Stunnel became broken



  • I've been running 2.1 beta for a while now and a few months ago I needed stunnel to provide ssl for a little pixelserv service I am running on port 80.
    I don't know exactly when it happened, but I recently found out it wasn't running anymore and its package webif is broken.

    If I delete or try to modify the 2 items I placed there, I will get:

    Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14

    Removing and installing the package doesn't help.

    Relevant parts in my /cf/conf/config.xml

    
    <menu>
                            <name>STunnel</name>
                            <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or rbe used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate ag the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your cryptot>
                            Services
                            <configfile>stunnel.xml</configfile></tooltiptext> </menu>
    
    .
    .
                    <package><name>stunnel</name>
                            <website>http://www.stunnel.org/</website>
    
                            <category>Network Management</category>
                            <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
                            <depends_on_package>stunnel-4.43.tbz</depends_on_package>
                            <depends_on_package_pbi>stunnel-4.54-i386.pbi</depends_on_package_pbi>
                            <version>4.43.0</version>
                            <status>Stable</status>
                            <pkginfolink>http://doc.pfsense.org/index.php/Stunnel_package</pkginfolink>
                            <required_version>1.2.1</required_version>
                            <config_file>http://www.pfsense.com/packages/config/stunnel.xml</config_file>
                            <configurationfile>stunnel.xml</configurationfile>
                            <build_port_path>/usr/ports/security/stunnel</build_port_path>
                            <build_options>WITHOUT_FORK=true;WITH_PTHREAD=true;WITHOUT_UCONTEXT=true;WITHOUT_IPV6=true;WITH_LIBWRAP=true;WITHOUT_SSL_PORT=true</build_options></package> 
    .
    .
    .
                    <service><name>stunnel</name>
                            <rcfile>/usr/local/etc/rc.d/stunnel.sh</rcfile>
                            <executable>stunnel</executable></service> 
    
    .
    .
    .
                    <stunnelcerts><stunnel><config><localip>10.0.200.1</localip>
                                    <localport>443</localport>
                                    <certificate><redirectip>10.0.200.1</redirectip>
                                    <redirectport>80</redirectport>
                                    <sourceip>10.0.200.1</sourceip></certificate></config> 
                            <config><localip>10.0.185.1</localip>
                                    <localport>443</localport>
                                    <certificate><redirectip>10.0.185.1</redirectip>
                                    <redirectport>80</redirectport></certificate></config></stunnel> 
                    <tab><text>Tunnels</text>
                            <url>/pkg.php?xml=stunnel.xml</url>
                            <active></active></tab> 
    .
    .
    .</stunnelcerts> 
    

  • Rebel Alliance Developer Netgate

    The stunnel package hasn't changed in years… Are you sure nothing changed in your config?

    The line producing the error seems to indicate that it doesn't have any certificate data to work with for that tunnel, which seems to be true since "stunnelcerts" is empty in your config when it should have at least one certificate for each tunnel.



  • Testing now stunnel on 2.1RC1 and can't even get it to start. stunnel service onestart tells me that it can't find the service in any rc, but in fact it's correctly configured.