[stunnel-users] Is it possible for stunnel to reject client connections if the server end cannot connect?

Martin van den Nieuwelaar martin at rawl.co.nz
Fri Aug 27 03:42:22 CEST 2010

Hi all.  I took a look (manually) through the last year of archives, but 
didn't find anything on this issue.  The situation is as follows.

Say we have two machines set up, ClientPC and ServerPC.  On ClientPC I 
run stunnel accepting a connection on a local port and connecting to an 
stunnel port on ServerPC.  On ServerPC I run stunnel accepting a 
connection on the local stunnel port and connecting to the 'encryption 
unaware' server on another port on the same ServerPC machine.  OK, 
pretty simple stuff so far.

The problem is, when I connect to ClientPC with the 'encryption unaware' 
client app. then I always get a successful connection, even if there is 
no server running on ServerPC.  Of course once the client has a 
successful connection, it then performs a write(), and that fails with 
'Connection reset by peer'.  Really, since there is no server running on 
ServerPC, I want the connect() to stunnel on ClientPC to fail.  Is there 
a way to do this?

The alternative (which is a kludge), is to make the client 'stunnel 
aware' (yuk!), and to tell it whether it's connecting over stunnel on a 
per connection basis (yuk!).  Then it can know whether it needs to look 
at the connect() or the write() to know whether the server is not 
running.  Yuk!

Or am I overlooking something simple? :-)

R A Ward Ltd. | We take the privacy of our customers seriously.
Christchurch  | All sensitive E-Mail attachments MUST be encrypted.
New Zealand

More information about the stunnel-users mailing list