[stunnel-users] stunnel with netcat.
Jan Meijer
jan.meijer at surfnet.nl
Sat Oct 16 10:39:57 CEST 2004
Hi Graeme,
On Fri, 15 Oct 2004, Graeme Stewart wrote:
> My apologies, I wasn't exactly sure what information would be
> helpful to resolve this issue.
I have a straight-forward approach to the amount of information needed
when trying to solve a problem; just give me all you got and I'll sift
through it to see what is useful and what not ;).
If I sounded a bit harsh it was because I woke up at 4 am while I could
sleep until at least 7 am ;).
> - stunnel has logging? - Told you I hadn't used it much.
That logging probably holds the solution to your problem. Because it
probably holds the problem ;). I don't know what OS you're using; if it's
debian linux you'll find the logging in /var/log/daemon.log, otherwise
most likely in /var/log/messages. Can you check that logging to see what
it says regarding stunnel?
If the logging is not present, uncomment these settings and check the
stunnel.log.
> #debug = 7
> #output = stunnel.log
It could be the tcpwrapper is complaining. Wouldn't surprise me.
> [https]
> accept=localhost:8080
> connect=targetsite.com:443
> TIMEOUTclose=0
> transparent=yes
>
> - shouldn't the link be transparent to the application utilizing it?
Nah, because it can't be. You can make it transparent to the receiving
application, if I understand the feature correctly. I've never used it;
all my servers are FreeBSD hence it wouldn't work on that side.
Consider this setup to secure an otherwise unsecured imap connection
between a client that can't do ssl and a server that can't do ssl:
pine -imap-> localhost-stunnel --imap-over-ssl-> remotehost-stunnel
--plain imap->imap-server
the imap-server now considers the connection to originate from the
remotehost-stunnel. The transparent-yes feature should make it possible
to let the imap-server think it is in fact talking to my
localhost-stunnel.
So it has to do with the 'serverside-stunnel', not with the client-side
stunnel.
Jan
--
http://www.surfnet.nl/organisatie/jame
More information about the stunnel-users
mailing list