On Tue, Jul 24, 2018 at 10:27:12AM +0000, Hari wrote: > Hi Eric, > > I run my application with stunnel in the client mode (client = yes in > config file) . I do not have control on the stunnel running in server > mode though. > > If i understand your mail correctly, the hack is to copy the certs to > any local directory that should be accessible and then delete the same > after the connection is established? I dont have problems maintaining > the pem files if i can access the file system to create them, but i am > exploring an option, which i couldnt figure out from the stunnel > documentation, if i can specify the certs inside the configuration file > for stunnel itself rather than feeding them through a file. I have an > environment where the certificates and keys are available as strings to > my applications and hence the idea is to use them directly in stunnel > config rather than as a file.
AFAIK, stunnel does not have such an option; it always reads the certificates from a file. Writing them out to files in a temporary directory might suit your needs. If your application needs stunnel only for a single connection and it runs on a Unix system, you don't even need to run it in inetd mode as suggested by Eric; write out the files, write out a config file with "foreground = yes", then start stunnel as a child process of your application; you may even kill it when your connection is done. G'luck, Peter > On Tuesday, July 24, 2018, 4:20:32 AM GMT+5:30, Eric S Eberhard > <[email protected]> wrote: > > > Use stunnel in inetd mode. Execute a script (or better C program). Copy the > certificates for making the stunnel connection to a directory that is OK … > then delete them immediately after stunnel starts. Hack – but might be OK > for what you are doing. > > > > I am not sure why anyone would think it more secure to put the keys into the > stunnel command than to just use them from a file … but I likely do not know > enough about your application to make a judgement. > > > > Eric > > > > > > Eric S Eberhard > > VICS (Vertical Integrated Computer Systems) > > Voice: 928 567 3529 > > Cell : 928 301 7537 (not reliable except for text or if not home) > > 2933 W Middle Verde Rd > > Camp Verde, AZ 86322 > > > > From: stunnel-users [mailto:[email protected]] On Behalf Of > Hari > Sent: Thursday, July 19, 2018 4:42 AM > To: [email protected] > Subject: [stunnel-users] Is there a way to specify certificate content in > stunnel config > > > > Hi, > > > > I have a requirement where in i cannot specify the certificate and/or private > key details as "files" to stunnel configuration, owing to the location and/or > file system availability for stunnel to access them. > > > > Is there a way to specify the actual certificate content in stunnel > configuration (similar to other parameters like port numbers etc.,) so that > the same can be leveraged. > > > > Thanks > > Hari > > > > | > > | > Virus-free. www.avg.com > | > > > > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users -- -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} [email protected] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
