Sure it can. Inetd is simply a "server" and stunnel works in inetd mode or
server mode. When not using inetd, stunnel does the server work. When
using inetd then inetd does the server work. In both cases the actual
"instance" of stunnel is the same. And inetd always works (or essentially
Unix does not). It is milliseconds slower in inetd (and unless you are
doing millions of connections nobody will notice) but way more reliable in
my experience.
Eric
-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of
Peter Pentchev
Sent: Friday, January 04, 2019 8:06 AM
To: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
On Thu, Jan 03, 2019 at 02:45:30PM -0700, Eric Eberhard wrote:
Observation: you accept on port 80 ... the log says 4121 ... any
chance you have some sort of port forwarding/NAT/firewall/router issue?
Just for the record (I already answered the question in another message),
the log says that the client - the program that was talking to stunnel,
presumably some kind of web browser - connected *to* stunnel
*from* the (ephemeral) port 4121.
Second -- if you are on Unix why not just use inetd? Easy, reliable,
simple, always works (if inetd goes down you have no Unix). And you
have nothing to manage -- just logs to look at.
The inetd and stunnel tools serve different purposes - inetd cannot, by
itself, proxy between a plaintext and a TLS/SSL connection.
Happy New Year
Eric
Same!
G'luck,
Peter
-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On
Behalf Of kovacs janos
Sent: Saturday, December 29, 2018 7:37 PM
To: Javier jamilist.stn@gmx.es
Cc: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
it still doesnt seem to work. i tried it with deviantart.com again.
configuration:
client = yes
accept = 127.0.0.1:80
connect = 52.85.220.247:443
verifyChain = yes
CAfile = ca-certs.pem
checkHost = *.deviantart.com
the name after checkHost is the "Common Name" displayed when viewing the
site's certificate in a browser(lock icon, view certificate). i also saved
the certificate in case i would need to try the "certificate pinning"
method. the connect IP is what 'get-site-ip.com'
says the IP of the website is.
these are the logs:
Service [fbsd-www] accepted connection from 127.0.0.1:4121
s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected
remote server from 192.168.0.3:4122
SSL_connect: 14077410: error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
i know i pestered everyone long enough, but i still havent been able
to connect to anything. without any verification its the same
On 12/21/18, Javier jamilist.stn@gmx.es wrote:
On Fri, 21 Dec 2018 13:58:35 +0200
Peter Pentchev roam@ringlet.net wrote:
Hm, there's no reason why stunnel would not work like that for a
predetermined set of hosts with known addresses.
Hi,
I'm just trying to avoid encouraging him on keep with his first idea
of browsing through Stunnel, with, or without privoxy.
Of course one site, one connection would work, if we forget about
secondary issues and..., nevermind...
I give up :D
Regards.
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
--
--
Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Eric Eberhard