[stunnel-users] I am clearly doing something wrong

David Chase dr2chase at mac.com
Sat Jan 6 00:55:37 CET 2007 

But I think the documentation has some serious gaps in it, too.

I compiled stunnel, installed it, created certificates, and even
turned on debugging in the configuration file.  Now, all I want to
do is forward port 443 locally to port 80 elsewhere.  Says my config
file:

cert = /usr/local/etc/stunnel/mail.pem
;key = /usr/local/etc/stunnel/mail.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on  
Win32
chroot = /usr/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
; PID is created inside chroot jail
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log
; Use it for client mode
; client = yes
; Service-level configuration
[pop3s]
accept  = 995
connect = 110
[imaps]
accept  = 993
connect = 143
[ssmtp]
accept  = 465
connect = 25
[https]
accept  = 443
connect = elsewhere.com:80
TIMEOUTclose = 0

and when I run it, it says:

sudo /usr/local/sbin/stunnel
Password:
2007.01.05 18:51:01 LOG7[13470:2684415368]: Snagged 64 random bytes  
from /Users/chase/.rnd
2007.01.05 18:51:01 LOG7[13470:2684415368]: Wrote 1024 new random  
bytes to /Users/chase/.rnd
2007.01.05 18:51:01 LOG7[13470:2684415368]: RAND_status claims  
sufficient entropy for the PRNG
2007.01.05 18:51:01 LOG7[13470:2684415368]: PRNG seeded successfully
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ 
etc/stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ 
stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized  
for service pop3s
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ 
etc/stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ 
stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized  
for service imaps
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ 
etc/stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ 
stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized  
for service ssmtp
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ 
etc/stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ 
stunnel/mail.pem
2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded
2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized  
for service https

I see nothing that looks like a complaint, but when I go looking for  
a stunnel process,
there is not one, nor is anyone listening on port 443 at localhost.   
I cannot be the
first person who wanted to do this, but I found both the FAQ and the  
documentation to
be uninformative.

How do I keep stunnel running and listening for connections on 443?

I tried client=yes, that didn't seem to help.

I am running Stunnel 4.20 on MacOS 10.4.8

David Chase

More information about the stunnel-users mailing list