stunnel cannot exec SWAT - stunnel-users

28 May 2011


      Hi,
I'm successfully securing Samba SWAT on Linux with stunnel 4.36. The 
connection goes like this: browser -> http://localhost:901 (stunnel) -> 
remote:50901 (xinetd) -> stunnel -> remote:901 (xinetd) -> SWAT.
Now I want to remove the xinetd swat file and have stunnel directly call 
swat: browser -> http://localhost:901 (stunnel) -> remote:50901 (xinetd) 
-> stunnel -> SWAT
I do this by commenting out "connect" and setting exec and execargs (as 
documented in stunnel's man page):
#connect  = 901
exec     = /usr/sbin/swat
execargs = swat
Now I get a "Connection closed by remote server" in my browser. The log 
shows this:
[xinetd] START: swat-ssl pid=1026 from=192.168.0.253
[stunnel] Reading configuration from file /etc/stunnel/swat.xconf
[stunnel] Could not load DH parameters from /etc/stunnel/stunnel.pem
[stunnel] Configuration successful
[stunnel] No limit detected for the number of clients
[stunnel] stunnel 4.36 on i686-pc-linux-gnu with OpenSSL 1.0.0d 8 Feb 
2011
[stunnel] Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL, IPv6
[stunnel] Service stunnel accepted connection from 192.168.0.253:60418
[stunnel] SSL accepted: new session negotiated
[stunnel] Negotiated ciphers: ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA 
Enc=AES(256) Mac=SHA1
[stunnel] connect: Operation now in progress (115)
[stunnel] Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
[stunnel] pid=1026 duration=0(sec)
[xinetd] EXIT: swat-ssl status=0 pid=1026 duration=0(sec)
The successful connection (when xinetd calls swat) looks like this:
[xinetd] START: swat-ssl pid=5076 from=192.168.0.253
[everything as above]
[stunnel] connect_blocking: connecting 127.0.0.1:901
[xinetd] START: swat pid=5085 from=127.0.0.1
[stunnel] connect_blocking: connected 127.0.0.1:901
[stunnel] Service stunnel connected remote server from 127.0.0.1:47098
[stunnel] SSL_shutdown successfully sent close_notify
[stunnel] Connection closed: 288 bytes sent to SSL, 512 bytes sent to 
socket
[xinetd] EXIT: swat status=0 pid=5085 duration=0(sec)
[xinetd] EXIT: swat-ssl status=0 pid=5076 duration=0(sec)
The only difference I can see is the "connect" in the problem case 
versus the "connect_blocking" in the success case.
Who can shed some light?
Thorsten