4

I generated an SSL certificate as specified on the answer to stunnel: SSL-to-SSL? (for smtp/imap) And have the following configuation file:

cert = /home/marshall/stunnels/certs/umistunnel.keys

; protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

pid = ./stunnel4.pid

[https]
accept  = 4433
connect = 3000

When I run

> stunnel config.conf

the error I get is:

Reading configuration from descriptor 3
Snagged 64 random bytes from /home/marshall/.rnd
Wrote 1024 new random bytes to /home/marshall/.rnd
PRNG seeded successfully
Line 1: End of section stunnel: SSL server needs a certificate

If I instead run:

> stunnel filethatdoesnotexist.asdf

I get the same result. And, if I run stunnel without any parameters, the only change is that the error states Line 0. What am I doing wrong here?

Community
  • 1
Marshall Anschutz
  • 221
  • 2
  • 7

3 Answers3

12

You may have both stunnel3 & stunnel4 installed on your system.

The default for "stunnel" is to softlink it to stunnel3:

root@sibelius:/usr/bin# ls -l stunnel*
lrwxrwxrwx 1 root root      8 Oct 18  2011 stunnel -> stunnel3
-rwxr-xr-x 1 root root   2797 Oct 18  2011 stunnel3
-rwxr-xr-x 1 root root 109904 Oct 18  2011 stunnel4

The syntax of the stunnel.conf for stunnel3 is not compatible with the one for stunnel4.

Hence the error. Try removing stunnel3.

user153252
  • 121
  • 1
  • 3
6

Found my problem... It's not really documented (at least on my Ubuntu system). If I run the command 

> stunnel4 config.conf

Then everything works, and all output shows up in the debug log file (if configured in the config file).

Marshall Anschutz
  • 221
  • 2
  • 7
0

put the cert line in [https] also.

Mike
  • 21,910
  • 7
  • 55
  • 79
  • I added an identical (cert) line immediately under the [https] line, but it still gives the same error (and yes, I did verify that the file exists.) – Marshall Anschutz Sep 05 '12 at 17:17