I'm experimenting with using the stunnel that comes with CentOS 6 (4.29). I have a config file that is successfully being used on stunnel version 4.15 on the same host without any issues.
My issues: 1. starting stunnel creates 6 processes. I assume this has something to do with libwrap, but I'm not finding much discussion about it by doing a search. I'm also assuming that the binaries are forking after load, so it's not a significant memory expense to do this due to COW. Is this correct?
2. I'm getting 't of memory' (no "ou" in the error) messages from syslog when I do more than one request via chrome to port 2087. The process indicated from the message points to the stunnel process that has ownership of the open ports. A single request to this port doesn't seem to spawn the issue. Can anyone suggest what might be causing this?
Upgrading to a newer version of stunnel is possible, but I would prefer to keep the version Red Hat provides so they can be on the hook for CVE issues.
My config file follows: ----- cert = /var/cpanel/ssl/cpanel/cpanel.pem chroot = /usr/local/cpanel/var/run/stunnel/ # PID is created inside chroot jail pid = /stunnel.pid setuid = cpanel setgid = cpanel
# Service-level configuration
[cpanelhttps] accept = 2083 connect = 2082 TIMEOUTclose = 0
[whmhttps] accept = 2087 connect = 2086 TIMEOUTclose = 0
[webmailhttps] accept = 2096 connect = 2095 TIMEOUTclose = 0
-
Todd Rinaldo