Jules Dubois wrote:

>
>...stunnel is a "system-level" networking
>tool, so it's independent of Squeak.
>
>  
>

Yes, exactly right.  Stunnel isn't related to Squeak.  If Stunnel is in 
use, Squeak doesn't know and doesn't care.

>
>Is stunnel used to proxy services for a Comanche client (as my example
>shows) or for a Comanche server?
>
>  
>

I have two Stunnel daemons running on bountifulbaby.com.  One is 
configured as an SSL client, and the other is configured as an SSL server.

The server Stunnel listens to port 443 for browser connection requests, 
and proxies connections coming in on that port over to another port that 
Comanche is listening on.  Thus, all "secure" page requests to Comanche 
originate on the localhost as far as Comanche is concerned (because 
Stunnel forwarded the request).  Thus, it is a simple matter for 
Comanche to check and make sure that any "secure" requests originate 
from the local port where the Stunnel daemon is running, and to reject 
any request for a "secure" page that did not originate from the local 
Stunnel daemon.

The client Stunnel works on an entirely different port, and is 
"hard-wired" configured to talk to the credit card gateway.  Thus, when 
Comanche wants to talk to the SSL server at the credit card gateway, it 
just forwards the request to the known port of the client Stunnel 
daemon, which then encrypts it and forwards it on to the credit card 
gateway.

So I've got two Stunnel daemons running simultaneously, all of the 
time.  One is a client, and one is a server.

But, as you say, the bottom line is that Stunnel isn't really related to 
Squeak.  It's a "system-level" networking tool.  Consider it as part of 
the OS.

Nevin

-- 
Nevin Pratt

Bountiful Baby
http://www.bountifulbaby.com
The Most Complete Reborn Supply Store On The Web!

(801) 992-3137