[stunnel-users] Multiple Host Certificates

Sligar, Benjamin bsligar at tnsi.com
Thu Mar 16 22:42:19 CET 2006


Is it possible to run one instance of stunnel and have it verify certain ports against different certificates?

For instance:

    [listen1 5003]
    accept  = 5003
    connect = 10.61.0.132:7300

    [listen2 5008]
    accept  = 5008
    connect = 10.61.0.132:7300

Would it be possible to have listen2 validate on a seperate certificate, or, will I need to run a second instance of stunnel on my box and have it point to the different certificate?  Basically, I want to know if I can setup a different certificate on a per-port basis.  I don't see any options in the definition of the listen port that I can specify a different CERT, only the default CERT option at the top of the config file.

Version:
stunnel-4.04

Options
    cert = /usr/local/conf/ssl.pem
    chroot = /usr/local/stunnel-4.04/var/run/stunnel/
    pid = /stunnel.pid
    setuid = www
    setgid = webgroup
    options = NO_SSLv2
    ciphers = DES-CBC3-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:AES256-SHA:AES128-SHA

uname -a
Linux ssl 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown

gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)

openssl version
OpenSSL 0.9.6b [engine] 9 Jul 2001
 
 
This e-mail message is for the sole use of the intended recipient(s) and may 
contain confidential and privileged information of Transaction Network Services.
Any unauthorized review, use, disclosure or distribution is prohibited.  If you 
are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.



More information about the stunnel-users mailing list