Nigh 2008-01-11 17:06 -0500, Alan Pinstein pleaded:
I don't know a lot about sockets programming, but I am not sure this makes sense... I don't WANT stunnel to stop listening to those ports; rather it shouldn't ever start. stunnel has a config file, so I'd expect it to only listen to the ports it was told to listen to, which is 4449.
Can you show us the code that is starting Stunnel? Is it running as the apache user? Is it actually being started from apache itself?
If apache (the webserver daemon) is exec'ing Stunnel, it should be closing those sockets. If it's not, you'd still see them as LISTENable. (Now, would stunnel accept on them? I'd think not, because it's bound 4449 and only does listen() on that socket.
But still I think that stunnel is actively listening on these ports. Forked processed just don't inherit sockets from parents AFAIK....
google for 'close on exec'
I suppose that I could just set it up in init.d to run on boot, but was hoping to not have to deal with another initd process for ease of management...
You're better off using init.d, honestly. Else you might get more than one stunnel trying to start up, all that logic to start or not start, etc.