVersion = all
pid = /var/log/swat-stunnel.pid
debug = 7
output = /tmp/stunnel.log
exec = /usr/local/sbin/swat
execargs = swat
...and the inetd.conf entry,
swat stream tcp nowait.400 root /usr/local/sbin/stunnel stunnel /usr/local/etc/stunnel/swat.conf
If I connect to port 901, some debug messages are written to the socket,
dwiest(a)dfwdamian.vail: telnet localhost 901
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
2008.01.22 22:19:09 LOG7[81278:134651904]: Snagged 64 random bytes from /home/dwiest/.rnd
2008.01.22 22:19:09 LOG7[81278:134651904]: Wrote 1024 new random bytes to /home/dwiest/.rnd
2008.01.22 22:19:09 LOG7[81278:134651904]: RAND_status claims sufficient entropy for the PRNG
2008.01.22 22:19:09 LOG7[81278:134651904]: PRNG seeded successfully
2008.01.22 22:19:09 LOG7[81278:134651904]: Certificate: /usr/local/CA/stunnel.pem
2008.01.22 22:19:09 LOG7[81278:134651904]: Certificate loaded
2008.01.22 22:19:09 LOG7[81278:134651904]: Key file: /usr/local/CA/stunnel.pem
2008.01.22 22:19:09 LOG7[81278:134651904]: Private key loaded
2008.01.22 22:19:09 LOG7[81278:134651904]: SSL context initialized for service stunnel
^]
telnet> q
Connection closed.
...and some are written to the file I specified,
dwiest(a)dfwdamian.vail: cat /tmp/stunnel.log
2008.01.22 22:19:09 LOG5[81278:134651904]: stunnel 4.21 on i386-unknown-freebsd6.2 with OpenSSL 0.9.7e-p1 25 Oct 2004
2008.01.22 22:19:09 LOG5[81278:134651904]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2008.01.22 22:19:09 LOG7[81278:134651904]: stunnel started
2008.01.22 22:19:09 LOG7[81278:134651904]: FD 0 in non-blocking mode
2008.01.22 22:19:09 LOG7[81278:134651904]: FD 1 in non-blocking mode
2008.01.22 22:19:09 LOG7[81278:134651904]: stunnel permitted by libwrap from 127.0.0.1:53961
2008.01.22 22:19:09 LOG5[81278:134651904]: stunnel accepted connection from 127.0.0.1:53961
2008.01.22 22:19:09 LOG7[81278:134651904]: SSL state (accept): before/accept initialization
2008.01.22 22:19:11 LOG3[81278:134651904]: SSL_accept: Peer suddenly disconnected
2008.01.22 22:19:11 LOG5[81278:134651904]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2008.01.22 22:19:11 LOG7[81278:134651904]: stunnel finished (0 left)
If I run stunnel in daemon mode with the debug level set to 7, then
the messages are printed to stderr. Shouldn't they go to either syslog,
or to the file specified with the "output" option?
I dug through the source code and discovered that file_putline()
is being called from parse_config() before open_log() has been called.
This results in file_putline() writing to stderr instead of the specified
output file.
If this is known behavior, then it would be nice if the man page
mentioned something.
-Damian