Dear team, I'm getting segfault when starting a stunnel. Here is a script to reproduce it with alpine: incident_cf cat stunnel-segfault-crash.sh *#!/bin/bash* *#* *# Reproducer: stunnel 5.76+ segfaults when CAfile/cert are specified* *# both globally and per-section with identical values.* *#* *# Requirements: Docker* *#* *# Expected output:* *# Segmentation fault* *# Exit: 139* *#* *docker run --rm alpine:latest sh -c '* *apk add -q stunnel openssl &&* *mkdir -p /app/managed &&* *openssl req -x509 -newkey rsa:2048 -keyout /tmp/k.pem -out /tmp/c.pem -days 1 -noenc -subj /CN=test 2>/dev/null &&* *cat /tmp/c.pem /tmp/k.pem > /app/managed/cert.pem &&* *cp /tmp/c.pem /app/managed/ca-file.pem &&* *echo "stunnel version: $(stunnel -version 2>&1 | grep "^stunnel")" &&* *printf "foreground=yes\nverify=2\nCApath=/etc/ssl/certs\nCAfile=/app/managed/ca-file.pem\ncert=/app/managed/cert.pem\npid=/tmp/s.pid\n[c0]\nclient=yes\naccept=33195\nCAfile=/app/managed/ca-file.pem\ncert=/app/managed/cert.pem\nconnect=192.0.2.1:12195 <http://192.0.2.1:12195>\n" > /tmp/test.conf &&* *stunnel /tmp/test.conf 2>&1; echo "Exit: $?"* *'* The workaround *is* removing the per-section CAfile/cert (relying on global values). Is this a known bug? Where can I report it? Thanks!
Hi George, Nice find. Thank you. I fixed this issue in https://www.stunnel.org/downloads/beta/stunnel-5.78b7.tar.gz Best regards, Mike On 3/11/26 1:37 PM, George Pucea via stunnel-users wrote:
Dear team,
I'm getting segfault when starting a stunnel. Here is a script to reproduce it with alpine: incident_cf cat stunnel-segfault-crash.sh /#!/bin/bash/ /#/ /# Reproducer: stunnel 5.76+ segfaults when CAfile/cert are specified/ /# both globally and per-section with identical values./ /#/ /# Requirements: Docker/ /#/ /# Expected output:/ /# Segmentation fault/ /# Exit: 139/ /#/
/docker run --rm alpine:latest sh -c '/ /apk add -q stunnel openssl &&/ /mkdir -p /app/managed &&/ /openssl req -x509 -newkey rsa:2048 -keyout /tmp/k.pem -out /tmp/c.pem -days 1 -noenc -subj /CN=test 2>/dev/null &&/ /cat /tmp/c.pem /tmp/k.pem > /app/managed/cert.pem &&/ /cp /tmp/c.pem /app/managed/ca-file.pem &&/ /echo "stunnel version: $(stunnel -version 2>&1 | grep "^stunnel")" &&/ /printf "foreground=yes\nverify=2\nCApath=/etc/ssl/certs\nCAfile=/app/managed/ca-file.pem\ncert=/app/managed/cert.pem\npid=/tmp/s.pid\n[c0]\nclient=yes\naccept=33195\nCAfile=/app/managed/ca-file.pem\ncert=/app/managed/cert.pem\nconnect=192.0.2.1:12195 <http://192.0.2.1:12195>\n" > /tmp/test.conf &&/ /stunnel /tmp/test.conf 2>&1; echo "Exit: $?"/ /'/
The workaround /is/ removing the per-section CAfile/cert (relying on global values). Is this a known bug? Where can I report it?
Thanks!
_______________________________________________ stunnel-users mailing list --stunnel-users@lists.stunnel.org To unsubscribe send an email tostunnel-users-leave@lists.stunnel.org
participants (2)
-
George Pucea -
Michał Trojnara