Hi,
I'm new to stunnel and have run into some unexpected behavior. I'm inclined to think it's a bug, but perhaps I'm misunderstanding some things.
I'm running FreeBSD 6.2 with stunnel 4.21 (installed via ports collection). I'm able to configure things properly when using stunnel in daemon mode, but am unable to run stunnel from inetd when I set the debug level to 7.
Here's the config file I'm using,
cert = /usr/local/CA/stunnel.pem key = /usr/local/CA/stunnel.pem sslVersion = all pid = /var/log/swat-stunnel.pid debug = 7 output = /tmp/stunnel.log exec = /usr/local/sbin/swat execargs = swat
...and the inetd.conf entry,
swat stream tcp nowait.400 root /usr/local/sbin/stunnel stunnel /usr/local/etc/stunnel/swat.conf
If I connect to port 901, some debug messages are written to the socket,
dwiest@dfwdamian.vail: telnet localhost 901 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 2008.01.22 22:19:09 LOG7[81278:134651904]: Snagged 64 random bytes from /home/dwiest/.rnd 2008.01.22 22:19:09 LOG7[81278:134651904]: Wrote 1024 new random bytes to /home/dwiest/.rnd 2008.01.22 22:19:09 LOG7[81278:134651904]: RAND_status claims sufficient entropy for the PRNG 2008.01.22 22:19:09 LOG7[81278:134651904]: PRNG seeded successfully 2008.01.22 22:19:09 LOG7[81278:134651904]: Certificate: /usr/local/CA/stunnel.pem 2008.01.22 22:19:09 LOG7[81278:134651904]: Certificate loaded 2008.01.22 22:19:09 LOG7[81278:134651904]: Key file: /usr/local/CA/stunnel.pem 2008.01.22 22:19:09 LOG7[81278:134651904]: Private key loaded 2008.01.22 22:19:09 LOG7[81278:134651904]: SSL context initialized for service stunnel ^] telnet> q Connection closed.
...and some are written to the file I specified,
dwiest@dfwdamian.vail: cat /tmp/stunnel.log 2008.01.22 22:19:09 LOG5[81278:134651904]: stunnel 4.21 on i386-unknown-freebsd6.2 with OpenSSL 0.9.7e-p1 25 Oct 2004 2008.01.22 22:19:09 LOG5[81278:134651904]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.01.22 22:19:09 LOG7[81278:134651904]: stunnel started 2008.01.22 22:19:09 LOG7[81278:134651904]: FD 0 in non-blocking mode 2008.01.22 22:19:09 LOG7[81278:134651904]: FD 1 in non-blocking mode 2008.01.22 22:19:09 LOG7[81278:134651904]: stunnel permitted by libwrap from 127.0.0.1:53961 2008.01.22 22:19:09 LOG5[81278:134651904]: stunnel accepted connection from 127.0.0.1:53961 2008.01.22 22:19:09 LOG7[81278:134651904]: SSL state (accept): before/accept initialization 2008.01.22 22:19:11 LOG3[81278:134651904]: SSL_accept: Peer suddenly disconnected 2008.01.22 22:19:11 LOG5[81278:134651904]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2008.01.22 22:19:11 LOG7[81278:134651904]: stunnel finished (0 left)
If I run stunnel in daemon mode with the debug level set to 7, then the messages are printed to stderr. Shouldn't they go to either syslog, or to the file specified with the "output" option?
I dug through the source code and discovered that file_putline() is being called from parse_config() before open_log() has been called. This results in file_putline() writing to stderr instead of the specified output file.
If this is known behavior, then it would be nice if the man page mentioned something.
-Damian