Unable to use stunnel with tin...

Unable to use stunnel with tin...

Post by Ant » Mon, 16 Jun 2008 15:20:51


Hi.

I am a newbie with stunnel and news servers that use SSL connections.
What am I doing wrong as shown below? I also tried shutting down the
firewall via Guarddog program, but it didn't make any differences. :(

$ stunnel -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost:1119...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...

Thank you in advance. :)
--
"The ants are back Ted!" --Dougal from Father Ted TV show.
/\___/\
/ /\ /\ \ Phil/Ant @ http://www.yqcomputer.com/ (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://www.yqcomputer.com/
\ _ / Remove ANT from e-mail address: XXXX@XXXXX.COM
( ) or XXXX@XXXXX.COM
Go Los Angeles/L.A. Lakers. Ant is/was listening to a song on his home
computer: Covenant - Dead Stars (Longer)
 
 
 

Unable to use stunnel with tin...

Post by andre » Mon, 16 Jun 2008 16:30:21

["Followup-To:" header set to comp.os.linux.misc.]



Hmmmm..... do you mean 119 rather than 1119?

Andrew

--
Do you think that's air you're breathing now?

 
 
 

Unable to use stunnel with tin...

Post by Ant » Mon, 16 Jun 2008 16:52:06

On 6/15/2008 12:30 AM PT, andrew typed:


Same error/result:
$ stunnel -c -d 119 -r news.giganews.com:563; tin -g localhost -p 119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...
--
/\___/\
/ /\ /\ \ Phil/Ant @ http://www.yqcomputer.com/ (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://www.yqcomputer.com/
\ _ / Remove ANT from e-mail address: XXXX@XXXXX.COM
( ) or XXXX@XXXXX.COM
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!
 
 
 

Unable to use stunnel with tin...

Post by Trevor Hem » Mon, 16 Jun 2008 18:39:48

On Sun, 15 Jun 2008 07:52:06 UTC in comp.os.linux.questions, Ant



It might help if you were using a slightly less prehistoric version of stunnel -
v3 was already old about 5 years ago. The newer v4 does everything via
stunnel.conf and mine looks like this:

cert = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[nntps]
accept = 127.0.0.1:119
connect = news.giganews.com:563

With this, you might also want the debugging options set on while you get it to
work.

debug = 7
output = stunnel.log

To listen on a local port < 1024 you will need to run stunnel as root.

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com
 
 
 

Unable to use stunnel with tin...

Post by Ant » Mon, 16 Jun 2008 19:04:20

On 6/15/2008 2:39 AM PT, Trevor Hemsley typed:




Here is the version in Debian (I apt-get update and upgrade daily):

$ stunnel
2008.06.15 02:55:30 LOG3[29444:3083032240]: Either -r, -l (or -L) option
must be used



Shouldn't command line parameters be enough? I searched (locate command)
for stunnel.conf, but it is nowhere found. Your debugging comment gave
me an idea:

$ stunnel -o stunnel.log -D 7 -c -d 1119 -r news.giganews.com:563; tin
-g lalhost -p 1119

$ more stunnel.log . Exiting...
2008.06.15 02:59:47 LOG5[29636:3083413168]: Using
'news.giganews.com.563' as tcpwrapper service name
2008.06.15 02:59:47 LOG7[29636:3083413168]: RAND_status claims
sufficient entropy for the PRNG
2008.06.15 02:59:47 LOG6[29636:3083413168]: PRNG seeded successfully
2008.06.15 02:59:47 LOG5[29636:3083413168]: stunnel 3.26 on
i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
2008.06.15 02:59:47 LOG3[29637:3083413168]: Argument to -P
(/var/run/stunnel/) is not valid a directory name

Is it because of /var/run/stunnel/? If so, then how do I fix it? I tried
making a /var/run/stunnel/, but it didn't make any differences when I
retried.
--
"The ants are back Ted!" --Dougal from Father Ted TV show.
/\___/\
/ /\ /\ \ Phil/Ant @ http://www.yqcomputer.com/ (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://www.yqcomputer.com/
\ _ / Remove ANT from e-mail address: XXXX@XXXXX.COM
( ) or XXXX@XXXXX.COM
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!
 
 
 

Unable to use stunnel with tin...

Post by Trevor Hem » Mon, 16 Jun 2008 20:06:46

On Sun, 15 Jun 2008 10:04:20 UTC in comp.os.linux.questions, Ant



Sorry, I can't help, v3 is too old and I have forgotten all about it. The
difference between v3 and v4 is mainly the addition of stunnel.conf and the
dropping of all the command line parameters. I have no idea why Debian should
continue to ship something that hasn't been updated in about 7 years but all
other distros that I've used switched to v4 a long time ago.

I do know that stunnel is very fussy about permissions on all its directories
though so it's possible that just creating the directory is not enough, you
might have to chown/chmod it too. It's also possible that stunnel is running
from a chroot jail in which case you might need to be creating
/<chroot-jail>/var/run/stunnel

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com
 
 
 

Unable to use stunnel with tin...

Post by Darren Sal » Mon, 16 Jun 2008 22:45:15

I demand that Trevor Hemsley may or may not have written...




http://www.yqcomputer.com/
http://www.yqcomputer.com/

[snip]
--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Output less CO2 => avoid massive flooding. TIME IS RUNNING OUT *FAST*.

Jack the Ripper excused himself on the grounds that it was human nature.
 
 
 

Unable to use stunnel with tin...

Post by Ant » Tue, 17 Jun 2008 02:09:52

n 6/15/2008 4:06 AM PT, Trevor Hemsley typed:


Someone else suggested:

$ stunnel -f -c -d 1119 -r news.giganews.com:563
2008.06.15 09:45:06 LOG5[2756:3082602160]: Using 'news.giganews.com.563'
as tcpwrapper service name
2008.06.15 09:45:06 LOG5[2756:3082602160]: stunnel 3.26 on
i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
2008.06.15 09:45:06 LOG3[2756:3082602160]: Argument to -P
(/var/run/stunnel/) is not valid a directory name

Then, I tried uninstalling and reinstalling stunnel and stunnel4
packages via apt-get command. I retried and got different results:

$ stunnel -f -c -d 1119 -r news.giganews.com:563
2008.06.15 10:02:12 LOG5[3325:3082749616]: stunnel 4.22 on
i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2008.06.15 10:02:12 LOG5[3325:3082749616]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP
2008.06.15 10:02:12 LOG5[3325:3082749616]: 500 clients allowed
2008.06.15 10:02:12 LOG3[3325:3082749616]: Cannot create pid file
/var/run/stunnel4.pid
2008.06.15 10:02:12 LOG3[3325:3082749616]: create: Permission denied (13)
$ ls -l stunnel*
total 0
$ ls -l
total 160
srw-rw-rw- 1 root root 0 2008-05-28 12:52 acpid.socket
-rw-r--r-- 1 root root 5 2008-06-01 14:56 apcupsd.pid
-rw-r--r-- 1 root root 6 2008-03-24 11:38 crond.pid
---------- 1 root root 0 2008-03-11 20:49 crond.reboot
drwxr-xr-x 3 root lp 4096 2008-06-15 06:25 cups
drwxr-xr-x 2 messagebus messagebus 4096 2008-05-07 14:11 dbus
-rw-r--r-- 1 root root 6 2008-06-15 06:25 denyhosts.pid
drwxr-xr-x 2 root root 4096 2008-06-15 06:25 dirmngr
-rw-r--r-- 1 root root 6 2008-06-15 06:25 dirmngr.pid
drwxr-x--- 2 Debian-exim Debian-exim 4096 2008-04-13 15:17 exim4
-rw-r--r-- 1 root root 5 2008-03-11 20:49 gpm.pid
drwxr-xr-x 2 haldaemon haldaemon 4096 2008-06-03 17:21 hal
drwxr-xr-x 2 hplip root 4096 2007-12-23 14:02 hplip
drwxr-xr-x 2 identd nogroup 4096 2008-03-12 12:33 identd
-rw-r--r-- 1 root root 6 2008-05-01 12:23 inetd.pid
-rw-r--r-- 1 root root 6 2008-06-14 23:36 klogd.pid
-rw-r--r-- 1 root root 352 2008-03-11 20:49 motd
drwxr-xr-x 2 root root 4096 2008-03-11 20:49 network
-rw-r--r-- 1 root root 5 2008-05-20 11:10 ntpd.pid
drwxr-xr-t 2 root root 4096 2008-06-13 06:30 pcscd
drwxr-xr-x 3 root root 4096 2008-06-06 06:42 samba
drwxrwxr-x 5 root utmp 4096 2007-11-15 21:00 screen
-rw------- 1 root root 5 2008-03-22 12:19 smartd.pid
drwxr-xr-x 2 root root 4096 2007-07-30 02:24 sshd
-rw-r--r-- 1 root root 6 2008-06-11 06:39 sshd.pid
drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 10:00 stunnel4
-rw-r--r-- 1 root root 6 2008-06-14 23:36 syslogd.pid
-r----S--- 1 root root 5 2008-05-07 14:11
system-tools-backends.pid
-rw-rw-r-- 1 root utmp 13440 2008-06-15 09:45 utmp
drwxr-xr-x 2 root root 4096 2008-05-04 22:42 VirtualBox
srwxr-xr-x 1 root root 0 2008-06-02 20:48 vmnat.356
-rw-r--r-- 1 root root 4 2008-06-02 20:48
vmnet-bridge-0.pid
-rw-r----- 1 root root 4 2008-06-02 20:48
vmnet-dhcpd-vmnet1.pid
-rw-r-
 
 
 

Unable to use stunnel with tin...

Post by Trevor Hem » Tue, 17 Jun 2008 03:54:21

On Sun, 15 Jun 2008 17:09:52 UTC in comp.os.linux.questions, Ant



Here's a working set up from a Centos 5 system which should give you an idea of
how it works.

cert = /etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail (/var/run/stunnel/stunnel.pid)
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
output = /stunnel.log

chroot = points to a directory and all other paths and file names are then
relative to that - though I just checked my working system and it does not have
a /var/run/stunnel/etc/stunnel/stunnel.pem so the cert may be different. The
directory /var/run/stunnel is then owned by the uid/gid named in the
setuid/setgid lines and the dir has 700 permissions.


--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com
 
 
 

Unable to use stunnel with tin...

Post by Ant » Tue, 17 Jun 2008 04:16:41

On 6/15/2008 11:54 AM PT, Trevor Hemsley typed:



Is your sample/example same as this one (didn't change anything in it) I
have?
# cat /etc/stunnel/stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of chroot
jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[pop3s]
accept = 995
connect = 110

[imaps]
accept = 993
connect = 143

[ssmtp]
accept = 465
connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini


If not, then where would I put this sample/example in and what filename?
--
"Now I have you where I want you... where is my jar of Bull ants?" --unknown
/\___/\
/ /\ /\ \ Phil/Ant @ http://www.yqcomputer.com/ (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://www.yqcomputer.com/
\ _ / Remove ANT from e-mail address: XXXX@XXXXX.COM
( ) or XXXX@XXXXX.COM
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!
 
 
 

Unable to use stunnel with tin...

Post by Trevor Hem » Tue, 17 Jun 2008 04:25:26

On Sun, 15 Jun 2008 19:16:41 UTC in comp.os.linux.questions, Ant



Pretty much though slightly different. Yours should still be usable though. It
has a chroot line that says that everything is based relative to
/var/lib/stunnel4 so the pid = /stunnel4.pid line in it actualy means it will
try to create the file /var/lib/stunnel4/stunnel.pid and it will run as the user
'stunnel4'. That means that the directory /var/lib/stunnel4 needs to be owned by
the user stunnel4 and group stunnel4 and that the user will need write access to
it to be able to create the files there.

You need to uncomment the line that says
;client = yes
so that it reads
client = yes

For the purpose you want to use this for you also need to add the following
section

[nntps]
accept = 127.0.0.1:119
connect = news.giganews.com:563

Then point your tin to localhost:119 for its connections.

You may also want to remove the sections that are provided for [pop3s], [imaps]
and [ssmtp] (or comment them out anyway).

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com
 
 
 

Unable to use stunnel with tin...

Post by Ant » Tue, 17 Jun 2008 04:51:03

n 6/15/2008 12:25 PM PT, Trevor Hemsley typed:


Here's what it looks like now (made a bckup copy of the original just in
case):

# cat stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of chroot
jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

;[pop3s]
;accept = 995
;connect = 110

;[imaps]
;accept = 993
;connect = 143

;[ssmtp]
;accept = 465
;connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

[nntps]
accept = 127.0.0.1:119
connect = news.giganews.com:563

; vim:ft=dosini


I still seem to have problems running stunntel with tin:

$ stunnel -D 7 -c -d 119 -r localhost:119 ; tin -g localhost -p 119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...

$ stunnel -D 7 -c -d 119 -r news.giganews.com:563 ; tin -g localhost -p 119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...

$ stunnel tin -r localhost:119
2008.06.15 12:47:57 LOG7[5694:3082544816]: RAND_status claims sufficient
entropy for the PRNG
2008.06.15 12:47:57 LOG7[5694:3082544816]: PRNG seeded successfully
2008.06.15 12:47:57 LOG3[5694:3082544816]: /etc/stunnel/stunnel.pem: No
such file or directory (2)


Maybe I am doing all that wrong. :(
--
"The ants are my friends, they're blowin' in the wind. The ant, sir, is
blowin' in the wind." --the misheard lyrics to Bob Dylan's "Blowin' in
the Wind"
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: XXXX@XXXXX.COM
( ) or XXXX@XXXXX.COM
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!
 
 
 

Unable to use stunnel with tin...

Post by Trevor Hem » Tue, 17 Jun 2008 05:11:10

On Sun, 15 Jun 2008 19:51:03 UTC in comp.os.linux.questions, Ant



You need to find out which stunnel you are using and stick with it! This is an
stunnel v3 command line and what you have been tweaking is an stunnel v4
configuration file. I have no idea how Debian installs this for you but if you
have stunnel4 then maybe you have an /etc/init.d/stunnel4 script to start it up?
If so then you'd have to start that as root and it will read the config file and
do what it wants.

Or maybe it is stunnel4 and you're trying to pass it parameters that it's just
silently ignoring! The log output you post shows that it probably is reading
your conf file as it's talking about /etc/stunnel/stunnel.pem being missing -
perhaps you need to create it or point stunnel to one that does exist?


--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com
 
 
 

Unable to use stunnel with tin...

Post by Ant » Tue, 17 Jun 2008 05:20:04

n 6/15/2008 1:11 PM PT, Trevor Hemsley typed:


I think I know what happened:

# apt-cache show stunnel
Package: stunnel
Priority: optional
Section: net
Installed-Size: 40
Maintainer: Luis Rodrigo Gallardo Cruz < XXXX@XXXXX.COM >
Architecture: all
Source: stunnel4
Version: 3:4.22-1.1
Depends: stunnel4 (>= 3:4.20-3)
Filename: pool/main/s/stunnel4/stunnel_4.22-1.1_all.deb
Size: 10166
MD5sum: 9d3162fdeb77a7d4b62fddefc62cdf9f
SHA1: f9b3271905c413176406fef8d30ff111b8b9cc02
SHA256: 616d7c80d6269bbfe5530a20ff5214c8df9e92a054f39cfd9e8f815caa77e5d1
Description: dummy upgrade package
stunnel version 3 has been removed from Debian. This is a dummy package
to ease upgrading to stunnel4.
.
You may safely remove this package after the upgrade.
Homepage: http://www.stunnel.org/
Tag: role::dummy, special::obsolete

Package: stunnel
Priority: optional
Section: net
Installed-Size: 268
Maintainer: Julien Lemoine < XXXX@XXXXX.COM >
Architecture: i386
Version: 2:3.26-dfsg-1
Replaces: stunnel4
Depends: libc6 (>= 2.3.6-6), libssl0.9.8 (>= 0.9.8c-1), libwrap0,
openssl, netbase
Filename: pool/main/s/stunnel/stunnel_3.26-dfsg-1_i386.deb
Size: 87180
MD5sum: f424defa4b7162280e806a416ea9a882
SHA1: 601017ffdf4daffb1a034a87c11fa1fc6d3f842d
SHA256: 2be87eb6e9cd36ec0ca42e266bfd37261174674a0192c66892619b0d437138cf
Description: Universal SSL tunnel for network daemons
The stunnel program is designed to work as SSL encryption
wrapper between remote client and local (inetd-startable) or
remote server. The concept is that having non-SSL aware daemons
running on your system you can easily setup them to
communicate with clients over secure SSL channel.
.
stunnel can be used to add SSL functionality to commonly
used inetd daemons like POP-2, POP-3 and IMAP servers
without any changes in the programs' code.
Tag: interface::daemon, network::client, network::server, protocol::ssl,
role::program, security::cryptography, use::proxying


Debian pulled v3 and replaced it with v4.

# locate stunnel
/etc/stunnel
/etc/default/stunnel4
/etc/init.d/stunnel4
/etc/logrotate.d/stunnel4
/etc/ppp/ip-down.d/0stunnel4
/etc/ppp/ip-up.d/0stunnel4
/etc/rc0.d/K20stunnel4
/etc/rc1.d/K20stunnel4
/etc/rc2.d/S20stunnel4
/etc/rc3.d/S20stunnel4
/etc/rc4.d/S20stunnel4
/etc/rc5.d/S20stunnel4
/etc/rc6.d/K20stunnel4
/etc/stunnel/stunnel.conf
/usr/bin/stunnel
/usr/bin/stunnel-dsa
/usr/bin/stunnel3
/usr/bin/stunnel4
/usr/lib/libstunnel.so
/usr/lib/libstunnel.so.3
/usr/lib/stunnel
/usr/lib/stunnel/libstunnel.la
/usr/lib/stunnel/libstunnel.so
/usr/share/doc/stunnel
/usr/share/doc/stunnel4
/usr/share/doc/stunnel/BUGS
/usr/share/doc/stunnel/NEWS.Debian.gz
/usr/share/doc/stunnel/README
/usr/share/doc/stunnel/README.Debian
/usr/share/doc/stunnel/TODO
/usr/share/doc/stunnel/changelog.Debian.gz
/usr/share/doc/stunnel/copyright
/usr/share/doc/stunnel/english
/usr/share/doc/stunnel/examples
/usr/share/doc/stunnel/polish
/usr/share/doc/stunnel/stunnel.html
/usr/share/doc/stunnel/english/VNC_StunnelHOWTO.html
/usr/share/doc/stunnel/english/transproxy.txt
/usr/share/doc/stunnel/examples/ca.html
/usr/share/doc/stunnel/examples/ca.pl
/usr/share/doc/stunnel/examples/importCA.html
/usr/share/doc/stunnel/examples/importCA.sh
/usr/share/doc/stunnel/examples/stunnel.cnf
/usr/share/doc/stunnel/polish/faq.stunnel-2.html
/usr/share/doc/stunnel/polish/tworzenie_certyf
 
 
 

Unable to use stunnel with tin...

Post by Allen Kist » Tue, 17 Jun 2008 06:36:28


Only root can create pid files in /var/run.

I choose not to run stunnel as root (actually I run it "nobody" using
options in stunnel.conf), so I create a subdir (/var/run/stunnel) owned
by "nobody" and change the pidfile directory using one of the options in
stunnel.conf. The man page describes the options.