[Oh wise list folks... I haven't seen any responses to this. Does anybody have any experience either with using stunnel on Fedora 7, or with the particular error? I cannot find any other hints or reasons as to why the resolution is failing... Andy]
----original message------
I can't get stunnel to run on a freshly-installed Fedora 7 system. It fails with "Error resolving '0.0.0.0': servname is not supported for ai_socktype" but the usual other causes of that error (ie. ports not defined in /etc/services, bad settings in /etc/nsswitch.conf) are not the culprit this time.
COMMAND LINE:
/usr/sbin/stunnel /home/amdunn/security/stunnel.conf
COMMAND OUTPUT:
2007.08.29 11:44:12 LOG3[13614:3086243520]: Error resolving '0.0.0.0': servname is not supported for ai_socktype (EAI_SERVICE) file /home/amdunn/security/stunnel.conf line 10: Failed to resolve accepting address
STUNNEL.CONF FILE:
; ; stunnel file for testing 443 access to local http server ; cert=/home/amdunn/security/xxxxxxx key=/home/amdunn/security/yyyyyyy foreground=yes ; ; [sweb] accept=443 ; https port connect=80 ; standard httpd listening port TIMEOUTclose=0 ; must set this or IE waits 60sec on page end client=no
STUNNEL -VERSION OUTPUT:
stunnel 4.20 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
I'm also on 4.2 (Windows), and I came here looking for exactly the same message. Finding no mention other than your request, I examined one of my working blocks against a non-working one, looked at yours, made a simple change, and it worked. Why? Remove the comments after your variable assignments, especially on the "connect" line. If you must have them, they need to be on their own lines and start in column 1, i.e., instead of this:
accept=443 ; https port connect=80 ; standard httpd listening port TIMEOUTclose=0 ; must set this or IE waits 60sec on page end
just do something akin to:
; 443 https port / 80 = standard http listening port ; must set TIMEOUTclose or IE waits 60sec on page end accept=443 connect=80 TIMEOUTclose=0
This appears to be an obscure RTFM issue; I blithely assumed (perhaps much like you) from my 20 years of IT experience that well--if a comment starts with a semicolon I could bloody well put it anywhere. No, you can't, and the FAQ says so:
http://www.stunnel.org/faq/stunnel.html#configuration_file
What a painfully esoteric way to be told you're violating a very, very old (but arguably efficient) way of doing comments. This is the first time I've ever gotten your error, and I've been bitten by the random freeform comment for months. Your post made me think...nah...oh...sigh. So, start everything in column 1--and don't mix lines--and when you do try this, don't forget to make sTunnel reload its config. Good luck.
Andrew M Dunn wrote:
[Oh wise list folks... I haven't seen any responses to this. Does anybody have any experience either with using stunnel on Fedora 7, or with the particular error? I cannot find any other hints or reasons as to why the resolution is failing... Andy]
----original message------
I can't get stunnel to run on a freshly-installed Fedora 7 system. It fails with "Error resolving '0.0.0.0': servname is not supported for ai_socktype" but the usual other causes of that error (ie. ports not defined in /etc/services, bad settings in /etc/nsswitch.conf) are not the culprit this time.
COMMAND LINE:
/usr/sbin/stunnel /home/amdunn/security/stunnel.conf
COMMAND OUTPUT:
2007.08.29 11:44:12 LOG3[13614:3086243520]: Error resolving '0.0.0.0': servname is not supported for ai_socktype (EAI_SERVICE) file /home/amdunn/security/stunnel.conf line 10: Failed to resolve accepting address
STUNNEL.CONF FILE:
; ; stunnel file for testing 443 access to local http server ; cert=/home/amdunn/security/xxxxxxx key=/home/amdunn/security/yyyyyyy foreground=yes ; ; [sweb] accept=443 ; https port connect=80 ; standard httpd listening port TIMEOUTclose=0 ; must set this or IE waits 60sec on page end client=no
STUNNEL -VERSION OUTPUT:
stunnel 4.20 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
----- -- Kirk M. Schafer
Infotech Capital Your Information Technology Asset
-
Andrew M Dunn -
InfotechCapital