[ale] NNTPS "tunnelling"?

Brian MacLeod nym.bnm at gmail.com
Wed Apr 26 09:50:17 EDT 2006 

>
> Nope, at least if it does, I'm too stupid to figure it out from the output
> of the command:
>
> fd0man at cinnamon:~$ stunnel -h
>
> ==
> stunnel [-h] [-V] [-c | -T] [-D level] [-C cipherlist] [-p pemfile]
>         [-v level] [-A certfile] [-a directory] [-S sources] [-t timeout]
>         [-u ident_username] [-s setuid_user] [-g setgid_group] [-n
> protocol]
>         [-R randfile] [-E egdsock] [-B bytes] [-P { dir/ | filename |
> none } ]
>         [-d [host:]port [-f] ]
>         [-r [host:]port | { -l | -L }  program [-- args] ]
>
>   -h            print this help screen
>   -V            print stunnel version and compile-time defaults
>
>   -d [host:]port   daemon mode (host defaults to INADDR_ANY)
>   -r [host:]port   connect to remote service (host defaults to
> INADDR_LOOPBACK)
>   -l program    execute local inetd-type program
>   -L program    open local pty and execute program
>
>   -c            client mode (remote service uses SSL)
>   -f            foreground mode (don't fork, log to stderr)
>   -I host       local IP address to be used as source for remote
> connections
>   -T            transparent proxy mode on hosts that support it
>   -p pemfile    private key and certificate chain PEM filename
>   -v level      verify peer certificate
>                    level 1 - verify peer certificate if present
>                    level 2 - require valid peer certificate always
>                    level 3 - verify peer with locally installed
> certificate
>   -a directory  client certificate directory for -v options
>   -A certfile   CA certificate for -v options
>   -S sources    which certificate source defaults to use
>                    0 = ignore all defaults sources
>                    1 = use ssl library defaults
>                    2 = use stunnel defaults
>                    3 = use both ssl library and stunnel defaults
>   -t timeout    session cache timeout
>   -u user       use IDENT (RFC 1413) username checking
>   -n proto      negotiate SSL with specified protocol
>                 currently supported: smtp, pop3, nntp
>   -N name       service name to use for tcp wrapper checking
>   -s username   setuid() to username in daemon mode
>   -g groupname  setgid() to groupname in daemon mode
>   -P arg        specify pid file { dir/ | filename | none }
>   -C list       set permitted SSL ciphers
>   -E socket     path to Entropy Gathering Daemon socket
>   -B bytes      how many bytes to read from random seed files
>   -R file       path to file with random seed data
>                 /dev/urandom is used when this option is not specified
>   -W            do not overwrite random seed datafiles with new random
> data
>   -D [fac.]lev  debug level (e.g. daemon.info)
>   -O a|l|r:option=value[:value] set an option on accept/local/remote
> socket
>   -o file       append log messages to a file
>
> See stunnel -V output for default values
>
> fd0man at cinnamon:~$
> ==
>
> What I do see is options for a PEM file, certificate file, a random seed
> source, and a file for the pid ID.
>
> *shrugs*
>
> Perhaps, I'll just use it without the file.  Still, very useful.  I've
> used
> this before for debugging SSL connections over a tty, but I didn't realize
> that it would work with connecting a program to a remote SSL source.
> Thanks again!
>
>         - Mike



Sorry I wasn't able to assist you further on this, but I am glad you are
still able to solve your issue in some way.

bnm
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Ale mailing list