>...stunnel is a "system-level" networking
>tool, so it's independent of Squeak.
Yes, exactly right. Stunnel isn't related to Squeak. If Stunnel is
in use, Squeak doesn't know and doesn't care.
>Is stunnel used to proxy services for a Comanche client (as my example
>shows) or for a Comanche server?
I have two Stunnel daemons running on bountifulbaby.com. One is
configured as an SSL client, and the other is configured as an SSL
The server Stunnel listens to port 443 for browser connection
requests, and proxies connections coming in on that port over to
another port that Comanche is listening on. Thus, all "secure" page
requests to Comanche originate on the localhost as far as Comanche is
concerned (because Stunnel forwarded the request). Thus, it is a
simple matter for Comanche to check and make sure that any "secure"
requests originate from the local port where the Stunnel daemon is
running, and to reject any request for a "secure" page that did not
originate from the local Stunnel daemon.
The client Stunnel works on an entirely different port, and is
"hard-wired" configured to talk to the credit card gateway. Thus,
when Comanche wants to talk to the SSL server at the credit card
gateway, it just forwards the request to the known port of the client
Stunnel daemon, which then encrypts it and forwards it on to the
credit card gateway.
So I've got two Stunnel daemons running simultaneously, all of the
time. One is a client, and one is a server.
But, as you say, the bottom line is that Stunnel isn't really related
to Squeak. It's a "system-level" networking tool. Consider it as
part of the OS.