One quick note. Added the options. setuid = nobody setgid = nobody But Fedorea didn't like using nogroup ;setuid = nobody ;setgid = nogroup so used nobody for both, and that did start, and seems to work fine. Use stunnel with Pegasus Mail to access 3 ISPs. Thanks again. stunnel 5.76 on x86_64-pc-linux-gnu platform Compiled/running with OpenSSL 3.2.6 30 Sep 2025 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:FIPS,OCSP,PSK,SNI On 12 Feb 2026 at 23:20, Michał Trojnara via stunnel wrote: Date sent: Thu, 12 Feb 2026 23:20:44 +0100 To: stunnel-users@stunnel.org Subject: [stunnel-users] Re: Question on trying to setup stunnel 5.76 on Fedora 42/43 system. patches" <stunnel-users.stunnel.org> From: Michał Trojnara via stunnel-users <stunnel-users@stunnel.org> Send reply to: Michał Trojnara <Michal.Trojnara@stunnel.org>
12 Feb 2026 21:14:14 Michael D. Setzer II via stunnel-users <stunnel-users@stunnel.org>:
Run into some issues with trying to upgrade the stunnel to 5.76 version while Fedora repos version is still at 5.75.
Found one thing that showed using this configurations options. ./configure \ --sysconfdir=/etc \ --localstatedir=/var \ --enable-systemd \ --with-ssl=/usr
But using it, the stunnel 5.76 is still installing in /usr/local/bin?
Installing custom software in system locations is a bad idea. Use /usr/local/ (the default) or /opt/stunnel/.
If you really need to break your package manager, use --prefix and --bindir.
Also, systemd socket activation is enabled by default if the required packages are installed. Running stunnel from rc.local works for you, so you likely don't use/need socket activation. systemd socket activation and systemd .service file are *not* the same.
Removed the fedora repo version, and then systemctl no longer shows a service for stunnel, but run it manually at boot, and it works fine.
There is a stunnel.service file distributed with stunnel that you could use.
Seems the fedora version has a ENGINE option that the stunnel option doesn't.
https://fedoraproject.org/wiki/Changes/OpensslNoBuildEngine I guess.
Fedora guys seem eager to remove useful features they don't like. Feel free to complain to them.
And no, stunnel cannot support an OpenSSL feature that was disabled when building your OpenSSL library.
Know that sometmes the fedora repo doesn't update each time, or it takes more time?
Consider contacting the stunnel package manager in Fedora. The upstream project has no control over individual distros packaging our work.
Is there way to install the latest version and have the systemd setup to work.
A few ways actually, including building an rpm for your distro.
At present, have the Fedora repo version uninstalled, and run the stunnel in rc.local?
This works as well if you haven't configured the stunnel.service file.
Best regards, Mike
+------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@guam.net mailto:msetzerii@gmail.com mailto:msetzerii@gmx.com Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+