[stunnel-users] stunnel in proxy mode won't start
Dave Hinz
davehinz at gmail.com
Wed Jun 28 20:02:46 CEST 2006
I'm trying to run stunnel in proxy mode, to accept connections on port
443, and forward them to an application listening at port 9999 on the
same box. I believe I have the configuration correct, but I'm
obviously overlooking something.
Environment:
stunnel 4.15 on sparc-sun-solaris2.9 with OpenSSL 0.9.7g 11 Apr 2005
I have built an stunnel.conf file, and a stunnel.pem file which are
located in the correct place with the right permissions. I verified
that by moving or changing permissions and seeing that errors were
produced. I've changed the debug level to 7, and the following
information is displayed when I try to start stunnel:
cert# stunnel
2006.06.28 13:01:14 LOG7[9088:1]: Snagged 64 random bytes from /users/dave/.rnd
2006.06.28 13:01:14 LOG7[9088:1]: Wrote 1024 new random bytes to
/users/dave/.rnd
2006.06.28 13:01:14 LOG7[9088:1]: RAND_status claims sufficient
entropy for the PRNG
2006.06.28 13:01:14 LOG6[9088:1]: PRNG seeded successfully
2006.06.28 13:01:14 LOG7[9088:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2006.06.28 13:01:14 LOG7[9088:1]: Key file: /usr/local/etc/stunnel/stunnel.pem
2006.06.28 13:01:14 LOG7[9088:1]: Verify directory set to /
2006.06.28 13:01:14 LOG5[9088:1]: Peer certificate location /
2006.06.28 13:01:14 LOG7[9088:1]: SSL context initialized for service test
cert#
Same thing if I run it as stunnel stunnel.conf -fd
The prompt comes back immediately, ps -ef shows no stunnel running,
and nothing is answering on port 443 which is where I'm telling it to
listen:
stunnel.conf file:
cert = /usr/local/etc/stunnel/stunnel.pem
chroot = /usr/local/etc/stunnel
# PID is created inside chroot jail
pid = /pid/stunnel.pid
#setuid = nobody
#setgid = nogroup
# Authentication stuff
verify = 3
# don't forget about c_rehash CApath
# it is located inside chroot jail:
CApath = /
# Some debugging stuff
debug = 7
output = stunnel.log
# Use it for client mode
client = no
# Service-level configuration
[test]
accept = 127.0.0.1:443
connect = 127.0.0.1:9999
#TIMEOUTclose = 0
---end stunnel.conf file---
The pem files are located in the same directory as the stunnel.conf,
hence the "/" for the pathname above.
What am I overlooking please?
More information about the stunnel-users
mailing list