[stunnel-users] RE: How to get tcpwrappers configured/compiled into stunnel 4.04 on Tru64 UNIX 5.1B

John Lanier jlanier at parsec.com
Wed Mar 8 21:38:30 CET 2006

I am a newbie to stunnel and tcpwrappers, so please bear with me:
I am trying to compile tcpwrapper support into stunnel v4.04 on Tru64 UNIX v5.1B (apparently v4.14 does not compile on 5.1A or higher, per http://stunnel.mirt.net/pipermail/stunnel-users/2006-January/000935.html).  
I am having what appears to be problems getting tcpwrapper support to compile with 4.04.
I have consulted the following resources, but I am still having problems:
1.  http://www.stunnel.org/faq/troubleshooting.html#ToC9

"configure isn't finding my TCP Wrapper installation"

Solution: You probably have it in a non-standard place, ie somewhere that gcc can't find it on it's own. 

Let's say you had your tcp wrappers installed in /opt/tcpd_7.6. To help gcc find your include files and libraries, you'd want to set three environment variables as follows: 
     CFLAGS="$CFLAGS     -I/opt/tcpd_7.6/include"
     CPPFLAGS="$CPPFLAGS -I/opt/tcpd_7.6/include"
     LDFLAGS="$LDFLAGS   -L/opt/tcpd_7.6/lib"
And then re-run configure. This is the generic way to have configure find specific libraries, and is not specific to Stunnel itself. 
2.  http://www.stunnel.org/faq/run.html#ToC5

"Running stunnel with TCP wrappers"

You do not need to use the tcpd binary to wrap stunnel (although you could). You can can compile in support for TCP wrappers when you compile stunnel itself. 

The configure program should be able to determine if the libwrap library (-lwrap) and headers are available in standard locations. 


I have openssl 0.9.7h installed on ccpe01 v51b pk#5, with

I did the configure, make and make install and things.  All stages
appeared successful, but then I attempted the ./configure
--with-tcp-wrappers and it errored with -lwrap not found.

checking for SSL directory... /usr/local/ssl                       
checking for "/dev/urandom"... yes                                 
checking whether to disable RSA support... no                      
checking whether to enable DH support... no                        
checking for gethostbyname in -lnsl... no                          
checking for socket in -lsocket... no                              
checking for pthread_create in -lpthread... no                     
checking for pthread_create in -lc_r... no                         
checking for openpty in -lutil... yes                              
checking whether to use the libwrap (TCP wrappers) library... yes  
checking for hosts_access in -lwrap... not found <--


So then I tried assigning the 3 environment variables and things got worse.  The include and lib directories are referenced for tcpd 7.6, but after installing tcp wrappers I do not find include or lib directories for tcpd.  

Q:  Should I expect NOT to see the include or lib directories as defined in #1 above, and, if so, will specifying the absolute path to the tcpwrapper images (EX:  /var/tcp_wrappers/tcp_wrappers_7.6) suffice?

3.  I followed these instructions when compiling/configuring tcpd v7.6 (downloaded from ftp://ftp.porcupine.org/pub/security/index.html):


7.1 - Easy configuration and installation

The "easy" recipe requires no changes to existing software or
configuration files.  Basically, you move the daemons that you want to
protect to a different directory and plug the resulting holes with
copies of the wrapper programs.

If you don't run Ultrix, you won't need the miscd wrapper program.  The
miscd daemon implements among others the SYSTAT service, which produces
the same output as the WHO command.

Type `make' and follow the instructions.  The Makefile comes with
ready-to-use templates for many common UNIX implementations (sun,
ultrix, hp-ux, aix, irix,...).



Thanks in advance for any guidance and/or advice that you can offer.

--John Lanier

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20060308/6d515eac/attachment.html>

More information about the stunnel-users mailing list