[ale] NNTPS "tunnelling"?
Michael B. Trausch
fd0man at gmail.com
Tue Apr 25 19:10:44 EDT 2006
On Tue April 25 2006 18:01, Brian MacLeod wrote:
>
> Well, I'm not really sure. My CentOS systems only require that I execute
> 'stunnel' and it runs with the configuration in
> /etc/stunnel/stunnel.conf. I haven't spent the few minutes of time it
> would take to run a proper startup script (I use it to tunnel LDAP
> queries to Active Directory).
>
> My 'stunnel -h' tells me append file name if I don't want to use
> /etc/stunnel/stunnel.conf. Does yours state where it looks?
>
Nope, at least if it does, I'm too stupid to figure it out from the output
of the command:
fd0man at cinnamon:~$ stunnel -h
==
stunnel [-h] [-V] [-c | -T] [-D level] [-C cipherlist] [-p pemfile]
[-v level] [-A certfile] [-a directory] [-S sources] [-t timeout]
[-u ident_username] [-s setuid_user] [-g setgid_group] [-n protocol]
[-R randfile] [-E egdsock] [-B bytes] [-P { dir/ | filename |
none } ]
[-d [host:]port [-f] ]
[-r [host:]port | { -l | -L } program [-- args] ]
-h print this help screen
-V print stunnel version and compile-time defaults
-d [host:]port daemon mode (host defaults to INADDR_ANY)
-r [host:]port connect to remote service (host defaults to
INADDR_LOOPBACK)
-l program execute local inetd-type program
-L program open local pty and execute program
-c client mode (remote service uses SSL)
-f foreground mode (don't fork, log to stderr)
-I host local IP address to be used as source for remote connections
-T transparent proxy mode on hosts that support it
-p pemfile private key and certificate chain PEM filename
-v level verify peer certificate
level 1 - verify peer certificate if present
level 2 - require valid peer certificate always
level 3 - verify peer with locally installed certificate
-a directory client certificate directory for -v options
-A certfile CA certificate for -v options
-S sources which certificate source defaults to use
0 = ignore all defaults sources
1 = use ssl library defaults
2 = use stunnel defaults
3 = use both ssl library and stunnel defaults
-t timeout session cache timeout
-u user use IDENT (RFC 1413) username checking
-n proto negotiate SSL with specified protocol
currently supported: smtp, pop3, nntp
-N name service name to use for tcp wrapper checking
-s username setuid() to username in daemon mode
-g groupname setgid() to groupname in daemon mode
-P arg specify pid file { dir/ | filename | none }
-C list set permitted SSL ciphers
-E socket path to Entropy Gathering Daemon socket
-B bytes how many bytes to read from random seed files
-R file path to file with random seed data
/dev/urandom is used when this option is not specified
-W do not overwrite random seed datafiles with new random data
-D [fac.]lev debug level (e.g. daemon.info)
-O a|l|r:option=value[:value] set an option on accept/local/remote socket
-o file append log messages to a file
See stunnel -V output for default values
fd0man at cinnamon:~$
==
What I do see is options for a PEM file, certificate file, a random seed
source, and a file for the pid ID.
*shrugs*
Perhaps, I'll just use it without the file. Still, very useful. I've used
this before for debugging SSL connections over a tty, but I didn't realize
that it would work with connecting a program to a remote SSL source.
Thanks again!
- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
More information about the Ale
mailing list