[stunnel-users] inetd Solaris Stunnel 4.05

Kenneth Simpson ken at MILitho.COM
Fri Nov 12 00:38:11 CET 2004 

Hi - I'm trying to get stunnel 4.05 to work under inetd on a Solaris
x86 platform (and Solaris 8 on a SPARC platform.)

The IMAP and POP daemons are verison 2004 from UW (or UW 2001 on a SPARC.)

The IMAP client is Thunderbird 0.8.

I can connect to IMAP inetd service on port 143 with Thunderbird.

When I attempt to connect to IMAP on port 993, I'm presented a
self signed certificate, I click OK to accept it, then Thunderbird
just hangs.

There's no indication in IMAP log file that I've connected - and there
doesn't appear to be any indication in the stunnel log file that I've
been connected to the IMAP server either.

stunnel and the IMAP servers work in the standalone mode.

When stunnel is running under inetd, I can telnet to port 143 and port 993.

Any help would be greatly appreciated.

-- Ken

; stunnel -version
stunnel 4.05 on i386-pc-solaris2.8 FORK with OpenSSL 0.9.7d 17 Mar 2004
 
Global options
cert            = /usr/stunnel/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
debug           = 5
key             = /usr/stunnel/etc/stunnel/stunnel.pem
pid             = /usr/stunnel/var/run/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
session         = 300 seconds
verify          = none
 
Service-level options
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTidle     = 43200 seconds; stunnel -sockets
Socket option defaults:
    Option          Accept    Local     Remote    OS default
    SO_DEBUG            --        --        --             0
    SO_DONTROUTE        --        --        --             0
    SO_KEEPALIVE        --        --        --             0
    SO_LINGER           --        --        --    0:0      
    SO_OOBINLINE        --        --        --             0
    SO_RCVBUF           --        --        --         32768
    SO_SNDBUF           --        --        --         32768
    SO_RCVLOWAT         --        --        --        --   
    SO_SNDLOWAT         --        --        --        --   
    SO_RCVTIMEO         --        --        --        --   
    SO_SNDTIMEO         --        --        --        --   
    SO_REUSEADDR             1    --        --             0
    IP_TOS              --        --        --             0
    IP_TTL              --        --        --            64
    TCP_NODELAY         --        --        --             0


; inetd.conf
#
imap  stream  tcp nowait  root /usr/imap/sbin/in.imapd 
/usr/imap/sbin/in.imapd
pop3  stream  tcp nowait  root /usr/imap/sbin/in.pop3d 
/usr/imap/sbin/in.pop3d
#
imaps stream tcp nowait root /usr/stunnel/sbin/stunnel 
/usr/stunnel/sbin/stunnel /usr/stunnel/etc/stunnel.conf
pop3s stream tcp nowait root /usr/stunnel/sbin/stunnel 
/usr/stunnel/sbin/stunnel /usr/stunnel/etc/stunnel.conf
ssmtp stream tcp nowait root /usr/stunnel/sbin/stunnel 
/usr/stunnel/sbin/stunnel /usr/stunnel/etc/stunnel.conf


; stunnel.conf
#
cert = /usr/openssl/certs/stunnel.pem
#chroot = /usr/stunnel/var/run/
#pid=/stunnel.pid
pid=
setuid = nobody
setgid = nogroup

debug = local2.7
output = /var/adm/log/stunnel

exec = /usr/imap/sbin/in.pop3d
execargs = /usr/imap/sbin/in.pop3d

exec = /usr/imap/sbin/in.imapd
execargs = /usr/imap/sbin/in.imapd

exec = /usr/lib/sendmail
execargs = /usr/lib/sendmail

#
# end stunnel.conf
#

; log file
2004.11.11 14:52:25 LOG5[7844:0]: stunnel 4.05 on i386-pc-solaris2.8 
FORK with OpenSSL 0.9.7d 17 Mar 2004
2004.11.11 14:52:25 LOG7[7844:0]: Snagged 64 random bytes from /dev/urandom
2004.11.11 14:52:25 LOG7[7844:0]: RAND_status claims sufficient entropy 
for the PRNG
2004.11.11 14:52:25 LOG6[7844:0]: PRNG seeded successfully
2004.11.11 14:52:25 LOG7[7844:0]: Certificate: 
/usr/openssl/certs/stunnel.pem
2004.11.11 14:52:25 LOG7[7844:0]: Key file: /usr/openssl/certs/stunnel.pem
2004.11.11 14:52:25 LOG7[7844:0]: stunnel started
2004.11.11 14:52:25 LOG5[7844:0]: stunnel connected from 10.0.0.15:58715
2004.11.11 14:52:25 LOG7[7844:0]: SSL state (accept): before/accept 
initialization
2004.11.11 14:52:25 LOG7[7844:0]: SSL state (accept): SSLv3 read client 
hello A
2004.11.11 14:52:25 LOG7[7844:0]: SSL state (accept): SSLv3 write server 
hello A
2004.11.11 14:52:25 LOG7[7844:0]: SSL state (accept): SSLv3 write 
certificate A
2004.11.11 14:52:25 LOG7[7844:0]: SSL state (accept): SSLv3 write server 
done A
2004.11.11 14:52:25 LOG7[7844:0]: SSL state (accept): SSLv3 flush data
2004.11.11 14:52:26 LOG7[7844:0]: SSL state (accept): SSLv3 read client 
key exchange A
2004.11.11 14:52:26 LOG7[7844:0]: SSL state (accept): SSLv3 read finished A
2004.11.11 14:52:26 LOG7[7844:0]: SSL state (accept): SSLv3 write change 
cipher spec A
2004.11.11 14:52:26 LOG7[7844:0]: SSL state (accept): SSLv3 write finished A
2004.11.11 14:52:26 LOG7[7844:0]: SSL state (accept): SSLv3 flush data
2004.11.11 14:52:26 LOG7[7844:0]:    1 items in the session cache
2004.11.11 14:52:26 LOG7[7844:0]:    0 client connects (SSL_connect())
2004.11.11 14:52:26 LOG7[7844:0]:    0 client connects that finished
2004.11.11 14:52:26 LOG7[7844:0]:    0 client renegotiatations requested
2004.11.11 14:52:26 LOG7[7844:0]:    1 server connects (SSL_accept())
2004.11.11 14:52:26 LOG7[7844:0]:    1 server connects that finished
2004.11.11 14:52:26 LOG7[7844:0]:    0 server renegotiatiations requested
2004.11.11 14:52:26 LOG7[7844:0]:    0 session cache hits
2004.11.11 14:52:26 LOG7[7844:0]:    0 session cache misses
2004.11.11 14:52:26 LOG7[7844:0]:    0 session cache timeouts
2004.11.11 14:52:26 LOG6[7844:0]: Negotiated ciphers: 
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(2
56)  Mac=SHA1
2004.11.11 14:52:26 LOG6[7844:0]: Local mode child started (PID=7845)
2004.11.11 14:52:26 LOG7[7844:0]: Remote FD=7 initialized

; netstat -nr | grep 143
      *.143                *.*                0      0 32768      0 LISTEN

; netstat -nr | grep 993
      *.993                *.*                0      0 32768      0 LISTEN

More information about the stunnel-users mailing list