July 2005 - stunnel-users

Solaris 2.8 stunnel stop running
by edonald1＠rochester.rr.com 13 Jul '05

13 Jul '05

Running stunnel on Solaris 2.8. Stunnel running as client quits unexpectedly . here are the lines in the log: 2005.07.12 11:01:31 LOG7[5736:1]: mod_jk_secure accepted FD=2 from 127.0.0.1:57610 2005.07.12 11:01:31 LOG7[5736:1]: FD 2 in non-blocking mode 2005.07.12 11:02:28 LOG3[5736:4]: SSL_connect: Peer suddenly disconnected 2005.07.12 11:02:28 LOG7[5736:4]: linger (remote): Invalid argument (22) 2005.07.12 11:02:28 LOG7[5736:4]: mod_jk_secure finished (1 left) 2005.07.12 11:02:28 LOG7[5736:5]: mod_jk_secure started 2005.07.12 11:02:28 LOG7[5736:5]: TCP_NODELAY option set on local socket 2005.07.12 11:02:28 LOG5[5736:5]: mod_jk_secure connected from 127.0.0.1:57610 2005.07.12 11:02:28 LOG7[5736:5]: FD 0 in non-blocking mode 2005.07.12 11:02:28 LOG7[5736:5]: mod_jk_secure connecting 150.247.130.5:51001 2005.07.12 11:02:28 LOG7[5736:5]: connect_wait: waiting 10 seconds 2005.07.12 11:02:28 LOG7[5736:1]: mod_jk_secure accepted FD=1 from 127.0.0.1:57614 2005.07.12 11:02:28 LOG7[5736:1]: FD 1 in non-blocking mode 2005.07.12 11:02:29 LOG7[5736:6]: mod_jk_secure started 2005.07.12 11:02:29 LOG7[5736:6]: TCP_NODELAY option set on local socket 2005.07.12 11:02:29 LOG5[5736:6]: mod_jk_secure connected from 127.0.0.1:57614 2005.07.12 11:02:29 LOG7[5736:6]: FD 7 in non-blocking mode 2005.07.12 11:02:29 LOG7[5736:6]: mod_jk_secure connecting 150.247.130.5:51001 2005.07.12 11:02:29 LOG7[5736:6]: connect_wait: waiting 10 seconds 2005.07.12 11:02:29 LOG7[5736:5]: connect_wait: connected 2005.07.12 11:02:29 LOG7[5736:5]: Remote FD=0 initialized 2005.07.12 11:02:29 LOG7[5736:5]: TCP_NODELAY option set on remote socket 2005.07.12 11:02:29 LOG7[5736:5]: SSL state (connect): before/connect initialization 2005.07.12 11:02:29 LOG7[5736:5]: SSL state (connect): SSLv3 write client hello A 2005.07.12 11:02:29 LOG7[5736:6]: connect_wait: connected 2005.07.12 11:02:29 LOG7[5736:6]: Remote FD=7 initialized 2005.07.12 11:02:29 LOG7[5736:6]: TCP_NODELAY option set on remote socket 2005.07.12 11:02:29 LOG7[5736:6]: SSL state (connect): before/connect initialization 2005.07.12 11:02:29 LOG7[5736:6]: SSL state (connect): SSLv3 write client hello A All ideas welcome. I happen to know that the server side stunnel is down. SHouldn't the client side keep running under these circumstances? Thanks, Liz

1 0

stunnel 4.11 relaesed
by Michal Trojnara 12 Jul '05

12 Jul '05

Dear Users, Here is the ChangeLog entry: Version 4.11, 2005.07.09, urgency: MEDIUM: * New features - New ./configure option --with-threads to select thread model. - ./configure option --with-tcp-wrappers renamed to --disable-libwrap. I hope the meaning of the option is much more clear, now. * Bugfixes - Workaround for non-standard makecontext() uc_stack.ss_sp parameter semantics on Sparc/Solaris 9 and earlier. - scan_waiting_queue() no longer drops contexts. - Inetd mode coredumps with UCONTEXT fixed. - Cleanup context is no longer used. - Releasing memory of the current context is delayed. - Win32 headers reordered for Visual Studio 7. - Some Solaris compilation warnings fixed. - Rejected inetd mode without 'connect' or 'exec'. * Release notes - UCONTEXT threading seems stable, now. Upgrade is recommended. Home page, downloads: http://stunnel.mirt.net/ sha1sum for stunnel-4.11.tar.gz file: cf57169d591fbe3371a29e432d840e7f66103a9f Best regards, Mike

3 3

Stunnel-4.10 and Stunnel-4.11 in HPUX-11.23 IPF gives coredump
by Punitha 12 Jul '05

12 Jul '05

Hello All, I'm using HP-UX11.23 IPF. I have built Stunnel-4.11 with OpenSSL - 0.9.7e. I could build it successfully but I'm failed in connecting with telnet. After a while connecting to the telnet the client gets coredump and kills the process. So the connection is no more established. Note: I had the same problem in Stunnel-4.10 also but not before that. I could very well compile and use Stunnel-4.09. My configuration file for client is: cert = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem chroot = /opt/iexpress/stunnel/var/stunnel pid = setuid = root setgid = root CAfile = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem debug = 7 client = yes foreground = yes verify = 3 [test1] accept = 8080 connect = 9090 For server: cert = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem chroot = /opt/iexpress/stunnel/var/stunnel pid = setuid = root setgid = root CAfile = /opt/iexpress/stunnel/etc/stunnel/stunnel.pem debug = 6 client = no foreground = yes verify = 1 [test1] accept = 9090 connect = 23 The client log shows as follows: # ../../sbin/stunnel stunnel-client.conf 2005.07.10 23:39:26 LOG5[8909:1]: stunnel 4.11 on ia64-hp-hpux11.23 UCONTEXT+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004 2005.07.10 23:39:26 LOG7[8909:1]: Snagged 64 random bytes from /dev/random 2005.07.10 23:39:26 LOG7[8909:1]: RAND_status claims sufficient entropy for the PRNG 2005.07.10 23:39:26 LOG6[8909:1]: PRNG seeded successfully 2005.07.10 23:39:26 LOG7[8909:1]: Certificate: /home/punitha/stunnel1/etc/stunnel/stunnel.pem 2005.07.10 23:39:26 LOG7[8909:1]: Key file: /home/punitha/stunnel1/etc/stunnel/stunnel.pem 2005.07.10 23:39:26 LOG7[8909:1]: Loaded verify certificates from /home/punitha/stunnel1/etc/stunnel/stunnel.pem 2005.07.10 23:39:26 LOG6[8909:1]: file ulimit = 2048 (can be changed with 'ulimit -n') 2005.07.10 23:39:26 LOG6[8909:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.07.10 23:39:26 LOG5[8909:1]: 1000 clients allowed 2005.07.10 23:39:26 LOG7[8909:1]: FD 3 in non-blocking mode 2005.07.10 23:39:26 LOG7[8909:1]: FD 4 in non-blocking mode 2005.07.10 23:39:26 LOG7[8909:1]: FD 5 in non-blocking mode 2005.07.10 23:39:26 LOG7[8909:1]: SO_REUSEADDR option set on accept socket 2005.07.10 23:39:26 LOG7[8909:1]: test1 bound to 0.0.0.0:8080 2005.07.10 23:39:26 LOG7[8909:1]: No pid file being created 2005.07.10 23:40:08 LOG7[8909:1]: test1 accepted FD=8 from 127.0.0.1:49700 2005.07.10 23:40:08 LOG7[8909:1]: Creating a new context 2005.07.10 23:40:08 LOG7[8909:1]: Context 2 created 2005.07.10 23:40:08 LOG7[8909:2]: Context swap: 1 -> 2 Memory fault(coredump) # It will be helpful if anyone of you guide me in this. Thanx In Advance. Regards, Punitha, V.

2 3

Re: [stunnel-users] Poll/Descriptor Problem
by Andrew Gay 11 Jul '05

11 Jul '05

Hi I get the same/similar error messages using Stunnel 4.10 (client) on Solaris 9 (sparc). I also see some very large integer numbers (e.g. FD=2615261238) in the log which art file descriptors. Perhaps there is an issue with big/little endedness in the later Stunnel releases. I went back to using Stunnel 4.07 and the problems went away. Andrew Gay > > I am running Stunnel 4.09 on Mac OS X 10.4 to provide HTTPS service on > the standard ports (accept on 443, connect to 80). > > All connections are either truncated or dropped entirely, with the > following messages written to the log: > > ------------------------------------------ > https connected from ... > INTERNAL ERROR:s_poll_wait returned 1, but no descriptor is ready > Connection reset: XXXXXX bytes sent to SSL, XXX bytes sent to socket > ------------------------------------------ > > I've tried 4.10, but the result is exactly the same. > > Does anybody have any thoughts on what might be going on? > > Thanks, > John >

2 1

Poll/Descriptor Problem
by John O'Fallon 09 Jul '05

09 Jul '05

I am running Stunnel 4.09 on Mac OS X 10.4 to provide HTTPS service on the standard ports (accept on 443, connect to 80). All connections are either truncated or dropped entirely, with the following messages written to the log: ------------------------------------------ https connected from ... INTERNAL ERROR:s_poll_wait returned 1, but no descriptor is ready Connection reset: XXXXXX bytes sent to SSL, XXX bytes sent to socket ------------------------------------------ I've tried 4.10, but the result is exactly the same. Does anybody have any thoughts on what might be going on? Thanks, John

1 0

Re: [stunnel-users] Certificate renaming
by Paul Jones 07 Jul '05

07 Jul '05

>From the discussion here, I got the impression that it is still possible for Stunnel to run correctly and successful connections to be made if the certificate files are NOT renamed using the xxxxx.0 format, where xxxxx is the hash value of the certificate. So I simply placed the .crt files for all clients on the server (under the directory specified in the CApath field in the CONF file). Now, I've tried, tried, and tried, but it still doesn't work. I get a "bad certificate" error when attempting to connect from the client. Am I missing something? Note: I am running Stunnel on Win2K. Cheers. Paul _________________________________________________________________ Single? Start dating at Lavalife. Try our 7 day FREE trial! http://lavalife9.ninemsn.com.au/clickthru/clickthru.act?context=an99&locale…

1 0

Re: [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
by Douglas Phillipson 07 Jul '05

07 Jul '05

Should I have "protocol = pop3" in my config file? When I do, I get this from the stunnel log: 2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->() 2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN) 2005.07.06 12:46:54 LOG7[18045:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=4, (IN)->() 2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->() 2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN) 2005.07.06 12:46:54 LOG7[18045:2]: <- .g.. 2005.07.06 12:46:54 LOG3[18045:2]: Client does not want TLS 2005.07.06 12:46:54 LOG5[18045:2]: Protocol negotiation failed 2005.07.06 12:46:54 LOG3[18045:2]: Protocol negotiations failed 2005.07.06 12:46:54 LOG7[18045:2]: pop3s finished (0 left) 2005.07.06 12:46:54 LOG7[18045:2]: Context 2 closed 2005.07.06 12:46:54 LOG7[18045:0]: Waiting -1 second(s) for 2 file descriptor(s) Doug P Douglas Phillipson wrote: > I'm not sure it it applies but if I do: > > openssl s_client -connect 172.20.12.59:995 > > I get the following error: > > CONNECTED(00000003) > 17964:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: > > > Doug P > > > Douglas Phillipson wrote: > >> I have a Solaris 2.6 box and am trying to get pop3 over SSL running. I use: >> >> qpopper 4.0.5 >> openssl-0.9.7g >> stunnel 4.10 compiled with gcc 2.95.3 >> >> When I compiled stunnel it made a private ket and certificate in /usr/local/etc/stunnel/stunnel.pem. >> >> Do I need anything else? >> >> I have the following configuration: >> >> Inetd.conf: >> >> pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t /poplog >> >> stunnel.conf: >> >> cert = /usr/local/etc/stunnel/stunnel.pem >> key = /usr/local/etc/stunnel/stunnel.pem >> debug = 7 >> output = /stunnel.log >> pid = /stunnel.pid >> client = yes >> >> [pop3s] >> accept = 995 >> connect = 110 >> >> I run stunnel and get the following output: >> >> 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005 >> 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd >> 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd >> 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy for the PRNG >> 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully >> 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: /usr/local/etc/stunnel/stunnel.pem >> 2005.07.06 11:34:18 LOG7[17873:1]: Key file: /usr/local/etc/stunnel/stunnel.pem >> 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with 'ulimit -n') >> 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for file descriptors >> 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed >> 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode >> 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode >> 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode >> 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket >> 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995 >> 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid >> 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file descriptor(s) >> >> >> I connect via pop3 in thunderbird with ssl and qpopper always says: >> (null) at localhost (127.0.0.1): -ERR Unknown command: "". >> (nulI/O error flushing output to client at localhost [127.0.0.1]: Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error >> >> Stunnel says: >> >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN) >> 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 172.20.10.7:45464 >> 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context >> 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created >> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started >> 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode >> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket >> 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464 >> 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode >> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110 >> 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized >> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket >> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect initialization >> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write client hello A >> 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file descriptor(s) >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->() >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN) >> >> The mail never gets delivered to either Thunderbird or outlook express. >> I get a certificate approval request from Thunderbird to which I grant, then nothing. If I disable ssl in thunderbird the mail gets accepted normally. >> >> What might I be doing wrong??? >> >> Thanks >> >> Doug P

1 0

Re: [stunnel-users] Stunnel for pop3 on solaris 2.6 ( Even more info)
by Douglas Phillipson 07 Jul '05

07 Jul '05

If I set "client = no" in stunnels config file I get the following from: openssl s_client -connect 172.20.12.59:995 CONNECTED(00000003) depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1 verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1 verify return:1 30463:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: Is a "self signed" Cert OK? I didn't sign anything though. Compiling stunnel created a cert. Installing openssl I think created a cert. Do these need to match somehow? If so how do you do that? I think I'm lost here... Regards Doug P Douglas Phillipson wrote: > I have a Solaris 2.6 box and am trying to get pop3 over SSL running. I use: > > qpopper 4.0.5 > openssl-0.9.7g > stunnel 4.10 compiled with gcc 2.95.3 > > When I compiled stunnel it made a private ket and certificate in /usr/local/etc/stunnel/stunnel.pem. > > Do I need anything else? > > I have the following configuration: > > Inetd.conf: > > pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t /poplog > > stunnel.conf: > > cert = /usr/local/etc/stunnel/stunnel.pem > key = /usr/local/etc/stunnel/stunnel.pem > debug = 7 > output = /stunnel.log > pid = /stunnel.pid > client = yes > > [pop3s] > accept = 995 > connect = 110 > > I run stunnel and get the following output: > > 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005 > 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd > 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd > 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy for the PRNG > 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully > 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: /usr/local/etc/stunnel/stunnel.pem > 2005.07.06 11:34:18 LOG7[17873:1]: Key file: /usr/local/etc/stunnel/stunnel.pem > 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with 'ulimit -n') > 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for file descriptors > 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed > 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode > 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode > 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode > 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket > 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995 > 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid > 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file descriptor(s) > > > I connect via pop3 in thunderbird with ssl and qpopper always says: > (null) at localhost (127.0.0.1): -ERR Unknown command: "". > (nulI/O error flushing output to client at localhost [127.0.0.1]: Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error > > Stunnel says: > > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN) > 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 172.20.10.7:45464 > 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context > 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created > 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started > 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode > 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket > 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464 > 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode > 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110 > 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized > 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket > 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect initialization > 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write client hello A > 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file descriptor(s) > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->() > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN) > > The mail never gets delivered to either Thunderbird or outlook express. > I get a certificate approval request from Thunderbird to which I grant, then nothing. If I disable ssl in thunderbird the mail gets accepted normally. > > What might I be doing wrong??? > > Thanks > > Doug P > _______________________________________________ > stunnel-users mailing list > stunnel-users(a)mirt.net > http://stunnel.mirt.net/mailman/listinfo/stunnel-users

1 0

Stunnel for pop3 on solaris 2.6
by Douglas Phillipson 07 Jul '05

07 Jul '05

I have a Solaris 2.6 box and am trying to get pop3 over SSL running. I use: qpopper 4.0.5 openssl-0.9.7g stunnel 4.10 compiled with gcc 2.95.3 When I compiled stunnel it made a private ket and certificate in /usr/local/etc/stunnel/stunnel.pem. Do I need anything else? I have the following configuration: Inetd.conf: pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t /poplog stunnel.conf: cert = /usr/local/etc/stunnel/stunnel.pem key = /usr/local/etc/stunnel/stunnel.pem debug = 7 output = /stunnel.log pid = /stunnel.pid client = yes [pop3s] accept = 995 connect = 110 I run stunnel and get the following output: 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy for the PRNG 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: /usr/local/etc/stunnel/stunnel.pem 2005.07.06 11:34:18 LOG7[17873:1]: Key file: /usr/local/etc/stunnel/stunnel.pem 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with 'ulimit -n') 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file descriptor(s) I connect via pop3 in thunderbird with ssl and qpopper always says: (null) at localhost (127.0.0.1): -ERR Unknown command: "". (nulI/O error flushing output to client at localhost [127.0.0.1]: Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error Stunnel says: 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN) 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 172.20.10.7:45464 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect initialization 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write client hello A 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->() 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN) The mail never gets delivered to either Thunderbird or outlook express. I get a certificate approval request from Thunderbird to which I grant, then nothing. If I disable ssl in thunderbird the mail gets accepted normally. What might I be doing wrong??? Thanks Doug P

1 4

Certificate renaming
by Paul Jones 05 Jul '05

05 Jul '05

So what you are saying is that Stunnel will still work successfully and find the correct certificates if I do NOT name the certificate files using their hash values? And since my server will only have a maximum of 16 clients, finding the correct certificate shouldn't cause too many speed issues. Right? Cheers. Paul _________________________________________________________________ Sell your car for $9 on carpoint.com.au http://www.carpoint.com.au/sellyourcar

1 0