[stunnel-users] stunnel on Qnx 6.3
Rajashekhar Durgadmath
rajashekhar_cd at yahoo.com
Thu Feb 15 19:36:42 CET 2007
Hello All,
I am facing problems running stunnel for Qnx 6.3 cross compiled on solaris. I want to provide a https front end to thtttpd (www.acme.com). stunnel starts but fails. Logs are like this:
1980.01.01 15:01:46 LOG5[1069085:1]: stunnel 4.20 on sparc-sun-solaris2.9 with OpenSSL 0.9.8 05 Jul 2005
1980.01.01 15:01:46 LOG5[1069085:1]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4
1980.01.01 15:01:46 LOG6[1069085:1]: file ulimit = 1000 (can be changed with 'ulimit -n')
1980.01.01 15:01:46 LOG6[1069085:1]: poll() used - no FD_SETSIZE limit for file descriptors
1980.01.01 15:01:46 LOG5[1069085:1]: 488 clients allowed
1980.01.01 15:01:46 LOG7[1069085:1]: FD 4 in non-blocking mode
1980.01.01 15:01:46 LOG7[1069085:1]: FD 5 in non-blocking mode
1980.01.01 15:01:46 LOG7[1069085:1]: FD 6 in non-blocking mode
1980.01.01 15:01:46 LOG7[1069085:1]: SO_REUSEADDR option set on accept socket
1980.01.01 15:01:46 LOG7[1069085:1]: stunnel bound to xxx.xx.xxx.xxx:443
1980.01.01 15:01:46 LOG7[1073200:1]: Created pid file /stunnel.pid
<Browser connects>
1980.01.01 15:05:12 LOG7[1073200:1]: stunnel accepted FD=7 from yyy.yy.yyy.yyy:64822
1980.01.01 15:05:12 LOG7[1073200:2]: stunnel started
1980.01.01 15:05:12 LOG7[1073200:2]: FD 7 in non-blocking mode
1980.01.01 15:05:12 LOG7[1073200:2]: TCP_NODELAY option set on local socket
1980.01.01 15:05:12 LOG5[1073200:2]: stunnel accepted connection from qqq.qqq.qqq.qqq:64822
1980.01.01 15:05:12 LOG5[1073200:2]: Server mode
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): before/accept initialization
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 read client hello A
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write server hello A
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write certificate A
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write server done A
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 flush data
1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 read client key exchange A
1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 read finished A
1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 write change cipher spec A
1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 write finished A
1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 flush data
1980.01.01 15:05:13 LOG7[1073200:2]: 1 items in the session cache
1980.01.01 15:05:13 LOG7[1073200:2]: 0 client connects (SSL_connect())
1980.01.01 15:05:13 LOG7[1073200:2]: 0 client connects that finished
1980.01.01 15:05:13 LOG7[1073200:2]: 0 client renegotiations requested
1980.01.01 15:05:13 LOG7[1073200:2]: 1 server connects (SSL_accept())
1980.01.01 15:05:13 LOG7[1073200:2]: 1 server connects that finished
1980.01.01 15:05:13 LOG7[1073200:2]: 0 server renegotiations requested
1980.01.01 15:05:13 LOG7[1073200:2]: 0 session cache hits
1980.01.01 15:05:13 LOG7[1073200:2]: 1 session cache misses
1980.01.01 15:05:13 LOG7[1073200:2]: 0 session cache timeouts
1980.01.01 15:05:13 LOG6[1073200:2]: SSL accepted: new session negotiated
1980.01.01 15:05:13 LOG6[1073200:2]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
< SSL Negotiation done >
1980.01.01 15:08:49 LOG3[1073200:2]: remote socket: Address family not supported by protocol family (247) <<<<<<
1980.01.01 15:08:49 LOG5[1073200:2]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
1980.01.01 15:08:49 LOG7[1073200:2]: stunnel finished (0 left)
I checked the address family; it is AF_INET :)
socket syscall in client.c:989 is failing.
I know the error "Address family not supported by protocol family (247)" says it all, but there are other applications running on the box which do the same thing and it works for them.
Versions:
OpenSSL 0.9.8 and stunnel 4.20.
stunnel.conf
## stunnel.conf starts
cert = /etc/localhost_cert.pem
key = /etc/localhost_key.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /some_dir
setuid = root
setgid = root
; PID is created inside chroot jail
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /some_dir/stunnel.log
[https]
accept = <Qnx box IP>:443
connect = <Qnx box IP>:80
## stunnel.conf end
# uname -a
QNX localhost 6.3.0 2006/04/27-13:08:16EST armbe
It was configured thus:
./configure --prefix=/vob/nmi/3rd_party/stunnel --enable-dependency-tracking --with-ssl=/vob/nmi/3rd_party/openssl/ --build=armbe-qnx --host=sparc-sun-solaris2.9 --with-threads=pthread --disable-libwrap
Removing the --disable-libwrap does not help.
stunnel is started like this:
stunnel /etc/stunnel.conf -d http -r localhost:http -p /etc
This also did not help:
stunnel /etc/stunnel.conf -d https -r localhost:http -p /etc
stunnel /etc/stunnel.conf
# stunnel -version
stunnel 4.20 on sparc-sun-solaris2.9 with OpenSSL 0.9.8 05 Jul 2005
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4
Global options
debug = 5
pid = /some_path/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /some_path/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
key = /some_path/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
Please reply, All comments appreciated.
Cheers,
Raj
---------------------------------
New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20070215/d9825bf6/attachment.html>
More information about the stunnel-users
mailing list