Hi everyone !
I have 900 (W2K) machines that I have to securely log onto. I chose to use both of Ultr@VNC and RealVNC 4.0 (running on ports 5900 & 5901). And I chose to use STunnel 4.05 on W2K to secure the sockets.
On my admin PC, Stunnel.conf looks like /*******************************/ #cert stuff
[ultravnc0101] accept = 127.0.1.1:5900 connect = PC0101:5700 [realvnc0101] accept = 127.0.1.1:5901 connect = PC0101:5701
...
[ultravnc1000] accept = 127.0.10.0:5900 connect = PC1000:5700 [realvnc1000] accept = 127.0.10.0:5901 connect = PC1000:5701
/*******************************/
And it does only work for the first 31 pairs of "services". (No Authentification issues.) When I move the "PC0101" services to the end of the file it will not work anymore, whereas it does when it's first in the .conf file.
I guess having 1800 services is not necessarily the way Stunnel is meant to work...
Is it a known issue ? I haven't been able to find any infos on it in newsgroups or with Google. It does not seem to be a W2K problem since it works with the 64 first services.
If anyone knows a workaround...
Thanks for your help, Reagrds
Philippe HAMEAU
"CIM Massy" mlk141@wanadoo.fr wrote:
And it does only work for the first 31 pairs of "services".
[cut]
It does not seem to be a W2K problem since it works with the 64 first services.
The problem is that Windows only supports 64 file descriptors in a single FD_SET structure by default: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/win...
You can build stunnel with a bigger FD_SET. It's not used by default because of increased memory consumption. Please let me know if you need my help.
Best regards, Mike
The problem is that Windows only supports 64 file descriptors in a single FD_SET structure by default:
As many would need stunnel to run with more than 31 apps (64 descriptor) wouldnt this be an ideal candidate for a configurable parameter (global options) in stunnel.conf?. Anyways CIM Massy i did recompile it with a bigger FD_SET and it worked just fine for me.
Interestingly in Linux, as it implements fd_set with bit mask, i dont think stunnel will be able to support more than 16 pairs of apps (32 descriptors) unless there is some code change explicitly.
Thanks and Regards, Paul
On Fri, 17 Dec 2004 16:19:43 +0100, Michal Trojnara Michal.Trojnara@mobi-com.net wrote:
"" mlk141@wanadoo.fr wrote:
And it does only work for the first 31 pairs of "services".
[cut]
It does not seem to be a W2K problem since it works with the 64 first services.
The problem is that Windows only supports 64 file descriptors in a single FD_SET structure by default: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/win...
You can build stunnel with a bigger FD_SET. It's not used by default because of increased memory consumption. Please let me know if you need my help.
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Paul wrote:
Interestingly in Linux, as it implements fd_set with bit mask, i dont think stunnel will be able to support more than 16 pairs of apps (32 descriptors) unless there is some code change explicitly.
fd_set is by default an array of 32 long integers in Linux. See /usr/include/sys/select.h for details.
Best regards, Mike
-
CIM Massy -
Michal Trojnara -
Paul