A copy of some devices and system files is needed within the chroot jail Chroot conflicts with configuration file reload and many other features chroot = / usr / local / var / lib / stunnel / Chroot jail can be escaped if setuid option is not used setuid = stunnel setgid = stunnel $ sudo chown -R stunnel /usr/local/var/lib/stunnel/ Add the group ‘stunnel’ and a user ‘stunnel’ in this group. Such as where is the location of the nf is /usr/local/etc/stunnel/nf. You can’t find it by using ‘whereis’ or ‘which’!Īnd the prompt will give you enough information. ![]() However, it is not easy to find its installed place. If you use Rudix pacakge to install, the binaries of stunnel and stunnel3 will be installed in /usr/local/bin/. Very convinient to install! Running Stunnel Stunnel package download from Rudix, or use homebrew, or mac-port. ![]() Stunnel listened SSL connection on the accept ports, then strip the SSL, and forward it to the connect ports.Īccept and connect are defined in the nf. I am using Ratchet for websocket, and it does not support SSL. Patch Stunnel to support web proxies (squid, etc.Stunnel is a SSL wrapper for those web services which could not deploy SSL directly. Use stunnel through a https proxy that supports the CONNECT protocol. Select SSL method (ssl2/ssl3/tls) from the command lineĪdds '-n nntp' negotiation option to Stunnel.Īdds '-n pop' negotiation option to Stunnel.ĭelay dns lookups until connect time (run-time option)Įnable bandwidth-limiting options to StunnelĮnable per-connection bandwidth limiting options to Stunnel Similar functionality introduced into stunnel-3.15Īllow Stunnel to read from stdin and write to stdout New -O option to discard (rather than inline) OOB data.Īdd an X-Forwarded-For header for HTTP connections. Similar functionality introduced into Stunnel-3.19 Writes connection details for current tunnel to filesystemĪbility to turn on/off the tray icon in Stunnel 4.x on WindowsĪllow compilation on Mac OS X and Darwin.įorce Stunnel to open and close the log each time it sends a message to avoid a bug in Digital Unix 4.0d (and perhaps others)įix for format bug in pop/smtp negotiation to VersionĪllow you to specify the remote host in an env var, not on command line Patch for fork model (SIGCHLD, syslog, reaping, etc) Non-SSL passthrough for negotiated protocols, immediate chroot/setuid options, use open file descriptor instead of new remote socket or local program, and more.ĭistributed session caching with distcache You do not need this if you use Stunnel 4.05 or later, or OpenSSL-0.9.7b or later or OpenSSL-0.9.6j or later.Ĭheck peer's certificate purpose (client, server, smime, etc) It forces RSA blinding, which can defeat a recently discovered timing attack that could allow a cracker to brute force your private RSA keys. This is a patch to OpenSSL versions 0.9.7a and earlier, and 0.9.6i and earlier. (Patch file is really a zip file, rename appropriately.) Work around a bug in some systems (Solaris?) that have trouble with descriptors greater than 255.Įnables you to compile with Microsoft Visual C++ 6 natively. Patch to replace calls to select with poll Patch updated to fix bug where blinding attempted even in client mode with no cert. Not needed if you have recent versions (later than 0.9.6j or 0.9.7b) of OpenSSL. Patch fixed on Apr 23, 2003, to not turn on blinding in client mode when no cert in use.įorces RSA blinding to prevent timing attacks which can determine an RSA private key. ![]() Contact the authors if you have anyĪllow config file on stdin or any arbitrary file descriptorĭetermine tunnel endpoint dynamically via LDAP lookups They could be work perfectly, or totally foul upĮverything. However it does not endorse any of the patchesĬontained herein. This website makes patches available for use by the You are welcome to submit patches with alternate licenses, however you mustĮxplicitly say so when submitting them to the mailing list or maintainers.Īny patch that is submitted without an acompanying license will be assumed Original BSD and GNU patches are not for example. This means revised BSD patches are likelyĪcceptable. Only patches released into the public domain stand a chance of getting How do I get a patch included into the release versions of Stunnel? You are welcome to submit them directly to the If you wish to submit a patch, please retrieve the latest version Below you will find various patches submitted by users. Sometimes these make it into the next version of the software, sometimes At various times folks release patches to the current version of Stunnel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |