[stunnel-users] SSL_GET_NEW_SESSION:ssl session id callback failed

DoJo dojo at mailbox.hu
Tue Oct 4 10:51:44 CEST 2005


Hi All,

We have found the problem. PRNGD config was missing.
It was not too easy to analyze because the message was not really relevant in this case and "PRNG seed" was reported successful in the log.

Regards,
DoJo


On Mon, 03 Oct 2005 13:57:53 +0200, DoJo <dojo at mailbox.hu> wrote:

> Hi There,
>
> We have run into "SSL_GET_NEW_SESSION:ssl session id callback failed" error.
> Can anyone describe what it means? I didn't find any information about it.
> We'd like to use stunnel to secure Oracle SQL*Net communication.
> HP-UX server communicates with Win32 clients. We use stunnel standalone not from inetd.
> Any help would be appreciated.
>
> Thanks
> DoJo
>
>
> Here is a cut from the log file (level 7):
>
> 2005.09.29 11:49:53 LOG5[10388:1]: stunnel 4.09 on hppa2.0w-hp-hpux11.11 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004
> 2005.09.29 11:49:53 LOG7[10388:1]: Snagged 0 random bytes from EGD Socket /var/run/egd-pool
> 2005.09.29 11:49:53 LOG6[10388:1]: PRNG seeded successfully
> 2005.09.29 11:49:53 LOG7[10388:1]: Certificate: /opt/iexpress/stunnel/etc/stunnel/..._cert.cer
> 2005.09.29 11:49:53 LOG7[10388:1]: Key file: /opt/iexpress/stunnel/etc/stunnel/..._privkey.pem
> 2005.09.29 11:49:53 LOG6[10388:1]: file ulimit = 60 (can be changed with 'ulimit -n')
> 2005.09.29 11:49:53 LOG6[10388:1]: poll() used - no FD_SETSIZE limit for file descriptors
> 2005.09.29 11:49:53 LOG5[10388:1]: 27 clients allowed
> 2005.09.29 11:49:53 LOG7[10388:1]: FD 4 in non-blocking mode
> 2005.09.29 11:49:53 LOG7[10388:1]: FD 5 in non-blocking mode
> 2005.09.29 11:49:53 LOG7[10388:1]: FD 6 in non-blocking mode
> 2005.09.29 11:49:53 LOG7[10388:1]: SO_REUSEADDR option set on accept socket
> 2005.09.29 11:49:53 LOG7[10388:1]: myapp bound to 0.0.0.0:2000
> 2005.09.29 11:49:53 LOG7[10389:1]: Created pid file /stunnel.pid
> 2005.09.30 12:01:47 LOG7[10389:1]: myapp accepted FD=1 from 10.3.125.165:3570
> 2005.09.30 12:01:47 LOG7[10389:1]: FD 1 in non-blocking mode
> 2005.09.30 12:01:47 LOG7[10389:2]: myapp started
> 2005.09.30 12:01:47 LOG5[10389:2]: myapp connected from 10.3.125.165:3570
> 2005.09.30 12:01:47 LOG7[10389:2]: SSL state (accept): before/accept initialization
> 2005.09.30 12:01:47 LOG3[10389:2]: SSL_accept: 140B544E: error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed
> 2005.09.30 12:01:47 LOG7[10389:2]: myapp finished (0 left)
>
>
> Our config file:
>
> cert = /opt/iexpress/stunnel/etc/stunnel/..._cert.cer         # contains the server's signed (by a CA) cert.
> key = /opt/iexpress/stunnel/etc/stunnel/..._privkey.pem       # contains the server's private key
> service = myapp-ssl
> chroot = /var/run/stunnel
>
> pid = /stunnel.pid
> setuid = oracle
> setgid = oracle
>
> debug = 7
> output = stunnel.log
>
> client = no
>
> [myapp]
> accept=2000
> connect=1521
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>





More information about the stunnel-users mailing list