On Thu, Dec 08, 2016 at 05:52:40PM +0100, Małgorzata Olszówka wrote: > Yes, but when the service is started, you can see PID in the next logs: > > 2016.12.08 11:38:59 LOG7[ui]: Service [https] accepted (FD=3) from > 127.0.0.1:59400 > 2016.12.08 11:38:59 LOG7[16226]: Service [https] started
This appears to be a different use case. In my case, stunnel is not accepting the connection. tcpserver accepts the connection (or rejects it) and then executes stunnel on the open socket. This stunnel process never prints its own PID, only ever (for example) LOG6[ui]. My command line (simplified) is as follows: tcpserver -HRvX -c 20 0 465 /usr/sbin/stunnel stunnel.conf The stunnel.conf file is: foreground = yes pid = cert = /path/to/private/cert service = smtps exec = /usr/bin/setuidgid execargs = setuidgid qmaild ./sslrun ciphers = DEFAULT:!LOW:!RC4:!DES:!3DES:!IDEA syslog = no options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 debug = info TIMEOUTbusy = 15 TIMEOUTidle = 300 verify = 0 The logs show (for example): tcpserver: pid 24622 from 174.2.75.223 tcpserver: ok 24622 untroubled.org:69.5.1.51:465 :174.2.75.223::39746 2016.12.09 18:34:34 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP 2016.12.09 18:34:34 LOG5[ui]: Reading configuration from file /var/service/smtpsd/stunnel.conf 2016.12.09 18:34:34 LOG5[ui]: UTF-8 byte order mark not detected 2016.12.09 18:34:34 LOG6[ui]: Initializing inetd mode configuration 2016.12.09 18:34:34 LOG6[ui]: Loading certificate from file: /path/to/private/cert 2016.12.09 18:34:34 LOG6[ui]: Certificate loaded from file: /path/to/private/cert 2016.12.09 18:34:34 LOG6[ui]: Loading private key from file: /path/to/private/cert 2016.12.09 18:34:34 LOG6[ui]: Private key loaded from file: /path/to/private/cert 2016.12.09 18:34:34 LOG6[ui]: Using dynamic DH parameters 2016.12.09 18:34:34 LOG5[ui]: Configuration successful 2016.12.09 18:34:34 LOG5[ui]: Service [smtps] accepted connection from 174.2.75.223:39746 2016.12.09 18:34:34 LOG6[ui]: SSL accepted: new session negotiated 2016.12.09 18:34:34 LOG6[ui]: No peer certificate received 2016.12.09 18:34:34 LOG6[ui]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) 2016.12.09 18:34:34 LOG6[ui]: Local mode child started (PID=24623) mailfront[24623]: MAIL FROM:<[email protected]> BODY=8BITMIME SIZE=492 mailfront[24623]: RCPT TO:<[email protected]> mailfront[24623]: 2.6.0 Accepted message qp 24625 bytes 1319 mailfront[24623]: bytes in: 660 bytes out: 367 2016.12.09 18:34:35 LOG6[ui]: Read socket closed (readsocket) 2016.12.09 18:34:35 LOG6[ui]: SSL_shutdown successfully sent close_notify alert 2016.12.09 18:34:35 LOG6[ui]: SSL socket closed (SSL_read) 2016.12.09 18:34:35 LOG5[ui]: Connection closed: 367 byte(s) sent to SSL, 660 byte(s) sent to socket tcpserver: end 24622 status 0 This is all fine and good if there is a single connection, but when there are multiple connections, and the stunnel logs are interleaved, how am I to tell one Negotiated line from the other, or which connection started which child process? -- Bruce Guenter <[email protected]> http://untroubled.org/
signature.asc
Description: Digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
