Michal Trojnara writes:
"John Conover" conover@rahul.net wrote:
chroot = /usr/local/stunnel/var/run/
[cut]
delay = yes
[cut]
2004.11.07 16:49:10 LOG3[3794:1025]: Failed to resolve hostname 'abc.wxyz.net'
[cut]
Removing chroot in stunnel.conf fixes the problem, but its no longer jailed.
Hints?
Yes. You have several options:
- As you noticed you can turn off chroot.
- You can turn off delayed resolver (to resolve hosts at startup, before
chroot). 3. You can create the files/devices your resolver library needs inside the chroot jail. strace is your friend: http://sourceforge.net/projects/strace/ 4. You can use IP address as "connect" parameter instead of domain name. 8-)
Thanks, Mike. Using IP addresses as a "connect" parameter worked like a charm.
How do you make sure the remote/server stunnel is kept running?
I haven't waded through the sources to stunnel, but is there a command line arg "if its not running, make it so," by checking the pid file as a lock file and check if the pid is valid as a stunnel process-so it could be run periodically out of cron(8) to keep it running, in case the remote went down?
Or, something similar triggered by the client machine?
Thanks,
John
BTW, as a sidebar, the -Wall gcc(1) command line arg in the compile of stunnel was a nice touch-shows the authors cared.