[stunnel-users] Stunnel 4.26 - AIX 5.3

Fri Jan 23 13:55:05 CET 2009

Hi Lars,

I checked out your previous mails... And I don't know if it's related. I haven't dived into the code or done any extensive testing to try to figure out why Stunnel was failing when using "exec = ...". And I haven't had any problems when using it the way we do.

> Could you try to run stunnel from a terminal instead?
I can (and did yesterday when I was helping Tom) ... but I'm not entirely sure what you'd like me to test  :-)

-Claus

____________________________________________
Claus Lund
Systems Developer

Vermont Department of Taxes
Information Systems
133 State Street
Montpelier, Vermont 05633-1401
(802) 828-3735

-----Original Message-----
From: stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] On Behalf Of Lars Kruse
Sent: Thursday, January 22, 2009 4:17 PM
To: stunnel-users at mirt.net
Subject: Re: [stunnel-users] Stunnel 4.26 - AIX 5.3

Hi Claus,

> I'm not sure why the stunnel process dies for you.

maybe I am wrong, but I could imagine, that this issue is related to the
behaviour that I described in my mail to this list (sent on the 10th of
January).

> I have several processes running using config files similar to what I
> included earlier. We generally create one config file per service. So if I
> was to run an TSSL service like you then I'd have a config file
> called /etc/stunnel/stunnel_tssl.conf ... and the service is started
> from /etc/inittab with a line like this:
> 
> stunnel_tssl:2:once:/usr/local/bin/stunnel /etc/stunnel/stunnel_tssl.conf
> >/dev/console
>
> I haven't experienced any problems with the stunnel process not staying
> alive... And the process I started early this morning on my test box is still
> alive:
> 
> clund at prod-db-2:/home/clund
>  $ ps -ef|grep stunnel
>   nobody 1233036       1   0 08:15:28      -
> 0:00 /usr/local/bin/stunnel /etc/stunnel/stunnel_tssl.conf

I guess, the initial /sbin/init is not connected to a terminal - thus the "tty"
column is always empty in your setup.
Could you try to run stunnel from a terminal instead?

Or am I completely off-track?

regards,
Lars
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

From: stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] On Behalf Of stephan.w.schindehette at jpmchase.com
Sent: Thursday, January 22, 2009 4:41 PM
To: stunnel-users at mirt.net
Subject: Re: [stunnel-users] Stunnel 4.26 - AIX 5.3

I'm running into the same issue on one of our AIX boxes (using stunnel 4.22). Everything looks fine when stunnel is started.  The first connection comes along and everything works properly.  But then stunnel dies after the connection is closed.

I'm working with ldaps instead of tssl.  I tried to equate the "connect = localhost:23" solution in the previous e-mails to my situation, but wasn't having any success.

My config files currently includes:

[ldaps]
accept = 127.0.0.1:636
connect = entldap.jpmchase.net:636
TIMEOUTclose = 0

Any suggestions?

-Stephan

------------------------------------------------------
Stephan Schindehette
JPMorgan Chase
Consumer Risk Modeling & Analytics
(614) 213-6622
________________________________

This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities.

--_000_0124A9436EBA7D4D84E25C4CCB0F9AAFECBE56C3FEENTMAILBOX02v_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Stephan,<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I have done some testing in the past with using stunnel to wrap
LDAP traffic … and I seem to remember that it worked just fine (we never
switched to using it though so I may just remember wrong).<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

Can you post your entire config file? And maybe also a log file
with debug level logging?<o:p></o:p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Claus<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] <b>On
Behalf Of </b>stephan.w.schindehette at jpmchase.com<br>
<b>Sent:</b> Thursday, January 22, 2009 4:41 PM<br>
<b>To:</b> stunnel-users at mirt.net<br>
<b>Subject:</b> Re: [stunnel-users] Stunnel 4.26 - AIX 5.3<o:p></o:p></span></p>

</div>

<p class=MsoNormal><o:p> </o:p></p>

I'm running
into the same issue on one of our AIX boxes (using stunnel 4.22). Everything
looks fine when stunnel is started.  The first connection comes along and
everything works properly.  But then stunnel dies after the connection is
closed. 
 
I'm working
with ldaps instead of tssl.  I tried to equate the "connect =
localhost:23" solution in the previous e-mails to my situation, but wasn't
having any success. 
 
My config files
currently includes: 
 
[ldaps] 
accept =
127.0.0.1:636 
connect =
entldap.jpmchase.net:636 
TIMEOUTclose =
0 
 
Any
suggestions? 
 
-Stephan
 
 
------------------------------------------------------ 
Stephan Schindehette 
JPMorgan Chase 
Consumer Risk Modeling & Analytics 
(614) 213-6622<o:p></o:p>

<div class=MsoNormal align=center style='text-align:center'>

<hr size=1 width="100%" align=center>

</div>

This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data and
other information are not warranted as to completeness or accuracy and are
subject to change without notice. Any comments or statements made herein do not
necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and
affiliates. This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure under
applicable law. If you are not the intended recipient, you are hereby notified
that any disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this
transmission and any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is received and
opened, it is the responsibility of the recipient to ensure that it is virus
free and no responsibility is accepted by JPMorgan Chase & Co., its
subsidiaries and affiliates, as applicable, for any loss or damage arising in
any way from its use. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you. Please refer to
http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal
entities. <o:p></o:p>

</div>

</body>

</html>

--_000_0124A9436EBA7D4D84E25C4CCB0F9AAFECBE56C3FEENTMAILBOX02v_--