[stunnel-users] Hangs when connecting -- advice pls

Tue Sep 20 18:36:41 CEST 2016

Hello,

> On 20 Sep 2016, at 01:59, Małgorzata Olszówka <gosia at olszowka.net> wrote:
> Could you please turn off the foreground mode and then send the log messages. Foreground=yes in the inetd mode disrupts stunnel.
I went for  foreground=yes  because I read that launchd expects child process to not fork.
But I also tried it with  foreground=no
It still hangs in the same way but I’ve attached the logs...
Thanks for your help, 
Dave.


Sender log:
“””””””””””””””
2016.09.20 09:21:35 LOG7[cron]: Cron thread initialized
2016.09.20 09:21:35 LOG7[ui]: Clients allowed=125
2016.09.20 09:21:35 LOG5[ui]: stunnel 5.35 on x86_64-apple-darwin15.4.0 platform
2016.09.20 09:21:35 LOG5[ui]: Compiled with OpenSSL 0.9.8zd 8 Jan 2015
2016.09.20 09:21:35 LOG5[ui]: Running  with OpenSSL 0.9.8zh 14 Jan 2016
2016.09.20 09:21:35 LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel
2016.09.20 09:21:35 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI
2016.09.20 09:21:35 LOG7[ui]: errno: (*__error())
2016.09.20 09:21:35 LOG5[ui]: Reading configuration from file /Users/dave/Desktop/stunnel-test/stunnel-sender.conf
2016.09.20 09:21:35 LOG5[ui]: UTF-8 byte order mark not detected
2016.09.20 09:21:35 LOG7[ui]: Compression disabled
2016.09.20 09:21:35 LOG7[ui]: Snagged 64 random bytes from /Users/dave/.rnd
2016.09.20 09:21:35 LOG7[ui]: Wrote 1024 new random bytes to /Users/dave/.rnd
2016.09.20 09:21:35 LOG7[ui]: PRNG seeded successfully
2016.09.20 09:21:35 LOG6[ui]: Initializing inetd mode configuration
2016.09.20 09:21:35 LOG6[ui]: Loading certificate from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: Certificate loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: Loading private key from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG4[ui]: Insecure file permissions on /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: Private key loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG7[ui]: Private key check succeeded
2016.09.20 09:21:35 LOG4[ui]: Service [stunnel] needs authentication to prevent MITM attacks
2016.09.20 09:21:35 LOG7[ui]: SSL options: 0x03000004 (+0x03000000, -0x00000000)
2016.09.20 09:21:35 LOG5[ui]: Configuration successful
2016.09.20 09:21:35 LOG7[ui]: Service [stunnel] started
2016.09.20 09:21:35 LOG5[ui]: Service [stunnel] accepted connection
2016.09.20 09:21:35 LOG6[ui]: failover: round-robin, starting at entry #0
2016.09.20 09:21:35 LOG6[ui]: s_connect: connecting ::1:874
2016.09.20 09:21:35 LOG7[ui]: s_connect: s_poll_wait ::1:874: waiting 10 seconds
2016.09.20 09:21:35 LOG5[ui]: s_connect: connected ::1:874
2016.09.20 09:21:35 LOG5[ui]: Service [stunnel] connected remote server from ::1:54236
2016.09.20 09:21:35 LOG7[ui]: Option TCP_NODELAY set on remote socket
2016.09.20 09:21:35 LOG7[ui]: Remote descriptor (FD=3) initialized
2016.09.20 09:21:35 LOG6[ui]: SNI: sending servername: localhost
2016.09.20 09:21:35 LOG6[ui]: Peer certificate not required
2016.09.20 09:21:35 LOG7[ui]: SSL state (connect): before/connect initialization
2016.09.20 09:21:35 LOG7[ui]: SSL state (connect): SSLv2/v3 write client hello A
“””””””””””””””
[….hangs ….]


Receiver log:
“””””””””””””””
2016.09.20 09:21:35 LOG7[ui]: Clients allowed=125
2016.09.20 09:21:35 LOG7[cron]: Cron thread initialized
2016.09.20 09:21:35 LOG5[ui]: stunnel 5.35 on x86_64-apple-darwin15.4.0 platform
2016.09.20 09:21:35 LOG5[ui]: Compiled with OpenSSL 0.9.8zd 8 Jan 2015
2016.09.20 09:21:35 LOG5[ui]: Running  with OpenSSL 0.9.8zh 14 Jan 2016
2016.09.20 09:21:35 LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel
2016.09.20 09:21:35 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI
2016.09.20 09:21:35 LOG7[ui]: errno: (*__error())
2016.09.20 09:21:35 LOG5[ui]: Reading configuration from file /Users/dave/Desktop/stunnel-test/stunnel-receiver.conf
2016.09.20 09:21:35 LOG5[ui]: UTF-8 byte order mark not detected
2016.09.20 09:21:35 LOG7[ui]: Compression disabled
2016.09.20 09:21:35 LOG7[ui]: Snagged 64 random bytes from /dev/urandom
2016.09.20 09:21:35 LOG7[ui]: PRNG seeded successfully
2016.09.20 09:21:35 LOG6[ui]: Initializing inetd mode configuration
2016.09.20 09:21:35 LOG6[ui]: Loading certificate from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: Certificate loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: Loading private key from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG4[ui]: Insecure file permissions on /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: Private key loaded from file: /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG7[ui]: Private key check succeeded
2016.09.20 09:21:35 LOG7[ui]: DH initialization
2016.09.20 09:21:35 LOG7[ui]: Using DH parameters from /Users/dave/Desktop/stunnel-test/cert.pem
2016.09.20 09:21:35 LOG6[ui]: 2048-bit DH parameters loaded
2016.09.20 09:21:35 LOG7[ui]: ECDH initialization
2016.09.20 09:21:35 LOG7[ui]: ECDH initialized with curve prime256v1
2016.09.20 09:21:35 LOG7[ui]: SSL options: 0x03004004 (+0x03004000, -0x00000000)
2016.09.20 09:21:35 LOG5[ui]: Configuration successful
2016.09.20 09:21:35 LOG7[ui]: Service [stunnel] started
2016.09.20 09:21:35 LOG7[ui]: Option TCP_NODELAY set on local socket
2016.09.20 09:21:35 LOG5[ui]: Service [stunnel] accepted connection from ::1:54236
2016.09.20 09:21:35 LOG6[ui]: Peer certificate not required
2016.09.20 09:21:35 LOG7[ui]: SSL state (accept): before/accept initialization
2016.09.20 09:21:35 LOG7[ui]: SNI: no virtual services defined
2016.09.20 09:21:35 LOG7[ui]: SSL state (accept): SSLv3 read client hello A
2016.09.20 09:21:35 LOG7[ui]: SSL state (accept): SSLv3 write server hello A
2016.09.20 09:21:35 LOG7[ui]: SSL state (accept): SSLv3 write certificate A
2016.09.20 09:21:35 LOG7[ui]: SSL state (accept): SSLv3 write certificate request A
2016.09.20 09:21:35 LOG7[ui]: SSL state (accept): SSLv3 flush data
“”””””””””””””””
[….hangs ….]