[stunnel-users] Problem running Stunnel 4.05 on AIX 5.2
Baker Nelson
bnelson at rrms.com
Mon Aug 23 15:29:49 CEST 2004
Hi all,
I am trying to run Stunnel 4.05 on AIX 5.2 to secure our homegrown
webserver. I have been searching archives all over the place, and have yet
to find the answer, but have found many comments here and there that seem to
indicate a problem with Stunnel on AIX. The problem, in a nutshell, is that
I get an error on SSL_read in the stunnel log and it shuts down with a
segmentation fault after the first connection, no matter what I do.
Configuration info attached below. Any help anyone can give would be greatly
appreciatted.
Thanks
Baker
stunnel 4.05 on powerpc-ibm-aix5.2.0.0 FORK with OpenSSL 0.9.7d 17 Mar 2004
Global options
cert = /usr/local/etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
debug = 5
key = /usr/local/etc/stunnel/stunnel.pem
pid = /usr/local/var/run/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
session = 300 seconds
verify = none
Service-level options
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTidle = 43200 seconds
OpenSSL 0.9.7d 17 Mar 2004
conf-file:
cert = /usr/local/ssl/stunnel.pem
#chroot = /usr/local/var/run/stunnel/
pid = /usr/local/etc/stunnel/stunnel.pid
setuid = HTTPD
setgid = rrms
#options = DONT_INSERT_EMPTY_FRAGMENTS
# Some debugging stuff
debug = 7
output = stunnel.log
# Use it for client mode
#client = yes
foreground = yes
# Service-level configuration
[https]
accept = 443
connect = 80
TIMEOUTclose = 0
stunnel - log (from running openssl s_client command to test setup):
2004.08.19 15:22:29 LOG5[16718:0]: stunnel 4.05 on powerpc-ibm-aix5.2.0.0
FORK w
ith OpenSSL 0.9.7d 17 Mar 2004
2004.08.19 15:22:29 LOG4[16718:0]: Wrong permissions on
/usr/local/ssl/stunnel.p
em
2004.08.19 15:22:29 LOG7[16718:0]: Snagged 64 random bytes from //.rnd
2004.08.19 15:22:29 LOG7[16718:0]: Wrote 1024 new random bytes to //.rnd
2004.08.19 15:22:29 LOG7[16718:0]: RAND_status claims sufficient entropy for
the
PRNG
2004.08.19 15:22:29 LOG6[16718:0]: PRNG seeded successfully
2004.08.19 15:22:29 LOG7[16718:0]: Certificate: /usr/local/ssl/stunnel.pem
2004.08.19 15:22:29 LOG7[16718:0]: Key file: /usr/local/ssl/stunnel.pem
2004.08.19 15:22:29 LOG5[16718:0]: FD_SETSIZE=65534, file ulimit=65534 ->
31999
clients allowed
2004.08.19 15:22:29 LOG7[16718:0]: FD 4 in non-blocking mode
2004.08.19 15:22:29 LOG7[16718:0]: SO_REUSEADDR option set on accept socket
2004.08.19 15:22:29 LOG7[16718:0]: https bound to 0.0.0.0:443
2004.08.19 15:22:29 LOG7[16718:0]: FD 5 in non-blocking mode
2004.08.19 15:22:29 LOG7[16718:0]: FD 6 in non-blocking mode
2004.08.19 15:22:29 LOG7[16718:0]: Created pid file
/usr/local/etc/stunnel/stunn
el.pid
2004.08.19 15:22:30 LOG7[16718:0]: https accepted FD=7 from **ip**:33519
2004.08.19 15:22:30 LOG7[16718:0]: FD 7 in non-blocking mode
2004.08.19 15:22:30 LOG7[21344:0]: https started
2004.08.19 15:22:30 LOG5[21344:0]: https connected from **ip**:33519
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): before/accept
initializat
ion
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read client
hello A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write server
hello
A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write
certificate A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write server
done A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 flush data
2004.08.19 15:22:30 LOG7[21344:0]: waitforsocket: FD=7, DIR=read
2004.08.19 15:22:30 LOG7[21344:0]: waitforsocket: ok
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read client key
exc
hange A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read finished A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write change
cipher
spec A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write finished
A
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 flush data
2004.08.19 15:22:30 LOG7[21344:0]: 1 items in the session cache
2004.08.19 15:22:30 LOG7[21344:0]: 0 client connects (SSL_connect())
2004.08.19 15:22:30 LOG7[21344:0]: 0 client connects that finished
2004.08.19 15:22:30 LOG7[21344:0]: 0 client renegotiatations requested
2004.08.19 15:22:30 LOG7[21344:0]: 1 server connects (SSL_accept())
2004.08.19 15:22:30 LOG7[21344:0]: 1 server connects that finished
2004.08.19 15:22:30 LOG7[21344:0]: 0 server renegotiatiations requested
2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache hits
2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache misses
2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache timeouts
2004.08.19 15:22:30 LOG6[21344:0]: Negotiated ciphers: AES256-SHA
S
SLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2004.08.19 15:22:30 LOG7[21344:0]: FD 4 in non-blocking mode
2004.08.19 15:22:30 LOG7[21344:0]: https connecting 127.0.0.1:80
2004.08.19 15:22:30 LOG7[21344:0]: Remote FD=4 initialized
2004.08.19 15:22:32 LOG7[21344:0]: Socket closed on read
2004.08.19 15:22:32 LOG7[21344:0]: SSL write shutdown (output buffer empty)
2004.08.19 15:22:32 LOG7[21344:0]: SSL alert (write): warning: close notify
2004.08.19 15:22:32 LOG7[21344:0]: SSL_shutdown retrying
2004.08.19 15:22:32 LOG7[21344:0]: select timeout waiting for SSL
close_notify
2004.08.19 15:22:32 LOG5[21344:0]: Connection closed: 311 bytes sent to SSL,
9 b
ytes sent to socket
2004.08.19 15:22:32 LOG7[21344:0]: removing pid file
/usr/local/etc/stunnel/stun
nel.pid
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3712 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20040823/688f3d07/attachment.bin>
More information about the stunnel-users
mailing list