stunnel in proxy mode won't start - stunnel-users

28 Jun 2006


      I'm trying to run stunnel in proxy mode, to accept connections on port
443, and forward them to an application listening at port 9999 on the
same box.  I believe I have the configuration correct, but I'm
obviously overlooking something.
Environment:
stunnel 4.15 on sparc-sun-solaris2.9 with OpenSSL 0.9.7g 11 Apr 2005
I have built an stunnel.conf file, and a stunnel.pem file which are
located in the correct place with the right permissions.  I verified
that by moving or changing permissions and seeing that errors were
produced.  I've changed the debug level to 7, and the following
information is displayed when I try to start stunnel:
cert# stunnel
2006.06.28 13:01:14 LOG7[9088:1]: Snagged 64 random bytes from /users/dave/.rnd
2006.06.28 13:01:14 LOG7[9088:1]: Wrote 1024 new random bytes to
/users/dave/.rnd
2006.06.28 13:01:14 LOG7[9088:1]: RAND_status claims sufficient
entropy for the PRNG
2006.06.28 13:01:14 LOG6[9088:1]: PRNG seeded successfully
2006.06.28 13:01:14 LOG7[9088:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2006.06.28 13:01:14 LOG7[9088:1]: Key file: /usr/local/etc/stunnel/stunnel.pem
2006.06.28 13:01:14 LOG7[9088:1]: Verify directory set to /
2006.06.28 13:01:14 LOG5[9088:1]: Peer certificate location /
2006.06.28 13:01:14 LOG7[9088:1]: SSL context initialized for service test
cert#
Same thing if I run it as stunnel stunnel.conf -fd
The prompt comes back immediately, ps -ef shows no stunnel running,
and nothing is answering on port 443 which is where I'm telling it to
listen:
stunnel.conf file:
cert = /usr/local/etc/stunnel/stunnel.pem
chroot = /usr/local/etc/stunnel
# PID is created inside chroot jail
pid = /pid/stunnel.pid
#setuid = nobody
#setgid = nogroup
# Authentication stuff
verify =  3
# don't forget about c_rehash CApath
# it is located inside chroot jail:
CApath = /
# Some debugging stuff
debug = 7
output = stunnel.log
# Use it for client mode
client = no
# Service-level configuration
[test]
accept  = 127.0.0.1:443
connect = 127.0.0.1:9999
#TIMEOUTclose = 0
---end stunnel.conf file---
The pem files are located in the same directory as the stunnel.conf,
hence the  "/" for the pathname above.
What am I overlooking please?