I have a small web application running as a regular (non root) user on my port 6666. I would like to make it accessible through SSL on port 7777. In order to test it I used (as the same non root user) the following command:
stunnel -D 7 -p mypemfile.pem -d 7777 -r localhost:6666
but it does not work. When I check with "ps aux | fgrep stunnel", no such program is running.
However if I run it as root, it does work. I did not find in the documentation any restriction with this regard. Since my final application will run on a machine to whose root I do not have access, I would like to find a way to solve this problem.
Any hint will be appreciated.
-- tsf
-----------------------------------------
My system data are:
(1) Linux/Ubuntu 7.10, kernel 2.6.22-14-generic,
(2) Output of "/usr/bin/stunnel4 -version":
stunnel 4.20 on i486-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
(3) Output due to '-D 7' option:
2007.12.20 10:00:45 LOG7[14820:3082589872]: Snagged 64 random bytes from /home/tomasz/.rnd 2007.12.20 10:00:45 LOG7[14820:3082589872]: Wrote 1024 new random bytes to /home/tomasz/.rnd 2007.12.20 10:00:45 LOG7[14820:3082589872]: RAND_status claims sufficient entropy for the PRNG 2007.12.20 10:00:45 LOG7[14820:3082589872]: PRNG seeded successfully 2007.12.20 10:00:45 LOG7[14820:3082589872]: Certificate: jai_ssl.pem 2007.12.20 10:00:45 LOG7[14820:3082589872]: Certificate loaded 2007.12.20 10:00:45 LOG7[14820:3082589872]: Key file: jai_ssl.pem 2007.12.20 10:00:45 LOG7[14820:3082589872]: Private key loaded 2007.12.20 10:00:45 LOG7[14820:3082589872]: SSL context initialized for service stunnel3
(4)"/usr/bin/stunnel" is a Perl script whose comments say " ... wrapper to use stunnel 3.x syntax in stunnel >=4.05 ..."; it is version 2.00 (2005.04.2).
I solved the problem already with the '-P /home/tsf/.../stunnel.pid' option. The default value is ' /var/run/stunnel4.pid' which is not accessible to a regular user! BTW this option requires an absolute path.
-- tsf
On Dec 20, 2007 10:09 AM, T. S. Ferreira tsferreira@gmail.com wrote:
I have a small web application running as a regular (non root) user on my port 6666. I would like to make it accessible through SSL on port 7777. In order to test it I used (as the same non root user) the following command:
stunnel -D 7 -p mypemfile.pem -d 7777 -r localhost:6666but it does not work. When I check with "ps aux | fgrep stunnel", no such program is running.
However if I run it as root, it does work. I did not find in the documentation any restriction with this regard. Since my final application will run on a machine to whose root I do not have access, I would like to find a way to solve this problem.
Any hint will be appreciated.
-- tsf
My system data are:
(1) Linux/Ubuntu 7.10, kernel 2.6.22-14-generic,
(2) Output of "/usr/bin/stunnel4 -version":
stunnel 4.20 on i486-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
(3) Output due to '-D 7' option:
2007.12.20 10:00:45 LOG7[14820:3082589872]: Snagged 64 random bytes from /home/tomasz/.rnd 2007.12.20 10:00:45 LOG7[14820:3082589872]: Wrote 1024 new random bytes to /home/tomasz/.rnd 2007.12.20 10:00:45 LOG7[14820:3082589872]: RAND_status claims sufficient entropy for the PRNG 2007.12.20 10:00:45 LOG7[14820:3082589872]: PRNG seeded successfully 2007.12.20 10:00:45 LOG7[14820:3082589872]: Certificate: jai_ssl.pem 2007.12.20 10:00:45 LOG7[14820:3082589872]: Certificate loaded 2007.12.20 10:00:45 LOG7[14820:3082589872]: Key file: jai_ssl.pem 2007.12.20 10:00:45 LOG7[14820:3082589872]: Private key loaded 2007.12.20 10:00:45 LOG7[14820:3082589872]: SSL context initialized for service stunnel3
(4)"/usr/bin/stunnel" is a Perl script whose comments say " ... wrapper to use stunnel 3.x syntax in stunnel >=4.05 ..."; it is version 2.00 (2005.04.2).
-
T. S. Ferreira