[stunnel-users] Stunnel v4.54 SSL_connect: Peer suddenly disconnected

• Next message (by thread): [stunnel-users] Stunnel v4.54 SSL_connect: Peer suddenly disconnected
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Team,

I am configuring stunnel for the first time.
My Requirement:     "NetApp DataFabricManager" application on SLES10 SP4
platform  <------  (LDAP over Stunnel) -----> Windows 2003 Active
Directory, for Active Directory user authentication.


Stunnel.conf:
-----------------------------------------------------------
setuid = root
setgid = root

client = yes

debug = 7
output = /root/stunnel.log

cert = /opt/crt_key.pem
key = /opt/crt_key.pem

pid = /var/run/stunnel.pid

verify = 3
CAfile = /opt/crt_key.pem

options = NO_SSLv2

[ldap]
accept = 389
connect = winad1-197-187:636

[ldap-ha]
accept = 8389
connect = winad2-197-189:636
-----------------------------------------------------------

ocm5-197-196:~ # dfm ldap list
Address                                    Port   Last Use
  Last Failure
------------------------------------------ ------
-------------------------- --------------------------
127.0.0.1                                  389    2013-01-02 14:01:52.000000
127.0.0.1                                  8389   2013-01-02 13:49:35.000000
ocm5-197-196:~ #


ocm5-197-196:~ # dfm ldap find user1
Warning: Failed to bind to ldap server '127.0.0.1' as user
'CN=Administrator,CN=Users,DC=<zz>,DC=<xx>,DC=<yy>,DC=com': Can't contact
LDAP server
Error: Failed to search for user1.
ocm5-197-196:~ #

NOTE: If i add active directory server IP in the above list, instead of
127.0.0.1, ldap authentication works fine.

ocm5-197-196:~ # cat /etc/services
...
.....
........
#### This is a Manual Entry made by root user for AD authentication
services & Stunnel Integration ########
ldap-ha         8389/tcp    # 2nd LDAP host for DC redundancy [Redirected
to 2nd DC by Stunnel, see /etc/stunnel/stunnel.conf]
ldap-ha         8389/udp    # 2nd LDAP host for DC redundancy [Redirected
to 2nd DC by Stunnel, see /etc/stunnel/stunnel.conf]


ocm5-197-196:~ # stunnel /root/stunnel-4.54/tools/stunnel.conf


stunnel.log:

2013.01.02 14:00:42 LOG7[7102:47010476379680]: Clients allowed=500
2013.01.02 14:00:42 LOG5[7102:47010476379680]: stunnel 4.54 on
x86_64-unknown-linux-gnu platform
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Compiled/running with
OpenSSL 0.9.8a 11 Oct 2005
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Threading:PTHREAD
SSL:+ENGINE Auth:none Sockets:POLL+IPv6
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Reading configuration from
file /root/stunnel-4.54/tools/stunnel.conf
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Compression not enabled
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Snagged 64 random bytes from
/root/.rnd
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Wrote 1024 new random bytes
to /root/.rnd
2013.01.02 14:00:42 LOG7[7102:47010476379680]: PRNG seeded successfully
2013.01.02 14:00:42 LOG6[7102:47010476379680]: Initializing service [ldap]
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Key file: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Private key loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded verify certificates
from /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded /opt/crt_key.pem
revocation lookup file
2013.01.02 14:00:42 LOG7[7102:47010476379680]: SSL options set: 0x01000004
2013.01.02 14:00:42 LOG6[7102:47010476379680]: Initializing service
[ldap-ha]
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Key file: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Private key loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded verify certificates
from /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded /opt/crt_key.pem
revocation lookup file
2013.01.02 14:00:42 LOG7[7102:47010476379680]: SSL options set: 0x01000004
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Configuration successful
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Service [ldap] (FD=7) bound
to 0.0.0.0:389
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Service [ldap-ha] (FD=8)
bound to 0.0.0.0:8389
2013.01.02 14:00:42 LOG7[7103:47010476379680]: Created pid file
/var/run/stunnel.pid
2013.01.02 14:01:52 LOG7[7103:47010476379680]: Service [ldap] accepted
(FD=3) from 127.0.0.1:60332
2013.01.02 14:01:52 LOG7[7103:1073809728]: Service [ldap] started
2013.01.02 14:01:52 LOG5[7103:1073809728]: Service [ldap] accepted
connection from 127.0.0.1:60332
2013.01.02 14:01:52 LOG6[7103:1073809728]: connect_blocking: connecting
192.168.10.7:636
2013.01.02 14:01:52 LOG7[7103:1073809728]: connect_blocking: s_poll_wait
192.168.10.7:636: waiting 10 seconds
2013.01.02 14:01:52 LOG5[7103:1073809728]: connect_blocking: connected
192.168.10.7:636
2013.01.02 14:01:52 LOG5[7103:1073809728]: Service [ldap] connected remote
server from 192.168.10.1:40664
2013.01.02 14:01:52 LOG7[7103:1073809728]: Remote socket (FD=10) initialized
2013.01.02 14:01:52 LOG7[7103:1073809728]: SSL state (connect):
before/connect initialization
2013.01.02 14:01:52 LOG7[7103:1073809728]: SSL state (connect): SSLv3 write
client hello A
2013.01.02 14:01:52 LOG3[7103:1073809728]: SSL_connect: Peer suddenly
disconnected
 <------------------
2013.01.02 14:01:52 LOG5[7103:1073809728]: Connection reset: 0 byte(s) sent
to SSL, 0 byte(s) sent to socket
2013.01.02 14:01:52 LOG7[7103:1073809728]: Remote socket (FD=10) closed
2013.01.02 14:01:52 LOG7[7103:1073809728]: Local socket (FD=3) closed
2013.01.02 14:01:52 LOG7[7103:1073809728]: Service [ldap] finished (0 left)


I initially started with stunnel-4.14 available with SLES10 GA OS media.
Noticed peer disconnected issue.
I went through the stunnel mailing list archive for related issues, but
didn't get much help.
Finally upgraded stunnel to v4.54 & to no progress.

google hits mentioned that its configuration issue / client is not
accepting sockets..  but finally no clue how to proceed.

Kindly assist "SSL_connect: Peer suddenly disconnected"  & SSL handshake
work.

Warm Regards,
Arun
UNIX admin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130102/8c8490bf/attachment.html>

• Next message (by thread): [stunnel-users] Stunnel v4.54 SSL_connect: Peer suddenly disconnected
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]