[stunnel-users] stunnel silently dies

Michal Trojnara Michal.Trojnara at mobi-com.net
Mon Oct 17 14:10:53 CEST 2005

"Uffe Vedenbrant" <sqm at mynta.org> wrote:
> I.e. libwrap will complain about unauthorized access and keep on running, 
> not just die without any logging at all..
> I really cannot say however if this is a stunnel or libwrap bug/feature.. 
> I.e. is stunnel to sensitive of what it gets back from
> libwrap or is libwrap sending more data than needed back to stunnel..

Libwrap hosts_access(3) manual claims:
       hosts_access() consults the access  control  tables  described  in 
       hosts_access(5)  manual  page.   When  internal endpoint information 
       available, host names and client user names are looked  up  on 
       using the request structure as a cache.  hosts_access() returns zero 
       access  should  be  denied.

On the other hand hosts_options(5) claims:
       twist shell_command
              Replace the current process by  an  instance  of  the 
              shell   command,   after  performing  the  %<letter> 
              described in the hosts_access(5) manual page.  Stdin, stdout 
              stderr  are  connected  to  the client process. This option 
              appear at the end of a rule.

In this case hosts_access *does not return at all*.  8-)

Good news!
I've just modified stunnel to run libwrap as a separate process.
Here is the beta version.  It should work fine with twist option.

Best regards,

More information about the stunnel-users mailing list