我从程序管理器安装了stunnel4。当我试图在ubuntu 14或linux mint 17上运行stunnel时,我得到了下面的消息。我在centos6.5和macos x小牛上都有这个功能。不知道下一步该怎么做。重建openssl是一个烂摊子,如果这甚至是问题的话。
idf@idf-ZBOX-ID42-BE ~ $ sudo stunnel
Clients allowed=500
stunnel 4.53 on x86_64-pc-linux-gnu platform
Compiled with OpenSSL 1.0.1e 11 Feb 2013
Running with OpenSSL 1.0.1f 6 Jan 2014
Update OpenSSL shared libraries or rebuild stunnel
Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6
Reading configuration from descriptor 3
Compression not enabled
PRNG seeded successfully
Initializing inetd mode configuration
Section stunnel: SSL server needs a certificate
str_stats: 2 block(s), 10 data byte(s), 116 control byte(s)
idf@idf-ZBOX-ID42-BE ~ $
我的conf文件如下所示:
idf@idf-ZBOX-ID42-BE ~ $ more /etc/stunnel/stunnel.conf
;Example stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
;cert = stunnel.pem
;key = stunnel.pem
cert = /home/idf/Downloads/cert.pem
key = /home/idf/Downloads/key.pem
fips = no
libwrap=no
;
;Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = all
sslVersion = all
ciphers = ALL
;
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/run/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /home/idf/stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = zlib
; Workaround for Eudora bug
options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = cacerts.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel/stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[xxxxxxx-xxx-xxxxx]
client = yes
accept = 127.0.0.1:9099
connect= xx.xx.xx.xx:2506
; vim:ft=dosini
idf@idf-ZBOX-ID42-BE ~ $
如果卸载存储库中的stunnel并将其替换为此stunnel:
https://launchpad.net/ubuntu/utopic/amd64/stunnel4/3:5.01-3
即使我禁用了压缩,我还是会得到。我不明白为什么它告诉我“服务[stunnel]:ssl服务器需要证书”,因为我试图只在客户端模式下使用它。另外,另一端不需要证书。
idf@idf-ZBOX-ID42-BE ~/Downloads $ sudo stunnel
[ ] Clients allowed=500
[.] stunnel 5.01 on x86_64-pc-linux-gnu platform
[.] Compiled/running with OpenSSL 1.0.1f 6 Jan 2014
[.] Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
[ ] errno: (*__errno_location ())
[.] Reading configuration from descriptor 3
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing inetd mode configuration
[!] Service [stunnel]: SSL server needs a certificate
idf@idf-ZBOX-ID42-BE ~/Downloads $ ps ax | grep stunnel
最佳答案
前几天我只是勉强过了这一关。
你想要的是Stunnel4_5.01-3_amd64.deb-你必须下载它-还没有在回购协议中。我相信有人用4.53成功了,但我没有做到。
https://launchpad.net/ubuntu/utopic/amd64/stunnel4/3:5.01-3
openssl 1.0.1f和libssl.1.0.0和libssl.1.0.0:i386 1.0.1f(它们是当前版本)很好。但请注意从您的开始输出:
使用OpenSSL 1.0.1e于2013年2月11日编译
使用OpenSSL 1.0.1f运行2014年1月6日
我认为更新上面描述的stunnel可以帮你解决这个问题。
你需要做的另一件事是关闭stunnel.conf中的压缩——我目前尝试的不同类型的压缩都不起作用。希望这是暂时的。
当做,
高温高压