Matthew Eaton wrote:
I've created a patch to Stunnel that reloads all accepting connections from the config file. This will not work for privileged ports in the current implementation.
Please explain why it will not work for privileged ports. Does this hold even if the master stunnel process runs as root? And what happens to active connections on SIGHUP? Are they simply broken?
It won't work for privileged ports if you are using setuid/setgid options, since the original privileges are dropped after the initial set of ports are bound. If you do not set this option, then it shouldn't make a difference (as long as the original user has permission to bind priv ports, e.g. root). The chroot parameter would also limit the functionality of this patch. You would need to copy or hard link the config file into the chroot'ed directory tree.
Established connections are not closed, only the listening ports are closed and opened. This is confirmed through my own testing.
Cheers, Matt
On 12/13/06, Hans Werner Strube strube@physik3.gwdg.de wrote:
Matthew Eaton wrote:
I've created a patch to Stunnel that reloads all accepting connections from the config file. This will not work for privileged ports in the current implementation.
Please explain why it will not work for privileged ports. Does this hold even if the master stunnel process runs as root? And what happens to active connections on SIGHUP? Are they simply broken? _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users