I have a situation in which I have a client system, a middle-tier application server, and a backend database. The middle-tier takes info from the client and sends requests to the database, in other words the middle-tier has to act as both a client and a server in different parts of a transaction. Is it necessary that I run two instances of stunnel, one with an stunnel-client.conf wherein client=yes and another instance with stunnel-server.conf wherein client=no or is it possible to configure a single stunnel to do this? I would guess it would be kind of like having "client=yes|no" at the service level; this is not an option as far as I can see from the man page for 4.12 but I figured I could at least ask.
On Tue, 18 Oct 2005, Sholund, Mark D, GVSOL wrote:
I have a situation in which I have a client system, a middle-tier application server, and a backend database. The middle-tier takes info from the client and sends requests to the database, in other words the middle-tier has to act as both a client and a server in different parts of a transaction. Is it necessary that I run two instances of stunnel, one with an stunnel-client.conf wherein client=yes and another instance with stunnel-server.conf wherein client=no or is it possible to configure a single stunnel to do this? I would guess it would be kind of like having "client=yes|no" at the service level; this is not an option as far as I can see from the man page for 4.12 but I figured I could at least ask.
It depends. If you want to talk SSL both from client to middle-tier and from middle-tier to backend database the answer is: yes, you need to run two instances. If you want to talk 'plain' between middle-tier and backend database then you don't.
Jan
On 2005-10-18, at 20:57, Sholund, Mark D, GVSOL wrote:
I would guess it would be kind of like having "client=yes|no" at the service level; this is not an option as far as I can see from the man page for 4.12 but I figured I could at least ask.
Service-level SSL contexts are on my TODO list: http://stunnel.mirt.net/todo_sdf.html
Best regards, Mike
-
Jan Meijer -
Michal Trojnara -
Sholund, Mark D, GVSOL