On Tue, 13 Jan 2009, "D. Richard Hipp" drh@hwaci.com wrote:

Apparently stunnel will work as a pipe if I create a config file like this:

  client=yes
  connect=remosthost:port

Then run stunnel and talk over standard input and standard output.

One problem I have found in doing this is that if socketpair(2) is used to create the file descriptor that will be connected to stunnel's stdio, then stunnel's libwrap checking is activated because it detects it to be a socket.

Using socketpair is a nice way to turn a TCP client into one that connects via a two-way pipe with stunnel (because the client app doesn't have to special case the two file descriptors for stunnel's stdin and stdout when reading and writing.)

Since a user (i.e. not a sysadmin) has no control over the libwrap settings in /etc, stunnel's libwrap check will always fail when used this way.

In my opinion, stunnel should allow disabling of libwrap (and syslog too) via the config file (i.e. not just compile time options). This makes the "one connection" client usage you describe work better.

Karl