[stunnel-users] service reconfiguration by SIGHUP

Matthew Eaton stunnel at divinehawk.com
Wed Dec 13 16:51:25 CET 2006


It won't work for privileged ports if you are using setuid/setgid options,
since the original privileges are dropped after the initial set of ports are
bound. If you do not set this option, then it shouldn't make a difference
(as long as the original user has permission to bind priv ports, e.g. root).
The chroot parameter would also limit the functionality of this patch. You
would need to copy or hard link the config file into the chroot'ed directory
tree.

Established connections are not closed, only the listening ports are closed
and opened. This is confirmed through my own testing.

Cheers,
Matt

On 12/13/06, Hans Werner Strube <strube at physik3.gwdg.de> wrote:
>
> Matthew Eaton wrote:
> > I've created a patch to Stunnel that reloads all accepting connections
> > from the config file. This will not work for privileged ports in the
> > current implementation.
>
> Please explain why it will not work for privileged ports.
> Does this hold even if the master stunnel process runs as root?
> And what happens to active connections on SIGHUP? Are they simply broken?
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061213/20a1b198/attachment.html>


More information about the stunnel-users mailing list