Stunnel appears to be working fine, but when started it spams my syslog about 5 times with the following message: "stunnel: warning: can't get client address: Bad file descriptor" There are no other messages from stunnel.
I'm not sure where it's coming from...
It looks like it is running without command line arguments. My init script has the following snippets that make me think that:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PREFIX=/usr/local DAEMON=/usr/local/bin/stunnel PIDFILE=/var/lib/stunnel/stunnel.pid
test -f $DAEMON || exit 0
case "$1" in start) echo -n "Starting universal SSL tunnel: stunnel" $DAEMON || echo -n " failed" echo "." ;; {TRIMMED REST OF FILE}
My stunnel version info:
stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8e 23 Feb 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /usr/local/etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
My stunnel config file:
cert = /usr/local/etc/stunnel/stunnel.pem key = /usr/local/etc/stunnel/stunnel.pem sslVersion = SSLv3 chroot = /var/lib/stunnel/ setuid = 99 setgid = 99 pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = yes [nntps] accept = 127.0.0.1:119 connect = secure.news.easynews.com:563
Again, it is all working, and aside from my TCP_NODELAY flags, everything in my conf would be a show-stopper if it was invalid or not working...
*of note: I had to set the uid/gid number. for some reason it couldn't resolve the gid/uid on it's own. My /etc/passwd is world-readable (with hashes in shadow) as is standard.
I'm not sure I should even be worried about this...
Draeath Spamtrap wrote:
Stunnel appears to be working fine, but when started it spams my syslog about 5 times with the following message: "stunnel: warning: can't get client address: Bad file descriptor" There are no other messages from stunnel.
I'm not sure where it's coming from...
I've found it:
$ strings -f /usr/lib/* | grep "can't get client address" /usr/lib/libwrap.a: can't get client address: %m /usr/lib/libwrap.so: can't get client address: %m
You can disable libwrap support if you don't use it:
./configure --disable-libwrap make clean make make install
*of note: I had to set the uid/gid number. for some reason it couldn't resolve the gid/uid on it's own. My /etc/passwd is world-readable (with hashes in shadow) as is standard.
Apply: ftp://stunnel.mirt.net/stunnel/setuid.patch
Best regards, Mike
On Tuesday 13 November 2007 04:16:49 pm Michal Trojnara wrote:
Draeath Spamtrap wrote:
Stunnel appears to be working fine, but when started it spams my syslog about 5 times with the following message: "stunnel: warning: can't get client address: Bad file descriptor" There are no other messages from stunnel.
I'm not sure where it's coming from...
I've found it:
$ strings -f /usr/lib/* | grep "can't get client address" /usr/lib/libwrap.a: can't get client address: %m /usr/lib/libwrap.so: can't get client address: %m
You can disable libwrap support if you don't use it:
./configure --disable-libwrap make clean make make install
*of note: I had to set the uid/gid number. for some reason it couldn't resolve the gid/uid on it's own. My /etc/passwd is world-readable (with hashes in shadow) as is standard.
Apply: ftp://stunnel.mirt.net/stunnel/setuid.patch
Best regards, Mike
Thanks for showing me how you found that, that looks like a good command to remember. Thanks Mike! That should take care of me!
-
Draeath Spamtrap -
Michal Trojnara