stunnel in DAB

[apmuthu]

stunnel is a SSH Wrapper in Linux.

While attempting to use stunnel in DAB, the general notes given on the home page has paths for various files in different places if done via

# apt-get install stunnel

The configuration file for stunnel is stored at the default location:

/etc/stunnel/stunnel.conf

The ssl certificate template is at:

/usr/share/doc/stunnel4/examples/stunnel.cnf

Generate the PEM file at /etc/stunnel/ location using:

make-ssl-cert /usr/share/doc/stunnel4/examples/stunnel.cnf stunnel.pem

or

cp /usr/share/doc/stunnel4/examples/stunnel.cnf /etc/stunnel/stunnel.cnf
openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem

The c_hash script is at /usr/lib/ssl/misc/ and is used to generate a hash for PEM file naming:

/usr/lib/ssl/misc/c_hash stunnel.pem

This prints the result as:

e56d2502.0 => stunnel.pem

The general DAB Cert Store is at:

/etc/ssl/certs/

If you get:

Wrong permissions on /etc/stunnel/stunnel.pem

Then fix the permission:

# chmod 600 /etc/stunnel/stunnel.pem

Usage to generate the check (-h is an invalid option):

# stunnel -h
Unknown option: h
2010.04.05 05:59:37 LOG7[24949:3083314864]: Snagged 64 random bytes from /root/.rnd
2010.04.05 05:59:37 LOG7[24949:3083314864]: Wrote 1024 new random bytes to /root/.rnd
2010.04.05 05:59:37 LOG7[24949:3083314864]: RAND_status claims sufficient entropy for the PRNG
2010.04.05 05:59:37 LOG7[24949:3083314864]: PRNG seeded successfully
2010.04.05 05:59:37 LOG7[24949:3083314864]: Certificate: /etc/stunnel/stunnel.pem
2010.04.05 05:59:37 LOG7[24949:3083314864]: Certificate loaded
2010.04.05 05:59:37 LOG7[24949:3083314864]: Key file: /etc/stunnel/stunnel.pem
2010.04.05 05:59:37 LOG7[24949:3083314864]: Private key loaded
2010.04.05 05:59:37 LOG7[24949:3083314864]: SSL context initialized for service stunnel
inetd mode must define a remote host or an executable