Hi, I reported the following to the Fedora bugtracker[0], but only then realized that this happens with the upstream version too. In short: since stunnel 5.44 I am no longer able to have stunnel bind to localhost, when "localhost" is literally mentioned in the configuration file:
$ cat stunnel.test [test] client = yes protocol = smtp accept = localhost:12345 connect = localhost:2025 $ stunnel-5.44 stunnel.test [...] [ ] Binding service [test] [ ] Listening file descriptor created (FD=6) [ ] Option SO_REUSEADDR set on accept socket [ ] Service [test] (FD=6) bound to 127.0.0.1:12345 [ ] Listening file descriptor created (FD=7) [ ] Option SO_REUSEADDR set on accept socket [!] bind: Address already in use (98) [!] Error binding service [test] to 127.0.0.1:12345 [ ] Unbinding service [test] [ ] Service [test] closed (FD=6) [ ] Service [test] closed When using "127.0.0.1" or "::1" instead of "localhost" in the configuration file, stunnel-5.44 works. However, then one can only connect to either the IPv4 _or_ the IPv6 address, depending on what's configured. With stunnel-5.43 and "accept=localhost:12345" both IPv4 and IPv6 was available. I suspect that this is related to the following change log entry for 5.44: > Default accept address restored to INADDR_ANY. I have attached a patch to revert that (?) change and also included a test script that fails on my system when the patch is not applied. I see "Version 5.45" already mention in the changelog on the website, but now download yet? Thanks, Christian. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1542361 -- BOFH excuse #424: operation failed because: there is no message for this error (#1014)
--- /dev/null 2018-02-05 14:57:29.436074709 -0800 +++ tests/recipes/019_localhost 2018-02-06 00:45:59.964728931 -0800 @@ -0,0 +1,32 @@ +#!/bin/sh +. $(dirname $0)/../test_library + +start() { + ../../src/stunnel -fd 0 <<EOT + debug = debug + syslog = no + pid = ${result_path}/stunnel.pid + output = ${result_path}/stunnel.log + + [https client] + client = yes + accept = localhost:${http1} + connect = localhost:${https} + + [https server] + accept = localhost:${https} + connect = localhost:${http2} + cert = ${script_path}/certs/stunnel.pem +EOT +} + +check_ports "019_localhost" +if grep -q "IPv6" "results.log" && PATH="${PATH}:/sbin:/usr/sbin" ifconfig | grep -q "inet6" && [ -n "$(command -v ncat)" ] # nc does not support IPv6 + then + start 2> "error.log" + test_log_for "019_localhost" "success" "$1" 2>> "stderr.log" + exit $? + else + exit_logs "019_localhost" "skipped" + exit 125 + fi
--- src/options.c.orig 2017-11-14 23:06:12.000000000 -0800 +++ src/options.c 2018-02-06 00:01:58.892498016 -0800 @@ -1151,7 +1151,7 @@ NOEXPORT char *parse_service_option(CMD /* accept */ switch(cmd) { case CMD_BEGIN: - addrlist_clear(§ion->local_addr, 1); + addrlist_clear(§ion->local_addr, 0); break; case CMD_EXEC: if(strcasecmp(opt, "accept"))
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users