Michal Trojnara writes:
"John Conover" <conover@rahul.net> wrote:
chroot = /usr/local/stunnel/var/run/ [cut] delay = yes [cut] 2004.11.07 16:49:10 LOG3[3794:1025]: Failed to resolve hostname 'abc.wxyz.net' [cut] Removing chroot in stunnel.conf fixes the problem, but its no longer jailed.
Hints?
Yes. You have several options: 1. As you noticed you can turn off chroot. 2. You can turn off delayed resolver (to resolve hosts at startup, before chroot). 3. You can create the files/devices your resolver library needs inside the chroot jail. strace is your friend: http://sourceforge.net/projects/strace/ 4. You can use IP address as "connect" parameter instead of domain name. 8-)
Thanks, Mike. Using IP addresses as a "connect" parameter worked like a charm. How do you make sure the remote/server stunnel is kept running? I haven't waded through the sources to stunnel, but is there a command line arg "if its not running, make it so," by checking the pid file as a lock file and check if the pid is valid as a stunnel process-so it could be run periodically out of cron(8) to keep it running, in case the remote went down? Or, something similar triggered by the client machine? Thanks, John BTW, as a sidebar, the -Wall gcc(1) command line arg in the compile of stunnel was a nice touch-shows the authors cared. -- John Conover, conover@rahul.net, http://www.johncon.com/