[stunnel-users] Stunnel server with access from Firefox

Ricky I coolricky at hotmail.com
Tue Mar 16 06:06:59 CET 2010


Hi,

I am trying to use Stunnel to provide HTTPS access to a web site (my router configurations). That is, stunnel is used to accept HTTPS connection and it forwards the request using HTTP to the web site. The problem seems to be that one connection is opened and it performs an HTTP GET. Afterwards Stunnel does not accept any more connections and I have to restart. I'm not sure what I'm doing wrong. The strange thing I notice is that service router is finished with -1. What does minus one mean?

I am using Firefox as the client. What I see is that Firefox is trying to load the page. Using wireshark, I was able to see that all the HTML data from the web page was loaded but Firefox was having trouble performing HTTP GET for the images on the site. I need to restart Stunnel in order to have another connection open. This is confirmed where I made a test by restarting Stunnel and then I tried to just load images from the Web site: e.g. https://192.168.1.88:8880/image1.jpg and https://192.168.1.88:8880/image2.jpg. I get image1.jpg but Firefox can't access image2.jpg, unless I restart then get image2. 

Here's the logs showing that I am able to make one access to the site.
2010.03.16 00:47:41 LOG5[3266:1024]: stunnel 4.31 on armv5tejl-unknown-linux-gnu with OpenSSL 0.9.8k 25 Mar 2009
2010.03.16 00:47:41 LOG5[3266:1024]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
2010.03.16 00:47:41 LOG7[3266:1024]: Cleaning up the signal pipe
2010.03.16 00:47:41 LOG7[3266:1024]: Signal pipe is empty
2010.03.16 00:47:46 LOG7[3266:1024]: Service router accepted FD=0 from 192.168.1.80:2821
2010.03.16 00:47:46 LOG7[3268:1026]: Service router started
2010.03.16 00:47:46 LOG7[3268:1026]: FD=0 in non-blocking mode
2010.03.16 00:47:46 LOG7[3268:1026]: Option TCP_NODELAY set on local socket
2010.03.16 00:47:46 LOG5[3268:1026]: Service router accepted connection from 192.168.1.80:2821
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): before/accept initialization
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 read client hello A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 write server hello A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 write certificate A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 write server done A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 flush data
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 read client key exchange A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 read finished A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 write change cipher spec A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 write finished A
2010.03.16 00:47:46 LOG7[3268:1026]: SSL state (accept): SSLv3 flush data
2010.03.16 00:47:46 LOG7[3268:1026]:    1 items in the session cache
2010.03.16 00:47:46 LOG7[3268:1026]:    0 client connects (SSL_connect())
2010.03.16 00:47:46 LOG7[3268:1026]:    0 client connects that finished
2010.03.16 00:47:46 LOG7[3268:1026]:    0 client renegotiations requested
2010.03.16 00:47:46 LOG7[3268:1026]:    1 server connects (SSL_accept())
2010.03.16 00:47:46 LOG7[3268:1026]:    1 server connects that finished
2010.03.16 00:47:46 LOG7[3268:1026]:    0 server renegotiations requested
2010.03.16 00:47:46 LOG7[3268:1026]:    0 session cache hits
2010.03.16 00:47:46 LOG7[3268:1026]:    0 external session cache hits
2010.03.16 00:47:46 LOG7[3268:1026]:    1 session cache misses
2010.03.16 00:47:46 LOG7[3268:1026]:    0 session cache timeouts
2010.03.16 00:47:46 LOG6[3268:1026]: SSL accepted: new session negotiated
2010.03.16 00:47:46 LOG6[3268:1026]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2010.03.16 00:47:46 LOG7[3268:1026]: FD=9 in non-blocking mode
2010.03.16 00:47:46 LOG6[3268:1026]: connect_blocking: connecting 192.168.1.1:80
2010.03.16 00:47:46 LOG7[3268:1026]: connect_blocking: s_poll_wait 192.168.1.1:80: waiting 10 seconds
2010.03.16 00:47:46 LOG5[3268:1026]: connect_blocking: connected 192.168.1.1:80
2010.03.16 00:47:46 LOG5[3268:1026]: Service router connected remote server from 192.168.1.88:1133
2010.03.16 00:47:46 LOG7[3268:1026]: Remote FD=9 initialized
2010.03.16 00:47:46 LOG7[3268:1026]: Option TCP_NODELAY set on remote socket
2010.03.16 00:47:46 LOG7[3268:1026]: Socket closed on read
2010.03.16 00:47:46 LOG7[3268:1026]: SSL write shutdown
2010.03.16 00:47:46 LOG7[3268:1026]: SSL alert (write): warning: close notify
2010.03.16 00:47:46 LOG6[3268:1026]: SSL_shutdown successfully sent close_notify
2010.03.16 00:47:46 LOG6[3268:1026]: s_poll_wait timeout: connection close
2010.03.16 00:47:46 LOG5[3268:1026]: Connection closed: 4675 bytes sent to SSL, 445 bytes sent to socket
2010.03.16 00:47:46 LOG7[3268:1026]: Service router finished (-1 left)

============

Finally here's my stunnel.conf:
cert = /mnt/HD_a2/ffp/etc/stunnel/stunnel.pem
sslVersion = SSLv3
pid = /stunnel.pid

; performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; debugging stuff (may useful for troubleshooting)
debug = 7
output = /ffp/etc/stunnel/stunnel.log

; service-level configuration
[router]
accept  = 8880
connect = 192.168.1.1:80
TIMEOUTclose = 0

Thank you very much for any help you can provide.

Rick
 		 	   		  
_________________________________________________________________
Check your Hotmail from your phone. 
http://go.microsoft.com/?linkid=9712957
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20100316/12da703e/attachment.html>


More information about the stunnel-users mailing list