« Return to Thread: Problem with stunnel 4.20 on Fedora 7
Re: Problem with stunnel 4.20 on Fedora 7
by InfotechCapital
::
Rate this Message:
I'm also on 4.2 (Windows), and I came here looking for exactly the same message. Finding no mention other than your request, I examined one of my working blocks against a non-working one, looked at yours, made a simple change, and it worked. Why? Remove the comments after your variable assignments, especially on the "connect" line. If you must have them, they need to be on their own lines and start in column 1, i.e., instead of this:
accept=443 ; https port
connect=80 ; standard httpd listening port
TIMEOUTclose=0 ; must set this or IE waits 60sec on page end
just do something akin to:
; 443 https port / 80 = standard http listening port
; must set TIMEOUTclose or IE waits 60sec on page end
accept=443
connect=80
TIMEOUTclose=0
This appears to be an obscure RTFM issue; I blithely assumed (perhaps much like you) from my 20 years of IT experience that well--if a comment starts with a semicolon I could bloody well put it anywhere. No, you can't, and the FAQ says so:
http://www.stunnel.org/faq/stunnel.html#configuration_file
What a painfully esoteric way to be told you're violating a very, very old (but arguably efficient) way of doing comments. This is the first time I've ever gotten your error, and I've been bitten by the random freeform comment for months. Your post made me think...nah...oh...sigh. So, start everything in column 1--and don't mix lines--and when you do try this, don't forget to make sTunnel reload its config. Good luck.
accept=443 ; https port
connect=80 ; standard httpd listening port
TIMEOUTclose=0 ; must set this or IE waits 60sec on page end
just do something akin to:
; 443 https port / 80 = standard http listening port
; must set TIMEOUTclose or IE waits 60sec on page end
accept=443
connect=80
TIMEOUTclose=0
This appears to be an obscure RTFM issue; I blithely assumed (perhaps much like you) from my 20 years of IT experience that well--if a comment starts with a semicolon I could bloody well put it anywhere. No, you can't, and the FAQ says so:
http://www.stunnel.org/faq/stunnel.html#configuration_file
What a painfully esoteric way to be told you're violating a very, very old (but arguably efficient) way of doing comments. This is the first time I've ever gotten your error, and I've been bitten by the random freeform comment for months. Your post made me think...nah...oh...sigh. So, start everything in column 1--and don't mix lines--and when you do try this, don't forget to make sTunnel reload its config. Good luck.
Andrew M Dunn wrote:[Oh wise list folks... I haven't seen any responses to this. Does
anybody have any experience either with using stunnel on Fedora 7,
or with the particular error? I cannot find any other hints or
reasons as to why the resolution is failing... Andy]
----original message------
I can't get stunnel to run on a freshly-installed Fedora 7 system.
It fails with "Error resolving '0.0.0.0': servname is not supported for
ai_socktype" but the usual other causes of that error (ie. ports not
defined in /etc/services, bad settings in /etc/nsswitch.conf) are not
the culprit this time.
COMMAND LINE:
/usr/sbin/stunnel /home/amdunn/security/stunnel.conf
COMMAND OUTPUT:
2007.08.29 11:44:12 LOG3[13614:3086243520]: Error resolving '0.0.0.0':
servname is not supported for ai_socktype (EAI_SERVICE)
file /home/amdunn/security/stunnel.conf line 10: Failed to resolve
accepting address
STUNNEL.CONF FILE:
;
; stunnel file for testing 443 access to local http server
;
cert=/home/amdunn/security/xxxxxxx
key=/home/amdunn/security/yyyyyyy
foreground=yes
;
;
[sweb]
accept=443 ; https port
connect=80 ; standard httpd listening port
TIMEOUTclose=0 ; must set this or IE waits 60sec on page end
client=no
STUNNEL -VERSION OUTPUT:
stunnel 4.20 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
--
Kirk M. Schafer
Infotech Capital
Your Information Technology Asset
Kirk M. Schafer
Infotech Capital
Your Information Technology Asset
« Return to Thread: Problem with stunnel 4.20 on Fedora 7
| Free embeddable forum powered by Nabble | Forum Help |
