Howto for using Stunnel with Squeak?
Nevin Pratt
nevin at bountifulbaby.com
Sat Mar 20 18:52:41 UTC 2004
Jules Dubois wrote:
>
>...stunnel is a "system-level" networking
>tool, so it's independent of Squeak.
>
>
>
Yes, exactly right. Stunnel isn't related to Squeak. If Stunnel is in
use, Squeak doesn't know and doesn't care.
>
>Is stunnel used to proxy services for a Comanche client (as my example
>shows) or for a Comanche server?
>
>
>
I have two Stunnel daemons running on bountifulbaby.com. One is
configured as an SSL client, and the other is configured as an SSL server.
The server Stunnel listens to port 443 for browser connection requests,
and proxies connections coming in on that port over to another port that
Comanche is listening on. Thus, all "secure" page requests to Comanche
originate on the localhost as far as Comanche is concerned (because
Stunnel forwarded the request). Thus, it is a simple matter for
Comanche to check and make sure that any "secure" requests originate
from the local port where the Stunnel daemon is running, and to reject
any request for a "secure" page that did not originate from the local
Stunnel daemon.
The client Stunnel works on an entirely different port, and is
"hard-wired" configured to talk to the credit card gateway. Thus, when
Comanche wants to talk to the SSL server at the credit card gateway, it
just forwards the request to the known port of the client Stunnel
daemon, which then encrypts it and forwards it on to the credit card
gateway.
So I've got two Stunnel daemons running simultaneously, all of the
time. One is a client, and one is a server.
But, as you say, the bottom line is that Stunnel isn't really related to
Squeak. It's a "system-level" networking tool. Consider it as part of
the OS.
Nevin
--
Nevin Pratt
Bountiful Baby
http://www.bountifulbaby.com
The Most Complete Reborn Supply Store On The Web!
(801) 992-3137
More information about the Squeak-dev
mailing list
|