"Cannot open log file: /var/log/stunnel.log" is the problem. File permissions. Are you supposed to be running stunnel as a particular user, rather than as yourself?

- Mike



On Thu, Dec 26, 2019 at 2:48 AM +0000, "Hanhan lee" <kennewmail@gmail.com> wrote:

I compiled stunnel4-5.50 with openssl 1.1.1d.
When I run stunnel, it will print some messages and stop:

[ ] Clients allowed=500
[.] stunnel 5.50 on arm-none-linux-gnueabi platform
[.] Compiled/running with OpenSSL 1.1.1d  10 Sep 2019
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*__errno_location ())
[.] Reading configuration from file /conf/stunnel.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [adviserd]
[ ] Ciphers: AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
[ ] TLS options: 0x02104004 (+0x00004000, -0x00000000)
[ ] Loading certificate from file: /conf/certs/server.pem
[ ] Certificate loaded from file: /conf/certs/server.pem
[ ] Loading private key from file: /conf/certs/privkey.pem
[:] Insecure file permissions on /conf/certs/privkey.pem
[ ] Private key loaded from file: /conf/certs/privkey.pem
[ ] Private key check succeeded
[ ] DH initialization needed for DHE-PSK-CHACHA20-POLY1305
[ ] DH initialization
[ ] Could not load DH parameters from /conf/certs/server.pem
[ ] Using dynamic DH parameters
[ ] ECDH initialization
[ ] ECDH initialized with curve prime256v1
[.] Configuration successful
[ ] Binding service [adviserd]
[ ] Listening file descriptor created (FD=8)
[ ] Setting accept socket options (FD=8)
[ ] Option SO_REUSEADDR set on accept socket
[ ] Option TCP_NODELAY set on accept socket
[ ] Service [adviserd] (FD=8) bound to :::7582
[!] Cannot open log file: /var/log/stunnel.log
[ ] Deallocating section defaults
[ ] Unbinding service [adviserd]
[ ] Service [adviserd] closed (FD=8)
[ ] Service [adviserd] closed
[ ] Deallocating section [adviserd]

I have no idea what's wrong with this, help!

Many thanks