Hi,
We're using stunnel to provide a secure interface to an old server that doesn't support HTTPS natively. I'd like to implement some access control so that connections are only supported from specific IP addresses. I am using v4.27 of stunnel that I downloaded from HPs website, and am running it from inittab to ensure it is always running. Unfortunately I don't think it's compiled with libwrap. Should I see libwrap listed when I run ldd against the binary (see below for output)?
I think it's possible to run stunnel from inetd. Could I wrapper it here? Is the following entry correct? stunnel stream tcp nowait root /usr/lbin/tcpd /opt/iexpress/stunnel/bin/stunnel stunnel
I think this would work, but I'm concerned that if stunnel was to crash or be killed that there would be nothing restarting it if we ran it from inetd.
Any advice much appreciated Craig
-------------------------------------
# ./stunnel -version stunnel 4.27 on ia64-hp-hpux11.23 with OpenSSL 0.9.7m 23 Feb 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Global options debug = 5 pid = /opt/iexpress/stunnel/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem ciphers = ALL:!aNULL:!eNULL+RC4:@STRENGTH key = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
# ldd ./stunnel libdl.so.1 => /usr/lib/hpux32/libdl.so.1 libnsl.so.1 => /usr/lib/hpux32/libnsl.so.1 libpthread.so.1 => /usr/lib/hpux32/libpthread.so.1 libunwind.so.1 => /usr/lib/hpux32/libunwind.so.1 libc.so.1 => /usr/lib/hpux32/libc.so.1 libxti.so.1 => /usr/lib/hpux32/libxti.so.1 libuca.so.1 => /usr/lib/hpux32/libuca.so.1 libdl.so.1 => /usr/lib/hpux32/libdl.so.1
_________________________________________________________________ Do you have a story that started on Hotmail? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/