[stunnel-users] stunnel in proxy mode won't start

Dave Hinz davehinz at gmail.com
Wed Jun 28 20:02:46 CEST 2006


I'm trying to run stunnel in proxy mode, to accept connections on port
443, and forward them to an application listening at port 9999 on the
same box.  I believe I have the configuration correct, but I'm
obviously overlooking something.

Environment:
stunnel 4.15 on sparc-sun-solaris2.9 with OpenSSL 0.9.7g 11 Apr 2005

I have built an stunnel.conf file, and a stunnel.pem file which are
located in the correct place with the right permissions.  I verified
that by moving or changing permissions and seeing that errors were
produced.  I've changed the debug level to 7, and the following
information is displayed when I try to start stunnel:

cert# stunnel
2006.06.28 13:01:14 LOG7[9088:1]: Snagged 64 random bytes from /users/dave/.rnd
2006.06.28 13:01:14 LOG7[9088:1]: Wrote 1024 new random bytes to
/users/dave/.rnd
2006.06.28 13:01:14 LOG7[9088:1]: RAND_status claims sufficient
entropy for the PRNG
2006.06.28 13:01:14 LOG6[9088:1]: PRNG seeded successfully
2006.06.28 13:01:14 LOG7[9088:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2006.06.28 13:01:14 LOG7[9088:1]: Key file: /usr/local/etc/stunnel/stunnel.pem
2006.06.28 13:01:14 LOG7[9088:1]: Verify directory set to /
2006.06.28 13:01:14 LOG5[9088:1]: Peer certificate location /
2006.06.28 13:01:14 LOG7[9088:1]: SSL context initialized for service test
cert#

Same thing if I run it as stunnel stunnel.conf -fd

The prompt comes back immediately, ps -ef shows no stunnel running,
and nothing is answering on port 443 which is where I'm telling it to
listen:

stunnel.conf file:

cert = /usr/local/etc/stunnel/stunnel.pem
chroot = /usr/local/etc/stunnel
# PID is created inside chroot jail
pid = /pid/stunnel.pid
#setuid = nobody
#setgid = nogroup

# Authentication stuff
verify =  3
# don't forget about c_rehash CApath
# it is located inside chroot jail:
CApath = /

# Some debugging stuff
debug = 7
output = stunnel.log

# Use it for client mode
client = no

# Service-level configuration

[test]
accept  = 127.0.0.1:443
connect = 127.0.0.1:9999
#TIMEOUTclose = 0

---end stunnel.conf file---

The pem files are located in the same directory as the stunnel.conf,
hence the  "/" for the pathname above.

What am I overlooking please?



More information about the stunnel-users mailing list