[stunnel-users] help

Bill Tindal malpaso at gmail.com
Sat Apr 7 12:01:50 CEST 2012


On Sat, Apr 7, 2012 at 8:00 PM, <stunnel-users-request at stunnel.org> wrote:

> Send stunnel-users mailing list submissions to
>        stunnel-users at stunnel.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> or, via email, send a message with subject or body 'help' to
>        stunnel-users-request at stunnel.org
>
> You can reach the person managing the list at
>        stunnel-users-owner at stunnel.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of stunnel-users digest..."
>
>
> Today's Topics:
>
>   1. Re: [Stunnel Guru needed] stunnel running, but no longer
>      serve connection after a while ("Dispatching signals from the
>      signal pipe" in logs ==> all stops) (Thomas Manson)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 7 Apr 2012 08:24:46 +0200
> From: Thomas Manson <dev.mansonthomas at gmail.com>
> To: Scott Gifford <sgifford at suspectclass.com>
> Cc: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] [Stunnel Guru needed] stunnel running,
>        but no longer serve connection after a while ("Dispatching signals
>        from the signal pipe" in logs ==> all stops)
> Message-ID:
>        <CA+PenvGYr+tTiKsavOgyaLOtoRxUo0nfxuRVDEzdvGDrFpefLg at mail.gmail.com
> >
> Content-Type: text/plain; charset="utf-8"
>
> This bug has been corrected in
>
> Version 4.38, 2011.06.28, urgency: MEDIUM:
>
>   - New features
>      - Server-side SNI implemented (RFC 3546 section 3.1) with a new
>      service-level option "nsi".
>      - "socket" option also accepts "yes" and "no" for flags.
>      - Nagle's algorithm is now disabled by default for improved
>      interactivity.
>   - Bugfixes
>      - A compilation fix was added for OpenSSL version < 1.0.0.
>      - Signal pipe set to non-blocking mode. This bug caused hangs of
>      stunnel features based on signals, e.g. local mode, FORK threading, or
>      configuration file reload on Unix. Win32 platform was not affected.
>
>
> however it don't precise from which version it affects stunnel... so my try
> with 11.04 is a bit risky, even if 4.29 is quite far from 4.38.
>
> Maybe upgrading to 12.04 could solve the issue, but I don't like to upgrade
> right away (I had some bad surpise ;))
>
> so compiling from source seems to be the safest option.
>
> Thomas.
>
> On Sat, Apr 7, 2012 at 07:58, Thomas Manson <dev.mansonthomas at gmail.com
> >wrote:
>
> > i've just checked my setup right now and the funny thing is that I think
> > it stopped working exactly at the same second of the same hour & minute
> of
> > the day :
> >
> >
> > root at ns0:/var/log/stunnel4# ll
> > total 940
> > drwxr-xr-x  2 stunnel4 stunnel4   4096 2012-04-07 06:25 .
> > drwxr-xr-x 14 root     root       4096 2012-04-07 06:25 ..
> > -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> > extranet.serviceplus-hse.com_stunnel.log
> > -rw-r-----  1 stunnel4 stunnel4 926267 2012-04-07 06:25
> > extranet.serviceplus-hse.com_stunnel.log.1
> > -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> > mansonthomas.com_stunnel.log
> > -rw-r-----  1 stunnel4 stunnel4   5804 2012-04-07 06:25
> > mansonthomas.com_stunnel.log.1
> > -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25 stunnel.log
> > -rw-r-----  1 stunnel4 stunnel4  11710 2012-04-07 06:25 stunnel.log.1
> > root at ns0:/var/log/stunnel4# ll
> > total 940
> > drwxr-xr-x  2 stunnel4 stunnel4   4096 2012-04-07 06:25 .
> > drwxr-xr-x 14 root     root       4096 2012-04-07 06:25 ..
> > -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> > extranet.serviceplus-hse.com_stunnel.log
> > -rw-r-----  1 stunnel4 stunnel4 926267 2012-04-07 06:25
> > extranet.serviceplus-hse.com_stunnel.log.1
> > -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> > mansonthomas.com_stunnel.log
> > -rw-r-----  1 stunnel4 stunnel4   5804 2012-04-07 06:25
> > mansonthomas.com_stunnel.log.1
> > -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25 stunnel.log
> > -rw-r-----  1 stunnel4 stunnel4  11710 2012-04-07 06:25 stunnel.log.1
> > root at ns0:/var/log/stunnel4# tail stunnel.log.1
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Option TCP_NODELAY set
> on
> > remote socket
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Socket closed on read
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending SSL write
> shutdown
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL alert (write):
> > warning: close notify
> > 2012.04.06 22:21:19 LOG6[4745:139677248579328]: SSL_shutdown
> successfully
> > sent close_notify
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL socket closed on
> > SSL_read
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending socket write
> > shutdown
> > 2012.04.06 22:21:19 LOG5[4745:139677248579328]: Connection closed: 206
> > bytes sent to SSL, 139 bytes sent to socket
> > 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Service
> > https-123monsite.com finished (0 left)
> > 2012.04.07 06:25:04 LOG7[4745:139677248583456]: Dispatching signals from
> > the signal pipe
> > root at ns0:/var/log/stunnel4#
> >
> > compared to my first post... :
> >
> >
> >
> >
> >    - 2012.04.04 06:25:04 LOG7[24778:139641780213536]: Dispatching
> signals
> >    from the signal pipe
> >    -
> >    and at the same time (2012.04.04 06:25:04)  all logs file stops :
> >
> >
> >    - root at ns0:/var/log/stunnel4# ll
> >    - total 128
> >    - drwxr-xr-x  2 stunnel4 stunnel4  4096 2012-04-04 12:10 .
> >    - drwxr-xr-x 14 root     root      4096 2012-04-04 06:25 ..
> >    - -rw-r-----  1 stunnel4 stunnel4 98084 2012-04-04 *06:25*
> >     extranet.serviceplus-hse.com_stunnel.log
> >    - -rw-r-----  1 stunnel4 stunnel4  4491 2012-04-04 06:25
> >    mansonthomas.com_stunnel.log
> >    - -rw-r-----  1 stunnel4 stunnel4     0 2012-04-04 06:25 stunnel.log
> >    - -rw-r-----  1 stunnel4 stunnel4 11058 2012-04-04 06:25 stunnel.log.1
> >
> >
> >
> > I could cron a restart at the appropriate time but I think I'll compile
> > from sources.
> >
> > Regards,
> > Thomas.
> >
> > On Sat, Apr 7, 2012 at 07:51, Thomas Manson <dev.mansonthomas at gmail.com
> >wrote:
> >
> >> Yes, it helps a lot !
> >>
> >> I've another server running a different version of Ubuntu (11.04 where
> >> stunnel version is 4.29-1 instead of 11.10 and stunnel 4.35-2build1)
> >>
> >> Do you think it can work on older version ?
> >>
> >> I was thinking to try this because I've seen some message about the same
> >> symptoms after upgrade so...
> >>
> >> but maybe the two version are too close and I will need to compile from
> >> sources...
> >>
> >> what do you think about this?
> >>
> >> Regards,
> >> Thomas.
> >>
> >>
> >> On Sat, Apr 7, 2012 at 06:56, Scott Gifford <sgifford at suspectclass.com
> >wrote:
> >>
> >>> On Wed, Apr 4, 2012 at 6:16 AM, Thomas Manson <
> >>> dev.mansonthomas at gmail.com> wrote:
> >>>
> >>>> Hi All,
> >>>>
> >>>>   I'm really struggling to make stunnel working for more than a few
> >>>> hours. (and the client is yelling hard...) (I solved some other issue
> :
> >>>> logging per website and making more than one stunnel works)
> >>>>
> >>>
> >>> Hi Thomas,
> >>>
> >>> I was just troubleshooting what looks like a very similar issue.  I
> >>> believe this is fixed in a later version of stunnel, which you can get
> from
> >>> stunnel.org and compile yourself from source.
> >>>
> >>> This is the ChangeLog entry that I think addresses your problem:
> >>>
> >>>   - Signal pipe set to non-blocking mode.  This bug caused hangs of
> >>> stunnel
> >>>     features based on signals, e.g. local mode, FORK threading, or
> >>>     configuration file reload on Unix.  Win32 platform was not
> affected.
> >>>
> >>>
> >>> I have just updated from the official Oneiric version to this one, so I
> >>> don't yet know if it will fix the problem long-term, but I think my
> odds
> >>> are not too bad.
> >>>
> >>> Hope this helps,
> >>>
> >>> -----Scott.
> >>>
> >>>
> >>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://stunnel.mirt.net/pipermail/stunnel-users/attachments/20120407/b5f00aa6/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
> End of stunnel-users Digest, Vol 93, Issue 13
> *********************************************
>



-- 
google+ : http://gplus.to/malpaso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120407/8f37b03d/attachment.html>


More information about the stunnel-users mailing list