<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Hi,<br><br>We're using stunnel to provide a secure interface to an old server that doesn't support HTTPS natively. I'd like to implement some access control so that connections are only supported from specific IP addresses. I am using v4.27 of stunnel that I downloaded from HPs website, and am running it from inittab to ensure it is always running. Unfortunately I don't think it's compiled with libwrap. Should I see libwrap listed when I run ldd against the binary (see below for output)?<br><br>I think it's possible to run stunnel from inetd. Could I wrapper it here? Is the following entry correct?  <br>    stunnel  stream tcp nowait root /usr/lbin/tcpd /opt/iexpress/stunnel/bin/stunnel stunnel<br><br>I think this would work, but I'm concerned that if stunnel was to crash or be killed that there would be nothing restarting it if we ran it from inetd.<br><br>Any advice much appreciated<br>Craig<br><br>-------------------------------------<br><br># ./stunnel -version<br>stunnel 4.27 on ia64-hp-hpux11.23 with OpenSSL 0.9.7m 23 Feb 2007<br>Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6<br><br>Global options<br>debug           = 5<br>pid             = /opt/iexpress/stunnel/var/run/stunnel/stunnel.pid<br>RNDbytes        = 64<br>RNDfile         = /dev/urandom<br>RNDoverwrite    = yes<br><br>Service-level options<br>cert            = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem<br>ciphers         = ALL:!aNULL:!eNULL+RC4:@STRENGTH<br>key             = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem<br>session         = 300 seconds<br>stack           = 65536 bytes<br>sslVersion      = SSLv3 for client, all for server<br>TIMEOUTbusy     = 300 seconds<br>TIMEOUTclose    = 60 seconds<br>TIMEOUTconnect  = 10 seconds<br>TIMEOUTidle     = 43200 seconds<br>verify          = none<br><br><br># ldd ./stunnel<br>        libdl.so.1 =>   /usr/lib/hpux32/libdl.so.1<br>        libnsl.so.1 =>  /usr/lib/hpux32/libnsl.so.1<br>        libpthread.so.1 =>      /usr/lib/hpux32/libpthread.so.1<br>        libunwind.so.1 =>       /usr/lib/hpux32/libunwind.so.1<br>        libc.so.1 =>    /usr/lib/hpux32/libc.so.1<br>        libxti.so.1 =>  /usr/lib/hpux32/libxti.so.1<br>        libuca.so.1 =>  /usr/lib/hpux32/libuca.so.1<br>        libdl.so.1 =>   /usr/lib/hpux32/libdl.so.1<br><br>                                      <br /><hr />Do you want a Hotmail account? <a href='http://clk.atdmt.com/UKM/go/197222280/direct/01/' target='_new'>Sign-up now - Free</a></body>
</html>