I have been using stunnel for a long time, but was just trying to compile the latest version from source, and it compiles, but doesn't work like the older version, so I must have some option wrong. With the current version on my Fedora 14 machine using the latest version it loads the stunnel ports and works, but the newer version does seem to load or give an error message.
I've tested the stunnel from Fedora 16 and Fedora 17, and they work fine with the stunnel.conf to load the settings.
Current version info from Fedora 14 system.
stunnel 4.34 on x86_64-redhat-linux-gnu with OpenSSL 1.0.0e-fips 6 Sep 2011 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = daemon.notice pid = /var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = ALL:!aNULL:!eNULL:!SSLv2 curve = sect163r2 session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
The new build does this. stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.0e-fips 6 Sep 2011 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS
Global options: debug = daemon.notice pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options: ciphers = FIPS (with "fips = yes") ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no") sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds sslVersion = TLSv1 (with "fips = yes") sslVersion = TLSv1 for client, all for server (with "fips = no") stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
Have also tried it with --disable-fips
With the new version I have to provide the /etc/stunnel/stunnel.conf, but it doesn't load any of the options.
Sure it is just a simple configure setting I am missing.
Thanks.
+----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 14305761.074364 | EINSTEIN 10610832.119852 ROSETTA 6726167.419674 | ABC 15903532.519753
On 2013-03-30 14:39, Michael D. Setzer II wrote:
With the new version I have to provide the /etc/stunnel/stunnel.conf, but it doesn't load any of the options.
You may use 'ltrace' and/or 'strace' to diagnose why it dies silently on your system.
Mike
On 3 Apr 2013 at 22:39, Michal Trojnara wrote:
Date sent: Wed, 03 Apr 2013 22:39:16 +0200 From: Michal Trojnara Michal.Trojnara@mirt.net To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] Trying to Upgrade stunnel, but compile isn't working?
On 2013-03-30 14:39, Michael D. Setzer II wrote:
With the new version I have to provide the /etc/stunnel/stunnel.conf, but it doesn't load any of the options.
You may use 'ltrace' and/or 'strace' to diagnose why it dies silently on your system.
I have got it working, but seems the main issue was the default was to put the pid file in a directory that did not exist on my system, but it gave no error. Then had an issue with the fips not working, so recompiled using this option and additions to the stunnel.conf file. Older versions just had clien = yes at top, but know need to specify pid and cert lines, added others from an example.
Configure options
./configure --disable-fips --disable-ipv6
stunnel.conf
client = yes pid = /var/run/stunnel.pid debug = 5 output = /var/log/stunnel.log socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 cert = /etc/stunnel/stunnel.pem compression = zlib
[gmailpop] accept = 20995 connect = pop.gmail.com:995
[gmailsmtp] accept = 20465 connect = smtp.gmail.com:465
[gmailimap] accept = 20993 connect = imap.gmail.com:993
Mike
+----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 14335726.491678 | EINSTEIN 10693070.799852 ROSETTA 6798552.793218 | ABC 15903532.519753
-
Michael D. Setzer II -
Michal Trojnara