Hi,
Im using stunnel through xinetd to forward some local unencrypted ldap
connections to our ssl ldap server. Seems to work ok but after each use
the stunnel process does not terminate, so I end up with losts of
processes not doing anything.
After a few days, these processes reach a limit and connections fail.
As you can see, the connection has finished, but the process still exists:
[root@lynx stunnel]# ps -e | grep stunnel
2396 ? 00:00:00 stunnel
2517 ? 00:00:00 stunnel
2575 ? 00:00:00 stunnel
2576 ? 00:00:00 stunnel
[root@lynx stunnel]# netstat -p | grep stunnel
tcp 0 0 lynx.seekit.co.uk:ldaplo
lynx.seekit.co.uk:60390 CLOSE_WAIT 2396/stunnel
unix 2 [ ] DGRAM 3204569 2576/stunnel
unix 2 [ ] DGRAM 3204562 2575/stunnel
unix 2 [ ] DGRAM 3203127 2517/stunnel
unix 2 [ ] DGRAM 3202108 2396/stunnel
Heres the xinetd configuration for stunnel (/etc/xinetd.d/ldaplo):
# default: on
# description: Stunnel to connect to LDAP for an insecure local session
service ldaplo
{
disable = no
#flags = REUSE
port = 390
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/stunnel
server_args = /etc/stunnel/ldap.conf
# log_on_failure += USERID
}
Heres the stunnel configuration file (/etc/stunnel/ldap.conf):
client = yes
connect = 636
Cheers,
Alex Forrow