STunnel error after installing latest 2.0 snapshot

mrhanman

After installing 2.0-RC1-IPv6 (i386) built on Tue May 3 10:16:12 EDT 2011, I tried to setup the STunnel package.  Whenever I click the + button in either the Certificate or Tunnels tab, I get an error that says "Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14".  I've never had STunnel setup before, but I had installed it before this last update and the + buttons worked as expected.  Reinstalling the package has had no effect.  I plan to go back to the snapshot from a couple days ago, but I thought I would see if anyone else had encountered this error before I did that.  Thanks a lot.

mrhanman

Reverting to an older version did not help matters.  I suppose it could be related to the IPv6 addons.  Has anyone gotten STunnel to work along side the IPv6 gitsync?

PFS00

hello tommyboy,
I am using Pfsense for years and this is  a great package!! I updated today to latest version 0.32.
My problem is, the firewalls (pfsense, astaro and m0n0wall-2x nat,1xbridge) are not running 24 hours.
After restarting each day I have tol og in and update IPBlocklist by hand. I ve read through this forum thread and tried several commands  to add jobs to cron as described here, without success.
What is the right solution to update-restart IPBlocklist after firewall resart? I am not a bsd expert , am using mostly Linux on clients for years. I hope my question is not too basic for the level of this forum.
Thanks in advance
pete
this is my cronjob list: Last line has no effect!

minute  hour  mday  month  wday  who  command

0  *  *  *  *  root  /usr/bin/nice -n20 newsyslog

1,31  0-5  *  *  *  root  /usr/bin/nice -n20 adjkerntz -a

1  3  1  *  *  root  /usr/bin/nice -n20 /etc/rc.update_bogons.sh

*/60  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout

1  1  *  *  *  root  /usr/bin/nice -n20 /etc/rc.dyndns.update

*/60  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot

*/5  *  *  *  *  root  /usr/local/bin/checkreload.sh

*/5  *  *  *  *  root  /etc/ping_hosts.sh

*/140  *  *  *  *  root  /usr/local/sbin/reset_slbd.sh

*/5  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc

*/15  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 10800 snort2c

3  0  */4  *  *  root  /usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log

1  24        root  /usr/local/etc/rc.d/IP-Blocklist.sh

mrhanman

I think maybe you posted this in the wrong thread.  Just guessing.  :P

nirokato

Bump

Running pfSense 2.0-RC3 (i386) built on Fri Aug 12 16:23:11 EDT 2011
Package: stunnel 4.33.0
Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14

I am running into this error as well. Seems to be a PHP error in the /usr/local/pkg/stunnel.inc file.
I believe it is an issue with how PHP handles [$_GET['id']] in the array on line 14. I believe
the coder was expecting 'id' to return a string value, but it returns a integer. PHP handles integer
data differently than string values, a integer value in this array would be considered a string offset
value, and therefore is invalid. Honestly, I don't think this can be easily reworked. I'll see if there is
a way to modify the stunnel.inc file to handle [$_GET['id']] differently.

Any assistance would be helpful as my PHP skills are not extensive.

Thanks,

Nirokato

–edit--
Seems that http://forum.pfsense.org/index.php?topic=33588.0 is still a valid, temporary work around.

if(!isset($_GET['id']) and !isset($_POST['id'])) {
	if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) {
		$savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'];
		unset($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']);
		write_config();
	}

}

if(isset($_GET['id'])) {
	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']=
		base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']); //<-- The offending portion [$_GET['id']]
	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']=
		base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']);
}
//<-- snip -->
?>

xieliwei

Recently bumped into this problem and came up with a quick fix.

In /usr/local/pkg/stunnel.inc, replace:

if(isset($_GET['id'])) {
	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']=
		base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']);
	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']=
		base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']);
}

With:

if(isset($_GET['id'])) {
        $tunnelcerts=$config['installedpackages']['stunnelcerts']['config'];
        is_array($tunnelcerts) ? $num_tunnelcerts=count($tunnelcerts) : $num_tunnelcerts=0;

        if($num_tunnelcerts > (int)$_GET['id']) {
                $tunnelcerts[$_GET['id']]['cert_chain']=
                        base64_decode($tunnelcerts[$_GET['id']]['cert_chain']);
                $tunnelcerts[$_GET['id']]['cert_key']=
                        base64_decode($tunnelcerts[$_GET['id']]['cert_key']);
        }
}

Wupsje

Is there anyone who can permanently fix this in the package?

Wupsje