Hello All,<br><br>I am facing problems running stunnel for Qnx 6.3 cross compiled on solaris. I want to provide a https front end to thtttpd (www.acme.com). stunnel starts but fails. Logs are like this:<br><br>1980.01.01 15:01:46 LOG5[1069085:1]: stunnel 4.20 on sparc-sun-solaris2.9 with OpenSSL 0.9.8 05 Jul 2005<br>1980.01.01 15:01:46 LOG5[1069085:1]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4<br>1980.01.01 15:01:46 LOG6[1069085:1]: file ulimit = 1000 (can be changed with 'ulimit -n')<br>1980.01.01 15:01:46 LOG6[1069085:1]: poll() used - no FD_SETSIZE limit for file descriptors<br>1980.01.01 15:01:46 LOG5[1069085:1]: 488 clients allowed<br>1980.01.01 15:01:46 LOG7[1069085:1]: FD 4 in non-blocking mode<br>1980.01.01 15:01:46 LOG7[1069085:1]: FD 5 in non-blocking mode<br>1980.01.01 15:01:46 LOG7[1069085:1]: FD 6 in non-blocking mode<br>1980.01.01 15:01:46 LOG7[1069085:1]: SO_REUSEADDR option set on accept socket<br>1980.01.01 15:01:46 LOG7[1069085:1]: stunnel bound to
xxx.xx.xxx.xxx:443<br>1980.01.01 15:01:46 LOG7[1073200:1]: Created pid file /stunnel.pid<br><br><Browser connects><br><br>1980.01.01 15:05:12 LOG7[1073200:1]: stunnel accepted FD=7 from yyy.yy.yyy.yyy:64822<br>1980.01.01 15:05:12 LOG7[1073200:2]: stunnel started<br>1980.01.01 15:05:12 LOG7[1073200:2]: FD 7 in non-blocking mode<br>1980.01.01 15:05:12 LOG7[1073200:2]: TCP_NODELAY option set on local socket<br>1980.01.01 15:05:12 LOG5[1073200:2]: stunnel accepted connection from qqq.qqq.qqq.qqq:64822<br>1980.01.01 15:05:12 LOG5[1073200:2]: Server mode<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): before/accept initialization<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 read client hello A<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write server hello A<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write certificate A<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write server
done A<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 flush data<br>1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 read client key exchange A<br>1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 read finished A<br>1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 write change cipher spec A<br>1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 write finished A<br>1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 flush data<br>1980.01.01 15:05:13 LOG7[1073200:2]: 1 items in the session cache<br>1980.01.01 15:05:13 LOG7[1073200:2]: 0 client connects (SSL_connect())<br>1980.01.01 15:05:13 LOG7[1073200:2]: 0 client connects that finished<br>1980.01.01 15:05:13 LOG7[1073200:2]: 0 client renegotiations requested<br>1980.01.01 15:05:13 LOG7[1073200:2]: 1 server connects (SSL_accept())<br>1980.01.01 15:05:13
LOG7[1073200:2]: 1 server connects that finished<br>1980.01.01 15:05:13 LOG7[1073200:2]: 0 server renegotiations requested<br>1980.01.01 15:05:13 LOG7[1073200:2]: 0 session cache hits<br>1980.01.01 15:05:13 LOG7[1073200:2]: 1 session cache misses<br>1980.01.01 15:05:13 LOG7[1073200:2]: 0 session cache timeouts<br>1980.01.01 15:05:13 LOG6[1073200:2]: SSL accepted: new session negotiated<br>1980.01.01 15:05:13 LOG6[1073200:2]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5<br><br>< SSL Negotiation done ><br><br>1980.01.01 15:08:49 LOG3[1073200:2]: remote socket: Address family not supported by protocol family (247) <<<<<<<br>1980.01.01 15:08:49 LOG5[1073200:2]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket<br>1980.01.01 15:08:49 LOG7[1073200:2]: stunnel finished (0 left)<br><br>I checked the address family; it is AF_INET
:)<br>socket syscall in client.c:989 is failing.<br>I know the error "Address family not supported by protocol family (247)" says it all, but there are other applications running on the box which do the same thing and it works for them.<br><br>Versions:<br>OpenSSL 0.9.8 and stunnel 4.20.<br><br>stunnel.conf<br>## stunnel.conf starts<br>cert = /etc/localhost_cert.pem<br>key = /etc/localhost_key.pem<br><br>; Protocol version (all, SSLv2, SSLv3, TLSv1)<br>sslVersion = all<br><br>; Some security enhancements for UNIX systems - comment them out on Win32<br>chroot = /some_dir<br>setuid = root<br>setgid = root<br>; PID is created inside chroot jail<br>pid = /stunnel.pid<br><br>; Some performance tunings<br>socket = l:TCP_NODELAY=1<br>socket = r:TCP_NODELAY=1<br><br>debug = 7<br>output = /some_dir/stunnel.log<br><br>[https]<br>accept = <Qnx box IP>:443<br>connect = <Qnx box IP>:80<br>## stunnel.conf end<br><br><br># uname -a<br>QNX localhost 6.3.0
2006/04/27-13:08:16EST armbe<br><br>It was configured thus:<br>./configure --prefix=/vob/nmi/3rd_party/stunnel --enable-dependency-tracking --with-ssl=/vob/nmi/3rd_party/openssl/ --build=armbe-qnx --host=sparc-sun-solaris2.9 --with-threads=pthread --disable-libwrap<br><br>Removing the --disable-libwrap does not help.<br><br>stunnel is started like this:<br>stunnel /etc/stunnel.conf -d http -r localhost:http -p /etc<br><br>This also did not help:<br>stunnel /etc/stunnel.conf -d https -r localhost:http -p /etc<br>stunnel /etc/stunnel.conf<br><br># stunnel -version<br>stunnel 4.20 on sparc-sun-solaris2.9 with OpenSSL 0.9.8 05 Jul 2005<br>Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4<br> <br>Global options<br>debug = 5<br>pid = /some_path/stunnel.pid<br>RNDbytes =
64<br>RNDfile = /dev/urandom<br>RNDoverwrite = yes<br> <br>Service-level options<br>cert = /some_path/stunnel.pem<br>ciphers = ALL:!ADH:+RC4:@STRENGTH<br>key = /some_path/stunnel.pem<br>session = 300 seconds<br>sslVersion = SSLv3 for client, all for server<br>TIMEOUTbusy = 300 seconds<br>TIMEOUTclose = 60 seconds<br>TIMEOUTconnect = 10 seconds<br>TIMEOUTidle = 43200 seconds<br>verify = none<br><br><br>Please reply, All comments appreciated.<br><br>Cheers,<br>Raj<br><br><p>
<hr size=1>
New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the <a href="http://uk.rd.yahoo.com/mail/uk/taglines/default/championships/games/*http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk/">Yahoo! Mail Championships</a>. Plus: play games and win prizes.