By default the port will run as root and is therefore able to write a pid file in /var/run. However, when setting setuid in the config file as recommended, this is not possible. It seems the pid file is not written by stunnel before dropping privileges. I'm not sure what the best fix for this would be, but it'd be great if I could run stunnel as non-root.
Created attachment 222319 [details]
patch for security/stunnel
Define the default PID file and make substitutions.
Create a one-level directory where PID files can be written.
Not that it matters, but the following command will give you the port of the stunnel that root started.
sockstat -l | grep \^root\ \*stunnel