stunnel-users December 2009

stunnel-users@stunnel.org

13 participants
13 discussions

Stunnel 4 failing to connect to gmail
by Asif Iqbal 11 Dec '20

11 Dec '20

I am faling to connect to gmail. Not sure what that bind error means. iqbala@ghar:~$ sudo stunnel4 2008.12.15 13:53:17 LOG7[3839:3083650736]: Snagged 64 random bytes from /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: Wrote 1024 new random bytes to /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: RAND_status claims sufficient entropy for the PRNG 2008.12.15 13:53:17 LOG7[3839:3083650736]: PRNG seeded successfully 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate: … [View More]

5 9

Re: [stunnel-users] Stunnel on the same machine
by subrata＠indiatimes.com 01 Aug '11

01 Aug '11

The configuration files are : pid = /var/stunnel.pid ;chroot = /var/lib/stunnel setuid = nobody setgid = nobody foreground =yes ; Use it for client mode client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [mysqls] accept = 3307 connect = 192.168.1.6:3307 On 192.168.1.6 ---------------------- pid = /var/stunnel.pid setuid =nobody setgid = nobody foreground = yes client = no ; Service-… [View More]

3 3

what's wrong? error=unable to get local issuer certificate
by Carsten Krüger 29 Dec '09

29 Dec '09

I think it should work, * should match homie 1. connected with "openssl s_client -connect mail.neroon.com:995", pasted cert to dreamhost.pem 2. used this -----------stunnel.conf------------- debug=7 client = yes [pop3] accept = 110 connect = homie.mail.dreamhost.com:995 verify=1 CAfile=c:\temp\dreamhost.pem -----------stunnel.conf------------- 3. connect to localost:110, got "unable to get local issuer certificate 2009.12.29 16:04:25 LOG7[3044:5700]: Snagged 64 random bytes from C:/.rnd … [View More]2009.12.29 16:04:25 LOG7[3044:5700]: Wrote 0 new random bytes to C:/.rnd 2009.12.29 16:04:25 LOG7[3044:5700]: RAND_status claims sufficient entropy for the PRNG 2009.12.29 16:04:25 LOG7[3044:5700]: PRNG seeded successfully 2009.12.29 16:04:25 LOG7[3044:5700]: Loaded verify certificates from c:\temp\dreamhost.pem 2009.12.29 16:04:25 LOG7[3044:5700]: Loaded c:\temp\dreamhost.pem revocation lookup file 2009.12.29 16:04:25 LOG7[3044:5700]: SSL context initialized for service pop3 2009.12.29 16:04:25 LOG5[3044:5700]: stunnel 4.29 on x86-pc-mingw32-gnu with OpenSSL 0.9.8l 5 Nov 2009 2009.12.29 16:04:25 LOG5[3044:5700]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2009.12.29 16:04:25 LOG5[3044:4320]: No limit detected for the number of clients 2009.12.29 16:04:25 LOG7[3044:4320]: FD 1832 in non-blocking mode 2009.12.29 16:04:25 LOG7[3044:4320]: SO_REUSEADDR option set on accept socket 2009.12.29 16:04:25 LOG7[3044:4320]: pop3 bound to 0.0.0.0:110 2009.12.29 16:04:40 LOG7[3044:4320]: pop3 accepted FD=1808 from 127.0.0.1:3257 2009.12.29 16:04:40 LOG7[3044:4320]: Creating a new thread 2009.12.29 16:04:40 LOG7[3044:4320]: New thread created 2009.12.29 16:04:40 LOG7[3044:2340]: pop3 started 2009.12.29 16:04:40 LOG7[3044:2340]: FD 1808 in non-blocking mode 2009.12.29 16:04:40 LOG5[3044:2340]: pop3 accepted connection from 127.0.0.1:3257 2009.12.29 16:04:40 LOG7[3044:2340]: FD 1768 in non-blocking mode 2009.12.29 16:04:40 LOG6[3044:2340]: connect_blocking: connecting 208.97.132.208:995 2009.12.29 16:04:40 LOG7[3044:2340]: connect_blocking: s_poll_wait 208.97.132.208:995: waiting 10 seconds 2009.12.29 16:04:40 LOG5[3044:2340]: connect_blocking: connected 208.97.132.208:995 2009.12.29 16:04:40 LOG5[3044:2340]: pop3 connected remote server from 192.168.0.2:3258 2009.12.29 16:04:40 LOG7[3044:2340]: Remote FD=1768 initialized 2009.12.29 16:04:40 LOG7[3044:2340]: SSL state (connect): before/connect initialization 2009.12.29 16:04:40 LOG7[3044:2340]: SSL state (connect): SSLv3 write client hello A 2009.12.29 16:04:40 LOG7[3044:2340]: SSL state (connect): SSLv3 read server hello A 2009.12.29 16:04:40 LOG4[3044:2340]: VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/emailAddress=support(a)dreamhost.com 2009.12.29 16:04:40 LOG7[3044:2340]: SSL alert (write): fatal: bad certificate 2009.12.29 16:04:40 LOG3[3044:2340]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2009.12.29 16:04:40 LOG5[3044:2340]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2009.12.29 16:04:40 LOG7[3044:2340]: pop3 finished (0 left) [View Less]

2 1

Using stunnel instead of SSL API
by Vladimir Stariradev 24 Dec '09

24 Dec '09

Hi Guys, I'm working on a java mobile app (J2ME MIDP 2.0) which connects to a java server, which I created. The java mobile app is an instant messenger. I want to use stunnel to encrypt the communication between the app and the server. At the moment the server runs on my localhost on port 5555 and accepts connections from the mobile device emulator I have running on the same machine. Eventually I want to transfer the mobile app on to my mobile and use it from there. My machine is running the … [View More]

2 1

privileges not dropped before libwrap processes are spawned
by Micah Anderson 21 Dec '09

21 Dec '09

Hi, I recently stumbled on http://mirt.net/pipermail/stunnel-users/2008-May/001977.html which is exactly what I am seeing with version 4.27 of stunnel, namely the daemon is not switching to the setuid/setgid specified in the config before it is spawned. This means that I get 6 processes, 5 run as root with only one (albeit the one lisenting on the specified sockets) dropping privs to the specified user. The follow-up response from Mike was: I'll modify stunnel to delay spawning libwrap … [View More]

2 3

BBwin hanging windows
by Gregory Wege 18 Dec '09

18 Dec '09

Hey Guys, We have the following problem: Bbwin is sending traffic to 2 monitoring servers and is encrypted via stunnel. If one of the monitoring servers goes down, the number of ports being used by bbwin client increases to the point where the box is unusable - no more ports available on the windows box being monitored. If we kill the bbwin process, the problem goes away temporarily - after a short period of time, the problem returns. The problem continues even after the failed hobbit … [View More]

2 2

Hey Stunnel-Users, I forgot to mention...
by Sreejith Mohan Menon 17 Dec '09

17 Dec '09

1 0

Tunnel iPhone - Server
by LoLoVioLo 14 Dec '09

14 Dec '09

Hi all, It is my first post. Sorry if common question but didn't find answer in archives or google. The fact is that I am using an iPhone with a data plan that only allow ports 80 and 443 (http and https). My aim is to be able to use all ports (mail, ftp, msn, etc). The idea is to tunnel all TCP connections between my computer here and my server at home. iPhone <----port-443----> Linux Server <----all-ports----> Internet I know there is alternatives for each service (… [View More]

1 0

Question (simple one I think)
by Reinier van der Gugten 09 Dec '09

09 Dec '09

Question: On the server, port 443 is already in use by a different service. However I require STunnel to communicate also on port 443. I thought, that perhaps I can obtain a second IP address and forward that trafic from the router to port 444 (or any other avail port). Then I can let Stunnel listen to port 444 and thus it would work. The firewall has to translate the 444 back to the 443 when transmitting data ofcourse. Is this the right way to go? Or ca I do this using one and the same … [View More]

3 2

Your opinion on sessiond
by Michal Trojnara 04 Dec '09

04 Dec '09

Dear Users, I'm eager to hear your comments, suggestions or issues regarding sessiond. Feel free to use the stunnel-users mailing list or the bug tracking system: https://stunnel.mirt.net/?page=bts Best regards, Mike

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users December 2009