Hi Eric, I run my application with stunnel in the client mode (client = yes in config file) . I do not have control on the stunnel running in server mode though. If i understand your mail correctly, the hack is to copy the certs to any local directory that should be accessible and then delete the same after the connection is established? I dont have problems maintaining the pem files if i can access the file system to create them, but i am exploring an option, which i couldnt figure out from the stunnel documentation, if i can specify the certs inside the configuration file for stunnel itself rather than feeding them through a file. I have an environment where the certificates and keys are available as strings to my applications and hence the idea is to use them directly in stunnel config rather than as a file. Thanks Hari
On Tuesday, July 24, 2018, 4:20:32 AM GMT+5:30, Eric S Eberhard flash@vicsmba.com wrote:
Use stunnel in inetd mode. Execute a script (or better C program). Copy the certificates for making the stunnel connection to a directory that is OK … then delete them immediately after stunnel starts. Hack – but might be OK for what you are doing.
I am not sure why anyone would think it more secure to put the keys into the stunnel command than to just use them from a file … but I likely do not know enough about your application to make a judgement.
Eric
Eric S Eberhard
VICS (Vertical Integrated Computer Systems)
Voice: 928 567 3529
Cell : 928 301 7537 (not reliable except for text or if not home)
2933 W Middle Verde Rd
Camp Verde, AZ 86322
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Hari Sent: Thursday, July 19, 2018 4:42 AM To: stunnel-users@stunnel.org Subject: [stunnel-users] Is there a way to specify certificate content in stunnel config
Hi,
I have a requirement where in i cannot specify the certificate and/or private key details as "files" to stunnel configuration, owing to the location and/or file system availability for stunnel to access them.
Is there a way to specify the actual certificate content in stunnel configuration (similar to other parameters like port numbers etc.,) so that the same can be leveraged.
Thanks
Hari
|
| Virus-free. www.avg.com |