Unable to use stunnel with tin... - Setup

This is a discussion on Unable to use stunnel with tin... - Setup ; On 6/15/2008 2:36 PM PT, Allen Kistler typed: >>>> Here is the version in Debian (I apt-get update and upgrade daily): >>> >>> Sorry, I can't help, v3 is too old and I have forgotten all about it. >>> The ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 29 of 29

Thread: Unable to use stunnel with tin...

  1. Re: Unable to use stunnel with tin...

    On 6/15/2008 2:36 PM PT, Allen Kistler typed:

    >>>> Here is the version in Debian (I apt-get update and upgrade daily):
    >>>
    >>> Sorry, I can't help, v3 is too old and I have forgotten all about it.
    >>> The difference between v3 and v4 is mainly the addition of
    >>> stunnel.conf and the dropping of all the command line parameters. I
    >>> have no idea why Debian should continue to ship something that hasn't
    >>> been updated in about 7 years but all other distros that I've used
    >>> switched to v4 a long time ago.
    >>> I do know that stunnel is very fussy about permissions on all its
    >>> directories though so it's possible that just creating the directory
    >>> is not enough, you might have to chown/chmod it too. It's also
    >>> possible that stunnel is running from a chroot jail in which case you
    >>> might need to be creating //var/run/stunnel

    >>
    >> Someone else suggested:
    >>
    >> $ stunnel -f -c -d 1119 -r news.giganews.com:563
    >> 2008.06.15 09:45:06 LOG5[2756:3082602160]: Using 'news.giganews.com.563'
    >> as tcpwrapper service name
    >> 2008.06.15 09:45:06 LOG5[2756:3082602160]: stunnel 3.26 on
    >> i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
    >> 2008.06.15 09:45:06 LOG3[2756:3082602160]: Argument to -P
    >> (/var/run/stunnel/) is not valid a directory name
    >>
    >> Then, I tried uninstalling and reinstalling stunnel and stunnel4
    >> packages via apt-get command. I retried and got different results:
    >>
    >> $ stunnel -f -c -d 1119 -r news.giganews.com:563
    >> 2008.06.15 10:02:12 LOG5[3325:3082749616]: stunnel 4.22 on
    >> i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
    >> 2008.06.15 10:02:12 LOG5[3325:3082749616]: Threading:PTHREAD
    >> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
    >> 2008.06.15 10:02:12 LOG5[3325:3082749616]: 500 clients allowed
    >> 2008.06.15 10:02:12 LOG3[3325:3082749616]: Cannot create pid file
    >> /var/run/stunnel4.pid
    >> 2008.06.15 10:02:12 LOG3[3325:3082749616]: create: Permission denied (13)
    >>
    >> [snip]
    >>
    >> It seems like it is mentioning the same permission problems you are
    >> referring to. Do I chown and chmod to my user/accountname or what? I
    >> don't know what this chroot jail thing is about.

    >
    > Only root can create pid files in /var/run.
    >
    > I choose not to run stunnel as root (actually I run it "nobody" using
    > options in stunnel.conf), so I create a subdir (/var/run/stunnel) owned
    > by "nobody" and change the pidfile directory using one of the options in
    > stunnel.conf. The man page describes the options.


    I also do not run it as root especially for newgroup reading and
    postings! Maybe I am not seeing it, but I don't see anything about
    "nobody" in man for both stunnel3 and stunnel4 commands. I see these two
    in my /var/run/:

    drwxrwxrwt 2 root root 4096 2008-06-15 11:27 stunnel
    drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 10:00 stunnel4

    Sorry if I found like a newbie. I am with this stunnel and not that
    knowledgeable with Linux. This stuff is pretty confusing!
    --
    "I don't understand them anymore, these people that travel the
    commuter-trains to their dormitory towns. These people call themselves
    human, but, by a pressure they do not feel, are forced to do their work
    like ants. With what do they fill their time when they are free of work
    on their silly little Sundays?" --Antoine de saint-Exupéry, 'Wind, Sand,
    and Stars,' 1939
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
    ( ) or ANTant@zimage.com
    Ant is currently not listening to any songs on his home computer. Go
    Los Angeles/L.A. Lakers!

  2. Re: Unable to use stunnel with tin...

    On Sun, 15 Jun 2008 22:14:25 UTC in comp.os.linux.questions, Ant
    wrote:

    > And you say my config file should work. Hmm.


    There is an 'output =' line in the config file. I would uncomment that and point
    it to /stunnel.log, start it up then look at /var/lib/stunnel4/stunnel.log for
    pointers to the error. If it's missing a .pem file then you need to create one
    and I don't know how you do that on Debian. You could also list all the files in
    your /var/log directory and see if any of those contain useful info.

    --
    Trevor Hemsley, Brighton, UK
    Trevor dot Hemsley at ntlworld dot com

  3. Re: Unable to use stunnel with tin...

    On 6/15/2008 3:22 PM PT, Trevor Hemsley typed:

    >> And you say my config file should work. Hmm.

    >
    > There is an 'output =' line in the config file. I would uncomment that and point
    > it to /stunnel.log, start it up then look at /var/lib/stunnel4/stunnel.log for
    > pointers to the error. If it's missing a .pem file then you need to create one
    > and I don't know how you do that on Debian. You could also list all the files in
    > your /var/log directory and see if any of those contain useful info.


    I edited my /etc/stunnel/stunnel.log to remove comments in this section:
    ; Some debugging stuff useful for troubleshooting
    debug = 7
    output = /var/log/stunnel4/stunnel.log

    $ stunnel4 ; tin -g localhost -p 1119

    tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
    Iain Lea.
    Connecting to localhost:1119...
    socket or connect problem
    Failed to connect to NNTP server localhost. Exiting...


    Am I using the right parameters for stunnel4 command? I recall using
    port lower than 1024 requires root access so I added an "1" to make it
    1119, but that didn't help either. Here's my stunnel.conf again with
    requested changes:

    $ cat stunnel.conf
    ; Sample stunnel configuration file by Michal Trojnara 2002-2006
    ; Some options used here may not be adequate for your particular
    configuration
    ; Please make sure you understand them (especially the effect of chroot
    jail)

    ; Certificate/key is needed in server mode and optional in client mode
    cert = /etc/stunnel/mail.pem
    ;key = /etc/stunnel/mail.pem

    ; Protocol version (all, SSLv2, SSLv3, TLSv1)
    sslVersion = SSLv3

    ; Some security enhancements for UNIX systems - comment them out on Win32
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    ; PID is created inside chroot jail
    pid = /stunnel4.pid

    ; Some performance tunings
    socket = l:TCP_NODELAY=1
    socket = r:TCP_NODELAY=1
    ;compression = rle

    ; Workaround for Eudora bug
    ;options = DONT_INSERT_EMPTY_FRAGMENTS

    ; Authentication stuff
    ;verify = 2
    ; Don't forget to c_rehash CApath
    ; CApath is located inside chroot jail
    ;CApath = /certs
    ; It's often easier to use CAfile
    ;CAfile = /etc/stunnel/certs.pem
    ; Don't forget to c_rehash CRLpath
    ; CRLpath is located inside chroot jail
    ;CRLpath = /crls
    ; Alternatively you can use CRLfile
    ;CRLfile = /etc/stunnel/crls.pem

    ; Some debugging stuff useful for troubleshooting
    debug = 7
    output = /var/log/stunnel4/stunnel.log

    ; Use it for client mode
    client = yes

    ; Service-level configuration

    ;[pop3s]
    ;accept = 995
    ;connect = 110

    ;[imaps]
    ;accept = 993
    ;connect = 143

    ;[ssmtp]
    ;accept = 465
    ;connect = 25

    ;[https]
    ;accept = 443
    ;connect = 80
    ;TIMEOUTclose = 0

    [nntps]
    accept = 127.0.0.1:1119
    connect = news.giganews.com:563

    ; vim:ft=dosini


    $ ls -l /var/log/stunnel4/stunnel.log
    -rw-r--r-- 1 stunnel4 stunnel4 0 2008-06-15 09:49
    /var/log/stunnel4/stunnel.log
    It is empty.

    $ ls -l /var/log
    total 3680
    -rw-r----- 1 root root 0 2008-06-15 06:25 acpid
    -rw-r----- 1 root root 20 2008-06-08 06:25 acpid.1.gz
    -rw-r----- 1 root root 20 2008-06-01 06:25 acpid.2.gz
    -rw-r----- 1 root root 90 2008-05-28 12:51 acpid.3.gz
    -rw-r----- 1 root root 64 2008-05-18 06:25 acpid.4.gz
    -rw-r--r-- 1 root root 4798 2008-06-11 21:17 apcupsd.events
    drwxr-xr-x 2 root root 4096 2008-06-01 06:25 apt
    -rw-r--r-- 1 root root 0 2008-02-06 06:27 aptitude
    -rw-r--r-- 1 root root 628 2008-02-05 13:08 aptitude.1.gz
    -rw-r--r-- 1 root root 318 2007-12-04 15:16 aptitude.2.gz
    -rw-r--r-- 1 root root 241 2007-12-03 15:21 aptitude.3.gz
    -rw-r--r-- 1 root root 754 2007-08-27 23:09 aptitude.4.gz
    -rw-r----- 1 root adm 12095 2008-06-15 15:45 auth.log
    -rw-r----- 1 root adm 151385 2008-06-15 06:47 auth.log.0
    -rw-r----- 1 root adm 9163 2008-06-08 06:47 auth.log.1.gz
    -rw-r----- 1 root adm 27648 2008-06-01 06:47 auth.log.2.gz
    -rw-r----- 1 root adm 8400 2008-05-25 06:47 auth.log.3.gz
    drwxr-xr-x 2 root root 4096 2007-05-15 17:26 bittorrent
    -rw-r----- 1 root adm 31 2007-08-27 23:00 boot
    -rw-rw-r-- 1 root utmp 768 2008-06-10 07:35 btmp
    -rw-rw-r-- 1 root utmp 0 2008-05-01 06:25 btmp.1
    drwxr-xr-x 2 clamav clamav 4096 2008-06-15 06:25 clamav
    drwxr-xr-x 2 root root 4096 2008-06-15 06:25 cups
    -rw-r----- 1 root adm 15217 2008-06-15 15:20 daemon.log
    -rw-r----- 1 root adm 28847 2008-06-15 04:49 daemon.log.0
    -rw-r----- 1 root adm 1898 2008-06-08 06:19 daemon.log.1.gz
    -rw-r----- 1 root adm 1344 2008-06-01 06:19 daemon.log.2.gz
    -rw-r----- 1 root adm 1892 2008-05-25 05:49 daemon.log.3.gz
    -rw-r----- 1 root adm 4479 2008-06-15 15:19 debug
    -rw-r----- 1 root adm 2745 2008-06-15 04:23 debug.0
    -rw-r----- 1 root adm 1115 2008-06-07 00:09 debug.1.gz
    -rw-r----- 1 root adm 496 2008-05-31 15:12 debug.2.gz
    -rw-r----- 1 root adm 184 2008-05-25 00:48 debug.3.gz
    -rw-r----- 1 root root 7140 2008-06-15 15:25 denyhosts
    -rw-r----- 1 root root 4873 2008-06-15 05:26 denyhosts.1.gz
    -rw-r----- 1 root root 4912 2008-06-08 05:25 denyhosts.2.gz
    -rw-r----- 1 root root 4989 2008-06-01 05:27 denyhosts.3.gz
    -rw-r----- 1 root root 4777 2008-05-25 05:26 denyhosts.4.gz
    -rw-r----- 1 root root 5081 2008-05-18 06:17 denyhosts.5.gz
    -rw-r----- 1 root root 5094 2008-05-11 05:26 denyhosts.6.gz
    -rw-r----- 1 root root 4683 2008-05-04 05:26 denyhosts.7.gz
    -rw-r--r-- 1 root root 140 2008-06-15 06:25 dirmngr.log
    -rw-r--r-- 1 root root 269 2008-06-15 06:25 dirmngr.log.1
    -rw-r--r-- 1 root root 269 2008-06-08 06:25 dirmngr.log.2
    -rw-r--r-- 1 root root 269 2008-06-01 06:25 dirmngr.log.3
    -rw-r--r-- 1 root root 261 2008-05-25 06:25 dirmngr.log.4
    -rw-r----- 1 root adm 15141 2008-03-11 20:49 dmesg
    -rw-r----- 1 root adm 15141 2008-03-06 08:46 dmesg.0
    -rw-r----- 1 root adm 5379 2008-02-21 21:39 dmesg.1.gz
    -rw-r----- 1 root adm 5548 2008-02-16 16:08 dmesg.2.gz
    -rw-r----- 1 root adm 5403 2008-01-26 23:02 dmesg.3.gz
    -rw-r----- 1 root adm 5400 2008-01-26 22:58 dmesg.4.gz
    -rw-r----- 1 root adm 252653 2008-06-15 10:00 dpkg.log
    -rw-r----- 1 root adm 502069 2008-05-31 12:11 dpkg.log.1
    -rw-r----- 1 root adm 28661 2007-09-30 14:21 dpkg.log.10.gz
    -rw-r----- 1 root adm 73549 2007-08-31 14:45 dpkg.log.11.gz
    -rw-r----- 1 root adm 40789 2008-04-30 11:52 dpkg.log.2.gz
    -rw-r----- 1 root adm 24384 2008-03-31 11:11 dpkg.log.3.gz
    -rw-r----- 1 root adm 5667 2008-03-09 15:28 dpkg.log.4.gz
    -rw-r----- 1 root adm 25770 2008-02-29 11:53 dpkg.log.5.gz
    -rw-r----- 1 root adm 26284 2008-01-31 14:03 dpkg.log.6.gz
    -rw-r----- 1 root adm 34966 2007-12-31 12:55 dpkg.log.7.gz
    -rw-r----- 1 root adm 26947 2007-11-27 08:54 dpkg.log.8.gz
    -rw-r----- 1 root adm 12108 2007-10-31 06:36 dpkg.log.9.gz
    drwxr-s--- 2 Debian-exim adm 4096 2008-06-15 06:25 exim4
    -rw-r--r-- 1 root root 24048 2008-06-15 09:49 faillog
    -rw-r--r-- 1 root root 2243 2008-04-11 11:55 fontconfig.log
    drwxr-xr-x 2 root root 4096 2007-08-27 23:00 fsck
    drwxr-xr-x 2 root root 4096 2007-08-28 03:27 gdm
    drwxr-xr-x 3 root root 4096 2007-08-27 23:16 installer
    -rw-r----- 1 root adm 1800 2008-06-15 15:10 kern.log
    -rw-r----- 1 root adm 520607 2008-06-15 04:14 kern.log.0
    -rw-r----- 1 root adm 28772 2008-06-08 06:37 kern.log.1.gz
    -rw-r----- 1 root adm 18746 2008-05-31 23:53 kern.log.2.gz
    -rw-r----- 1 root adm 9926 2008-05-25 00:39 kern.log.3.gz
    -rw-r----- 1 root adm 30264 2008-03-09 06:46 kern.log.4.gz
    -rw-r----- 1 root adm 86581 2008-03-04 01:56 kern.log.5.gz
    -rw-r----- 1 root adm 85033 2008-02-25 06:25 kern.log.6.gz
    drwxr-xr-x 2 root root 4096 2007-05-02 22:54 kismet
    -rw-rw-r-- 1 root utmp 292584 2008-06-15 09:49 lastlog
    -rw-r--r-- 1 root root 0 2007-08-28 06:16 lpr.log
    -rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.err
    -rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.info
    -rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.log
    -rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.warn
    -rw-r----- 1 root adm 933 2008-06-15 15:36 messages
    -rw-r----- 1 root adm 24083 2008-06-15 06:36 messages.0
    -rw-r----- 1 root adm 2455 2008-06-08 06:47 messages.1.gz
    -rw-r----- 1 root adm 2329 2008-06-01 06:46 messages.2.gz
    -rw-r----- 1 root adm 1957 2008-05-25 06:46 messages.3.gz
    drwxr-sr-x 2 news news 4096 2007-08-28 06:16 news
    drwxr-xr-x 2 ntp ntp 4096 2007-08-28 01:08 ntpstats
    -rw-r--r-- 1 root root 27645 2008-05-30 22:06
    nvidia-installer.log
    drwxr-xr-x 2 root root 4096 2006-10-24 18:06 partimage
    -rw------- 1 root root 217617 2008-06-15 15:52 preload.log
    -rw------- 1 root root 36890 2008-06-15 06:25 preload.log.1.gz
    -rw------- 1 root root 39184 2008-06-14 06:25 preload.log.2.gz
    -rw------- 1 root root 36847 2008-06-13 06:24 preload.log.3.gz
    -rw------- 1 root root 38579 2008-06-12 06:24 preload.log.4.gz
    -rw-r--r-- 1 root root 1434 2008-01-27 11:17 pycentral.log
    -rw------- 1 root root 75509 2008-03-11 17:00 rkhunter.log
    -rw------- 1 root root 5219 2008-03-11 16:59 rkhunter.log.old
    drwxr-x--- 3 root adm 4096 2008-06-08 06:25 samba
    -rw-r--r-- 1 root root 0 2008-06-15 06:25 scrollkeeper.log
    -rw-r--r-- 1 root root 88935 2008-06-13 06:26 scrollkeeper.log.1
    -rw-r--r-- 1 root root 152619 2008-06-06 06:42 scrollkeeper.log.2
    drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 09:49 stunnel4
    -rw-r----- 1 root adm 18873 2008-06-15 15:36 syslog
    -rw-r----- 1 root adm 74695 2008-06-15 06:25 syslog.0
    -rw-r----- 1 root adm 3775 2008-06-14 06:25 syslog.1.gz
    -rw-r----- 1 root adm 1991 2008-06-13 06:27 syslog.2.gz
    -rw-r----- 1 root adm 3270 2008-06-12 06:25 syslog.3.gz
    -rw-r----- 1 root adm 1950 2008-06-11 06:25 syslog.4.gz
    -rw-r----- 1 root adm 19239 2008-06-10 06:25 syslog.5.gz
    -rw-r----- 1 root adm 3027 2008-06-09 06:25 syslog.6.gz
    -rw-r----- 1 root adm 0 2008-06-15 06:47 user.log
    -rw-r----- 1 root adm 347 2008-06-13 06:30 user.log.0
    -rw-r----- 1 root adm 173 2008-05-30 22:06 user.log.1.gz
    -rw-r----- 1 root adm 133 2008-05-03 22:33 user.log.2.gz
    -rw-r----- 1 root adm 188 2008-03-11 20:49 user.log.3.gz
    -rw-r--r-- 1 root root 0 2007-08-28 06:16 uucp.log
    -rw-r--r-- 1 root root 20556 2008-05-04 22:42 vbox-install.log
    -rw------- 1 root root 0 2008-06-15 06:25 vsftpd.log
    -rw------- 1 root root 1784 2008-06-14 16:48 vsftpd.log.1
    -rw------- 1 root root 430 2008-05-17 15:52 vsftpd.log.2
    -rw------- 1 root root 1286 2008-04-12 17:07 vsftpd.log.3
    -rw------- 1 root root 1208 2008-03-15 16:39 vsftpd.log.4
    -rw-rw-r-- 1 root utmp 61440 2008-06-14 16:44 wtmp
    -rw-rw-r-- 1 root utmp 151296 2008-05-31 22:49 wtmp.1
    -rw-r--r-- 1 root root 23368 2008-06-15 15:01 Xorg.0.log
    -rw-r--r-- 1 root root 22467 2008-06-10 07:02 Xorg.0.log.old

    $ locate .pem
    /etc/ssl/certs/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.pem
    /etc/ssl/certs/AOL_Time_Warner_Root_Certification_Authority_1.pem
    /etc/ssl/certs/AOL_Time_Warner_Root_Certification_Authority_2.pem
    /etc/ssl/certs/AddTrust_External_Root.pem
    /etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem
    /etc/ssl/certs/AddTrust_Public_Services_Root.pem
    /etc/ssl/certs/AddTrust_Qualified_Certificates_Root.pem
    /etc/ssl/certs/America_Online_Root_Certification_Authority_1.pem
    /etc/ssl/certs/America_Online_Root_Certification_Authority_2.pem
    /etc/ssl/certs/Baltimore_CyberTrust_Root.pem
    /etc/ssl/certs/COMODO_Certification_Authority.pem
    /etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.pem
    /etc/ssl/certs/Camerfirma_Global_Chambersign_Root.pem
    /etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
    /etc/ssl/certs/Certum_Root_CA.pem
    /etc/ssl/certs/Comodo_AAA_Services_root.pem
    /etc/ssl/certs/Comodo_Secure_Services_root.pem
    /etc/ssl/certs/Comodo_Trusted_Services_root.pem
    /etc/ssl/certs/DST_ACES_CA_X6.pem
    /etc/ssl/certs/DST_Root_CA_X3.pem
    /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
    /etc/ssl/certs/DigiCert_Global_Root_CA.pem
    /etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
    /etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_1.pem
    /etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_2.pem
    /etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_3.pem
    /etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_4.pem
    /etc/ssl/certs/Entrust.net_Global_Secure_Personal_CA.pem
    /etc/ssl/certs/Entrust.net_Global_Secure_Server_CA.pem
    /etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
    /etc/ssl/certs/Entrust.net_Secure_Personal_CA.pem
    /etc/ssl/certs/Entrust.net_Secure_Server_CA.pem
    /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
    /etc/ssl/certs/Equifax_Secure_CA.pem
    /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem
    /etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.pem
    /etc/ssl/certs/Equifax_Secure_eBusiness_CA_2.pem
    /etc/ssl/certs/Firmaprofesional_Root_CA.pem
    /etc/ssl/certs/GTE_CyberTrust_Global_Root.pem
    /etc/ssl/certs/GTE_CyberTrust_Root_CA.pem
    /etc/ssl/certs/GeoTrust_Global_CA.pem
    /etc/ssl/certs/GeoTrust_Global_CA_2.pem
    /etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem
    /etc/ssl/certs/GeoTrust_Universal_CA.pem
    /etc/ssl/certs/GeoTrust_Universal_CA_2.pem
    /etc/ssl/certs/GlobalSign_Root_CA.pem
    /etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
    /etc/ssl/certs/Go_Daddy_Class_2_CA.pem
    /etc/ssl/certs/IPS_CLASE1_root.pem
    /etc/ssl/certs/IPS_CLASE3_root.pem
    /etc/ssl/certs/IPS_CLASEA1_root.pem
    /etc/ssl/certs/IPS_CLASEA3_root.pem
    /etc/ssl/certs/IPS_Chained_CAs_root.pem
    /etc/ssl/certs/IPS_Servidores_root.pem
    /etc/ssl/certs/IPS_Timestamping_root.pem
    /etc/ssl/certs/NetLock_Business_=Class_B=_Root.pem
    /etc/ssl/certs/NetLock_Express_=Class_C=_Root.pem
    /etc/ssl/certs/NetLock_Notary_=Class_A=_Root.pem
    /etc/ssl/certs/NetLock_Qualified_=Class_QA=_Root.pem
    /etc/ssl/certs/QuoVadis_Root_CA.pem
    /etc/ssl/certs/QuoVadis_Root_CA_2.pem
    /etc/ssl/certs/QuoVadis_Root_CA_3.pem
    /etc/ssl/certs/QuoVadis_Root_Certification_Authority.pem
    /etc/ssl/certs/RSA_Root_Certificate_1.pem
    /etc/ssl/certs/RSA_Security_1024_v3.pem
    /etc/ssl/certs/RSA_Security_2048_v3.pem
    /etc/ssl/certs/SPI2007-ca.pem
    /etc/ssl/certs/SPI_CA_2006-cacert.pem
    /etc/ssl/certs/SecureTrust_CA.pem
    /etc/ssl/certs/Secure_Global_CA.pem
    /etc/ssl/certs/Security_Communication_Root_CA.pem
    /etc/ssl/certs/Sonera_Class_1_Root_CA.pem
    /etc/ssl/certs/Sonera_Class_2_Root_CA.pem
    /etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem
    /etc/ssl/certs/Starfield_Class_2_CA.pem
    /etc/ssl/certs/StartCom_Certification_Authority.pem
    /etc/ssl/certs/StartCom_Ltd..pem
    /etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
    /etc/ssl/certs/SwissSign_Platinum_CA_-_G2.pem
    /etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
    /etc/ssl/certs/Swisscom_Root_CA_1.pem
    /etc/ssl/certs/TC_TrustCenter__Germany__Class_2_CA.pem
    /etc/ssl/certs/TC_TrustCenter__Germany__Class_3_CA.pem
    /etc/ssl/certs/TDC_Internet_Root_CA.pem
    /etc/ssl/certs/TDC_OCES_Root_CA.pem
    /etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_1.pem
    /etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_2.pem
    /etc/ssl/certs/Taiwan_GRCA.pem
    /etc/ssl/certs/Thawte_Personal_Basic_CA.pem
    /etc/ssl/certs/Thawte_Personal_Freemail_CA.pem
    /etc/ssl/certs/Thawte_Personal_Premium_CA.pem
    /etc/ssl/certs/Thawte_Premium_Server_CA.pem
    /etc/ssl/certs/Thawte_Server_CA.pem
    /etc/ssl/certs/Thawte_Time_Stamping_CA.pem
    /etc/ssl/certs/UTN-USER_First-Network_Applications.pem
    /etc/ssl/certs/UTN_DATACorp_SGC_Root_CA.pem
    /etc/ssl/certs/UTN_USERFirst_Email_Root_CA.pem
    /etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem
    /etc/ssl/certs/UTN_USERFirst_Object_Root_CA.pem
    /etc/ssl/certs/ValiCert_Class_1_VA.pem
    /etc/ssl/certs/ValiCert_Class_2_VA.pem
    /etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Auth ority_-_G5.pem
    /etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Auth ority.pem
    /etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Auth ority_-_G2.pem
    /etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Auth ority_-_G3.pem
    /etc/ssl/certs/Verisign_Class_1_Public_Primary_OCSP_Responder.pem
    /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Auth ority.pem
    /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Auth ority_-_G2.pem
    /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Auth ority_-_G3.pem
    /etc/ssl/certs/Verisign_Class_2_Public_Primary_OCSP_Responder.pem
    /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Auth ority.pem
    /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Auth ority_-_G2.pem
    /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Auth ority_-_G3.pem
    /etc/ssl/certs/Verisign_Class_3_Public_Primary_OCSP_Responder.pem
    /etc/ssl/certs/Verisign_Class_4_Public_Primary_Certification_Auth ority_-_G2.pem
    /etc/ssl/certs/Verisign_Class_4_Public_Primary_Certification_Auth ority_-_G3.pem
    /etc/ssl/certs/Verisign_RSA_Secure_Server_CA.pem
    /etc/ssl/certs/Verisign_Secure_Server_OCSP_Responder.pem
    /etc/ssl/certs/Verisign_Time_Stamping_Authority_CA.pem
    /etc/ssl/certs/Visa_International_Global_Root_2.pem
    /etc/ssl/certs/Visa_eCommerce_Root.pem
    /etc/ssl/certs/Wells_Fargo_Root_CA.pem
    /etc/ssl/certs/XRamp_Global_CA_Root.pem
    /etc/ssl/certs/beTRUSTed_Root_CA-Baltimore_Implementation.pem
    /etc/ssl/certs/beTRUSTed_Root_CA.pem
    /etc/ssl/certs/beTRUSTed_Root_CA_-_Entrust_Implementation.pem
    /etc/ssl/certs/beTRUSTed_Root_CA_-_RSA_Implementation.pem
    /etc/ssl/certs/brasil.gov.br.pem
    /etc/ssl/certs/ca.pem
    /etc/ssl/certs/class3.pem
    /etc/ssl/certs/deutsche-telekom-root-ca-2.pem
    /etc/ssl/certs/root.pem
    /etc/ssl/certs/signet_ca1_pem.pem
    /etc/ssl/certs/signet_ca2_pem.pem
    /etc/ssl/certs/signet_ca3_pem.pem
    /etc/ssl/certs/signet_ocspklasa2_pem.pem
    /etc/ssl/certs/signet_ocspklasa3_pem.pem
    /etc/ssl/certs/signet_pca2_pem.pem
    /etc/ssl/certs/signet_pca3_pem.pem
    /etc/ssl/certs/signet_rootca_pem.pem
    /etc/ssl/certs/signet_tsa1_pem.pem
    /etc/ssl/certs/spi-ca-2003.pem
    /etc/ssl/certs/spi-ca.pem
    /etc/ssl/certs/spi-cacert-2008.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/thawte_Primary_Root_CA.pem
    /usr/share/doc/gpgsm/com-certs.pem.gz
    /usr/share/doc/libgems-ruby1.8/test/private_key.pem
    /usr/share/doc/libgems-ruby1.8/test/public_cert.pem
    /usr/share/doc/libgems-ruby1.8/test/data/gem-private_key.pem
    /usr/share/doc/libgems-ruby1.8/test/data/gem-public_cert.pem
    /usr/share/gnupg2/com-certs.pem

    I hope those help.
    --
    "At high tide the fish eat ants; at low tide the ants eat fish." --Thai
    Proverb
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
    ( ) or ANTant@zimage.com
    Ant is currently not listening to any songs on his home computer. Go
    Los Angeles/L.A. Lakers!

  4. Re: Unable to use stunnel with tin...

    On Sun, 15 Jun 2008 22:54:10 UTC in comp.os.linux.questions, Ant
    wrote:

    > /var/log/stunnel4/stunnel.log
    > It is empty.


    Try looking in /var/log/messages.

    --
    Trevor Hemsley, Brighton, UK
    Trevor dot Hemsley at ntlworld dot com

  5. Re: Unable to use stunnel with tin...

    On 6/15/2008 3:22 PM PT, Trevor Hemsley typed:

    > On Sun, 15 Jun 2008 22:14:25 UTC in comp.os.linux.questions, Ant
    > wrote:
    >
    >> And you say my config file should work. Hmm.

    >
    > There is an 'output =' line in the config file. I would uncomment that and point
    > it to /stunnel.log, start it up then look at /var/lib/stunnel4/stunnel.log for
    > pointers to the error. If it's missing a .pem file then you need to create one
    > and I don't know how you do that on Debian. You could also list all the files in
    > your /var/log directory and see if any of those contain useful info.


    Someone suggested trying running it as root just for kicks:

    stunnel3 -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
    tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
    Iain Lea.
    Connection to news server has timed out. Reconnect? (Y/n) Y

    It is not connecting. This is with both stunnel3 and stunnel4.
    --
    "God is a mean kid sitting on an ant-hill with a magnifying glass, and
    I'm the ant." --Bruce Nolan (Bruce Almighty movie)
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
    ( ) or ANTant@zimage.com
    Ant is currently not listening to any songs on his home computer. Go
    Los Angeles/L.A. Lakers!

  6. Re: Unable to use stunnel with tin...

    >>> And you say my config file should work. Hmm.
    >>
    >> There is an 'output =' line in the config file. I would uncomment that
    >> and point
    >> it to /stunnel.log, start it up then look at
    >> /var/lib/stunnel4/stunnel.log for pointers to the error. If it's
    >> missing a .pem file then you need to create one and I don't know how
    >> you do that on Debian. You could also list all the files in
    >> your /var/log directory and see if any of those contain useful info.

    >
    > Someone suggested trying running it as root just for kicks:
    >
    > stunnel3 -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
    > tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
    > Iain Lea.
    > Connection to news server has timed out. Reconnect? (Y/n) Y
    >
    > It is not connecting. This is with both stunnel3 and stunnel4.


    Wait! I got it to work with root. I forgot to disable my firewall via
    Guarddog. OK, it connects for both stunnel3 and stunnel4. Now, I need to
    make them run it without being root.
    --
    "I don't believe in evil, I believe only in horror. In nature there is
    no evil, only an abundance of horror: the plagues and the blights and
    the ants and the maggots." --Isak Dinesen
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
    ( ) or ANTant@zimage.com
    Ant is currently not listening to any songs on his home computer. Go
    Los Angeles/L.A. Lakers!

  7. Re: Unable to use stunnel with tin...

    On Sun, 15 Jun 2008 23:06:47 UTC in comp.os.linux.questions, Ant
    wrote:

    > I need to
    > make them run it without being root.


    Then I would copy your /etc/stunnel/stunnel.conf to your own directory, amend
    all the user and group names in it to your own, change all the local port
    numbers to > 1024 and make sure that the chroot jail it points to is owned by
    you and that you have write access to it. Then invoke

    stunnel4 /path/to/your/stunnel.conf

    --
    Trevor Hemsley, Brighton, UK
    Trevor dot Hemsley at ntlworld dot com

  8. Re: Unable to use stunnel with tin...

    On 6/15/2008 4:01 PM PT, Trevor Hemsley typed:

    > On Sun, 15 Jun 2008 22:54:10 UTC in comp.os.linux.questions, Ant
    > wrote:
    >
    >> /var/log/stunnel4/stunnel.log
    >> It is empty.

    >
    > Try looking in /var/log/messages.
    >

    Nothing, BUT I got it to work. It was my firewall blocking it (disabled
    it via GuardDog). I also configured it to work with the firewall. And I
    no longer need to run it as root (no idea how I fixed it, maybe it was
    the firewall OR testing stunnel with root did something)!
    --
    "The ants and termites have renounced the Hobbesian war." --Petr Kropotkin
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
    ( ) or ANTant@zimage.com
    Ant is currently not listening to any songs on his home computer. Go
    Los Angeles/L.A. Lakers!

  9. Re: Unable to use stunnel with tin...

    On 6/15/2008 4:06 PM PT, Ant typed:

    >>>> And you say my config file should work. Hmm.
    >>>
    >>> There is an 'output =' line in the config file. I would uncomment
    >>> that and point
    >>> it to /stunnel.log, start it up then look at
    >>> /var/lib/stunnel4/stunnel.log for pointers to the error. If it's
    >>> missing a .pem file then you need to create one and I don't know how
    >>> you do that on Debian. You could also list all the files in
    >>> your /var/log directory and see if any of those contain useful info.

    >>
    >> Someone suggested trying running it as root just for kicks:
    >>
    >> stunnel3 -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
    >> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
    >> Iain Lea.
    >> Connection to news server has timed out. Reconnect? (Y/n) Y
    >>
    >> It is not connecting. This is with both stunnel3 and stunnel4.

    >
    > Wait! I got it to work with root. I forgot to disable my firewall via
    > Guarddog. OK, it connects for both stunnel3 and stunnel4. Now, I need to
    > make them run it without being root.


    I configured the firewall to allow both port 563 and 1119 for stunnel
    command. And I no longer need to run it as root (no idea how I fixed it,
    maybe it was the firewall OR testing stunnel with root did something)!

    Thanks all!!
    --
    "In an ant colony, dew is a flood." --Afghan
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
    ( ) or ANTant@zimage.com
    Ant is currently not listening to any songs on his home computer. Go
    Los Angeles/L.A. Lakers!

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2