Hi, I reported the following to the Fedora bugtracker[0], but only then realized that this happens with the upstream version too. In short: since stunnel 5.44 I am no longer able to have stunnel bind to localhost, when "localhost" is literally mentioned in the configuration file:
$ cat stunnel.test [test] client = yes protocol = smtp accept = localhost:12345 connect = localhost:2025 $ stunnel-5.44 stunnel.test [...] [ ] Binding service [test] [ ] Listening file descriptor created (FD=6) [ ] Option SO_REUSEADDR set on accept socket [ ] Service [test] (FD=6) bound to 127.0.0.1:12345 [ ] Listening file descriptor created (FD=7) [ ] Option SO_REUSEADDR set on accept socket [!] bind: Address already in use (98) [!] Error binding service [test] to 127.0.0.1:12345 [ ] Unbinding service [test] [ ] Service [test] closed (FD=6) [ ] Service [test] closed When using "127.0.0.1" or "::1" instead of "localhost" in the configuration file, stunnel-5.44 works. However, then one can only connect to either the IPv4 _or_ the IPv6 address, depending on what's configured. With stunnel-5.43 and "accept=localhost:12345" both IPv4 and IPv6 was available. I suspect that this is related to the following change log entry for 5.44: > Default accept address restored to INADDR_ANY. I have attached a patch to revert that (?) change and also included a test script that fails on my system when the patch is not applied. I see "Version 5.45" already mention in the changelog on the website, but now download yet? Thanks, Christian. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1542361 -- BOFH excuse #424: operation failed because: there is no message for this error (#1014)
--- /dev/null 2018-02-05 14:57:29.436074709 -0800
+++ tests/recipes/019_localhost 2018-02-06 00:45:59.964728931 -0800
@@ -0,0 +1,32 @@
+#!/bin/sh
+. $(dirname $0)/../test_library
+
+start() {
+ ../../src/stunnel -fd 0 <<EOT
+ debug = debug
+ syslog = no
+ pid = ${result_path}/stunnel.pid
+ output = ${result_path}/stunnel.log
+
+ [https client]
+ client = yes
+ accept = localhost:${http1}
+ connect = localhost:${https}
+
+ [https server]
+ accept = localhost:${https}
+ connect = localhost:${http2}
+ cert = ${script_path}/certs/stunnel.pem
+EOT
+}
+
+check_ports "019_localhost"
+if grep -q "IPv6" "results.log" && PATH="${PATH}:/sbin:/usr/sbin" ifconfig |
grep -q "inet6" && [ -n "$(command -v ncat)" ] # nc does not support IPv6
+ then
+ start 2> "error.log"
+ test_log_for "019_localhost" "success" "$1" 2>> "stderr.log"
+ exit $?
+ else
+ exit_logs "019_localhost" "skipped"
+ exit 125
+ fi
--- src/options.c.orig 2017-11-14 23:06:12.000000000 -0800
+++ src/options.c 2018-02-06 00:01:58.892498016 -0800
@@ -1151,7 +1151,7 @@ NOEXPORT char *parse_service_option(CMD
/* accept */
switch(cmd) {
case CMD_BEGIN:
- addrlist_clear(§ion->local_addr, 1);
+ addrlist_clear(§ion->local_addr, 0);
break;
case CMD_EXEC:
if(strcasecmp(opt, "accept"))
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
