[stunnel-users] Problem with stunnel 4.20 on Fedora 7
InfotechCapital
thebusybox at rainswept.com
Fri Nov 30 08:05:41 CET 2007
I'm also on 4.2 (Windows), and I came here looking for exactly the same
message. Finding no mention other than your request, I examined one of my
working blocks against a non-working one, looked at yours, made a simple
change, and it worked. Why? Remove the comments after your variable
assignments, especially on the "connect" line. If you must have them, they
need to be on their own lines and start in column 1, i.e., instead of this:
accept=443 ; https port
connect=80 ; standard httpd listening port
TIMEOUTclose=0 ; must set this or IE waits 60sec on page end
just do something akin to:
; 443 https port / 80 = standard http listening port
; must set TIMEOUTclose or IE waits 60sec on page end
accept=443
connect=80
TIMEOUTclose=0
This appears to be an obscure RTFM issue; I blithely assumed (perhaps much
like you) from my 20 years of IT experience that well--if a comment starts
with a semicolon I could bloody well put it anywhere. No, you can't, and the
FAQ says so:
http://www.stunnel.org/faq/stunnel.html#configuration_file
What a painfully esoteric way to be told you're violating a very, very old
(but arguably efficient) way of doing comments. This is the first time I've
ever gotten your error, and I've been bitten by the random freeform comment
for months. Your post made me think...nah...oh...sigh. So, start everything
in column 1--and don't mix lines--and when you do try this, don't forget to
make sTunnel reload its config. Good luck.
Andrew M Dunn wrote:
>
> [Oh wise list folks... I haven't seen any responses to this. Does
> anybody have any experience either with using stunnel on Fedora 7,
> or with the particular error? I cannot find any other hints or
> reasons as to why the resolution is failing... Andy]
>
> ----original message------
>
> I can't get stunnel to run on a freshly-installed Fedora 7 system.
> It fails with "Error resolving '0.0.0.0': servname is not supported for
> ai_socktype" but the usual other causes of that error (ie. ports not
> defined in /etc/services, bad settings in /etc/nsswitch.conf) are not
> the culprit this time.
>
>
> COMMAND LINE:
>
> /usr/sbin/stunnel /home/amdunn/security/stunnel.conf
>
> COMMAND OUTPUT:
>
> 2007.08.29 11:44:12 LOG3[13614:3086243520]: Error resolving '0.0.0.0':
> servname is not supported for ai_socktype (EAI_SERVICE)
> file /home/amdunn/security/stunnel.conf line 10: Failed to resolve
> accepting address
>
> STUNNEL.CONF FILE:
>
> ;
> ; stunnel file for testing 443 access to local http server
> ;
> cert=/home/amdunn/security/xxxxxxx
> key=/home/amdunn/security/yyyyyyy
> foreground=yes
> ;
> ;
> [sweb]
> accept=443 ; https port
> connect=80 ; standard httpd listening port
> TIMEOUTclose=0 ; must set this or IE waits 60sec on page end
> client=no
>
>
> STUNNEL -VERSION OUTPUT:
>
> stunnel 4.20 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>
> Global options
> debug = 5
> pid = /var/run/stunnel.pid
> RNDbytes = 64
> RNDfile = /dev/urandom
> RNDoverwrite = yes
>
> Service-level options
> cert = /etc/stunnel/stunnel.pem
> ciphers = ALL:!ADH:+RC4:@STRENGTH
> key = /etc/stunnel/stunnel.pem
> session = 300 seconds
> sslVersion = SSLv3 for client, all for server
> TIMEOUTbusy = 300 seconds
> TIMEOUTclose = 60 seconds
> TIMEOUTconnect = 10 seconds
> TIMEOUTidle = 43200 seconds
> verify = none
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
-----
--
Kirk M. Schafer
Infotech Capital
Your Information Technology Asset
--
View this message in context: http://www.nabble.com/Problem-with-stunnel-4.20-on-Fedora-7-tf4378117.html#a14041705
Sent from the Stunnel - Users mailing list archive at Nabble.com.
More information about the stunnel-users
mailing list