stunnel-users

stunnel-users@stunnel.org

5 participants
3293 discussions

stunnel 5.73 released
by Michał Trojnara 09 Sep '24

09 Sep '24

Dear Users, I have released version 5.73 of stunnel. ### Version 5.73, 2024.09.09, urgency: MEDIUM * Security bugfixes - OpenSSL DLLs updated to version 3.3.2. - OpenSSL FIPS Provider updated to version 3.0.9. * Bugfixes - Fixed a memory leak while reloading stunnel.conf sections with "client=yes" and "delay=no". - Fixed TIMEOUTocsp with values greater than 4. - Fix the IPv6 test on a non-IPv6 machine. * Features - HELO replaced with EHLO in the post-STARTTLS SMTP protocol negotiation (thx to Peter Pentchev). - OCSP stapling fetches moved away from server threads. - Improved client-side session resumption. - Added support for the mimalloc allocator. - Check for protocolHost moved to configuration file processing for the client-side CONNECT protocol. - Clarified some confusing OpenSSL's certificate verification error messages. - stunnel.nsi updated for Debian 13 and Fedora. - Improved NetBSD compatibility. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: bc917c3bcd943a4d632360c067977a31e85e385f5f4845f69749bce88183cb38 stunnel-5.73.tar.gz d686b1a4135947718e7a8157a8cb6694ed50e2267713de1972941148a8859789 stunnel-5.73-win64-installer.exe 9d6065ea1e7fa59405b5a152eeeaed9296bd5a0d2b11964800e95867e7391f16 stunnel-5.73-android.zip Best regards, Mike

1 0

Re: GMail and OAuth 2.0
by meirman＠fastmail.com 02 Sep '24

02 Sep '24

I would prefer to use stunnel, which I used for 10 or 20 years until recently, but this proxy is supposed to work for the new problem: SIMON ROB'S EMAIL-OAUTH2-PROXY Go to https://github.com/simonrob/email-oauth2-proxy/releases Download emailproxy-YYYY-MM-DD_pyinstaller-Windows.zip from the most recent release. Unzip the emailproxy-YYYY-MM-DD_pyinstaller-Windows.zip file, extracting the contents to the desired location; avoid the protected system folders such as "Program Files", "Program Files (x86)", etc. Right-click each extracted file, go to Properties, and enable "Unblock"..... Write me at traveler(a)mm.st if you want me to post the rest of the instructions. Maybe experienced people don't need them. I havent' tried to install either this or stunnel yet.

1 0

No key from stunnel TLS handshake ?
by atritium＠hushmail.com 31 Aug '24

31 Aug '24

In a TLS handshake, the server presents the signed public key (certificate from a CA) to the client to use so that it doesn't have to be pre-existing in a file on the arbitrary systems making connections. Am I correct that stunnel does NOT do this? It appears stunnel clients MUST have a pre-existing -file- containing the server's signed public key and pointed at in the config file's CAfile setting. Sort of like "authorized_keys" file for ssh, except the certificates have short lifespans before going invalid. This makes authentication unworkable for services that could have thousands of semi-random people connecting, especially with certificate lifespans creeping down to 1 year and probably months. Even if the certificate was bundled in the initial stunnel set-up, remote clients would have to constantly be updating the file. If this is correct, I wonder why stunnel doesn't handle the TLS handshake like a browser and supply the current server public certificate for the client to authenticate. It seems like stunnel is presupposing a handful of clients in close contact who can be constantly fed current certificates to place in files on their machine. Really limits usability of the tool. Or maybe I am missing something (?)

4 3

Peer suddenly disconnected
by noel.melvin＠tcs.com 20 Aug '24

20 Aug '24

We are seeing these messages after the stunnel application was closed and opened. LOG3[81]: SSL_accept: Peer suddenly disconnected Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket What could be the issue.

1 0

Re: stunnel 5.71 released
by Daniel Moerker 14 Aug '24

14 Aug '24

Dear Michal We are running Stunnel version 5.72 as TLS proxy for internal API in server mode on Windows. The server has no direct internet access. [my_tls_proxy] sslVersionMin = TLSv1.2 accept = 8443 connect = 1234 cert = mycert.pem OCSPaia = no OCSPrequire = no Is there a way to disable the OCSP connection attempts? The log is full of: 2024.08.14 16:20:26 LOG5[32]: OCSP: Connecting the AIA responder " http://ocsp.globalsign.com/gsrsaovsslca2018" 2024.08.14 16:20:27 LOG3[28]: s_connect: connect 104.18.21.226:80: Connection refused (WSAECONNREFUSED) (10061) Many thanks in advance for your reply. BR, Daniel

1 0

stunnel reload - existing connections
by Stewart Anderson 13 Aug '24

13 Aug '24

> >Hi All, I have seen this question asked a few times, but no replies that I could see. I have my stunnel services set in different service (.conf ) files and when I reload the config they all load fine. What does stunnel do with the existing connections? i.e. when I add a new service config and then do a reload, are the existing connections explicitly dropped and reloaded or can they by dynamically updated without interrupting the connection? For me, this specifically is when I add a new service on a new port, no changes to existing services. cheers Stu >

1 1

Problems with stunnel segfaulting on every connection
by jml＠bigjar.com 12 Aug '24

12 Aug '24

Hello, I’m running into a problem with stunnel segfaulting on me. I’m not sure if it’s a NetBSD problem or an stunnel problem. The following combinations work: NetBSD-10.0/stunnel 5.57 Debian/stunnel 5.50 Fedora/stunnel 5.72 Unfortunately, what doesn’t work for me is: NetBSD-10.0/stunnel 5.71 (or 5.7.2) NetBSD-9.x/stunnel 5.71 It looks like stunnel is doing something related to OCSP and the response causes it to crash. The certificate is a wildcard for my domain, bigjar.com. Here’s a snippet of the output right before the segfault: 2024.08.04 13:47:35 LOG7[0]: SNI: no virtual services defined 2024.08.04 13:47:35 LOG7[0]: OCSP stapling: Server callback called 2024.08.04 13:47:35 LOG6[0]: OCSP: The root CA certificate was not found 2024.08.04 13:47:35 LOG5[0]: OCSP: Connecting the AIA responder "http://e5.o.lencr.org" Segmentation fault (core dumped) I rolled back to an earlier certificate issued by sectigo and got the same result: 2024.08.05 15:11:01 LOG7[0]: OCSP stapling: Server callback called 2024.08.05 15:11:01 LOG5[0]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" There were some issues getting stunnel to run with the correct version of OpenSSL (the “pkgsrc” version), but those have been fixed. Any suggestions are greatly appreciated! Thanks, Jason M. Full /usr/pkg/etc/stunnel/stunnel.conf —————————————————— foreground = yes debug = 7 CAPath = /etc/openssl/certs [imaps] accept = 993 connect = 10.100.0.75:143 cert = /path/wildcard.bigjar.com.pem OCSPaia = no Full stunnel output: 2024.08.05 15:22:13 LOG6[ui]: Initializing inetd mode configuration 2024.08.05 15:22:13 LOG7[ui]: Clients allowed=500 2024.08.05 15:22:13 LOG5[ui]: stunnel 5.71 on x86_64--netbsd platform 2024.08.05 15:22:13 LOG5[ui]: Compiled/running with OpenSSL 3.3.1 4 Jun 2024 2024.08.05 15:22:13 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP 2024.08.05 15:22:13 LOG7[ui]: errno: (*__errno()) 2024.08.05 15:22:13 LOG6[ui]: Initializing inetd mode configuration 2024.08.05 15:22:13 LOG5[ui]: Reading configuration from file /usr/pkg/etc/stunnel/stunnel.conf 2024.08.05 15:22:13 LOG5[ui]: UTF-8 byte order mark not detected 2024.08.05 15:22:13 LOG6[ui]: Compression disabled 2024.08.05 15:22:13 LOG7[ui]: No PRNG seeding was required 2024.08.05 15:22:13 LOG6[ui]: Initializing service [imaps] 2024.08.05 15:22:13 LOG7[ui]: Initializing context [imaps] 2024.08.05 15:22:13 LOG6[ui]: OpenSSL security level is used: 2 2024.08.05 15:22:13 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2024.08.05 15:22:13 LOG7[ui]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2024.08.05 15:22:13 LOG7[ui]: TLS options: 0x2100000 (+0x0, -0x0) 2024.08.05 15:22:13 LOG6[ui]: Session resumption enabled 2024.08.05 15:22:13 LOG6[ui]: Loading certificate from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG6[ui]: Certificate loaded from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG6[ui]: Loading private key from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG6[ui]: Private key loaded from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG7[ui]: Private key check succeeded 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, O=FNMT-RCM, OU=Ceres, organizationIdentifier=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Commercial 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Networking 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Premium 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=Atos TrustedRoot 2011, O=Atos, C=DE 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Certainly, CN=Certainly Root E1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Certainly, CN=Certainly Root R1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=FR, O=Dhimyotis, CN=Certigna 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust ECC Root-01 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust ECC Root-02 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust RSA Root-01 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust RSA Root-02 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="DigiCert, Inc.", CN=DigiCert TLS ECC P384 Root G5 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="DigiCert, Inc.", CN=DigiCert TLS RSA4096 Root G5 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - EC1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN=GDCA TrustAUTH R5 ROOT 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O="Chunghwa Telecom Co., Ltd.", CN=HiPKI Root CA - G1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Internet Security Research Group, CN=ISRG Root X1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Internet Security Research Group, CN=ISRG Root X2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, O=IZENPE S.A., CN=Izenpe.com 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, emailAddress=info(a)e-szigno.hu 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign RootCA11 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SSL Corporation, CN=SSL.com TLS RSA Root CA 2022 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root E46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SecureTrust Corporation, CN=SecureTrust CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SecureTrust Corporation, CN=Secure Global CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=Security Communication ECC RootCA1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=Security Communication RootCA3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS ECC Root 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS RSA Root 2023 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: O=TeliaSonera, CN=TeliaSonera Root CA v1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="TrustAsia Technologies, Inc.", CN=TrustAsia Global Root CA G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="TrustAsia Technologies, Inc.", CN=TrustAsia Global Root CA G4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Illinois, L=Chicago, O="Trustwave Holdings, Inc.", CN=Trustwave Global Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Illinois, L=Chicago, O="Trustwave Holdings, Inc.", CN=Trustwave Global ECC P256 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Illinois, L=Chicago, O="Trustwave Holdings, Inc.", CN=Trustwave Global ECC P384 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=UniTrust, CN=UCA Extended Validation Root 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=UniTrust, CN=UCA Global G2 Root 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=RO, O=certSIGN, OU=certSIGN ROOT CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HU, L=Budapest, O=Microsec Ltd., organizationIdentifier=VATHU-23584497, CN=e-Szigno Root CA 2017 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="iTrusChina Co.,Ltd.", CN=vTrus ECC Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="iTrusChina Co.,Ltd.", CN=vTrus Root CA 2024.08.05 15:22:13 LOG7[ui]: OCSP: Server OCSP stapling enabled 2024.08.05 15:22:13 LOG6[ui]: DH initialization skipped: no DH ciphersuites 2024.08.05 15:22:13 LOG7[ui]: ECDH initialization 2024.08.05 15:22:13 LOG7[ui]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2024.08.05 15:22:13 LOG5[ui]: Configuration successful 2024.08.05 15:22:13 LOG7[ui]: Deallocating deployed section defaults 2024.08.05 15:22:13 LOG7[ui]: Cleaning up context [stunnel] 2024.08.05 15:22:13 LOG7[ui]: Binding service [imaps] 2024.08.05 15:22:13 LOG7[ui]: Listening file descriptor created (FD=9) 2024.08.05 15:22:13 LOG7[ui]: Setting accept socket options (FD=9) 2024.08.05 15:22:13 LOG7[ui]: Option SO_REUSEADDR set on accept socket 2024.08.05 15:22:13 LOG6[ui]: Service [imaps] (FD=9) bound to :::993 2024.08.05 15:22:13 LOG7[ui]: Listening file descriptor created (FD=10) 2024.08.05 15:22:13 LOG7[ui]: Setting accept socket options (FD=10) 2024.08.05 15:22:13 LOG7[ui]: Option SO_REUSEADDR set on accept socket 2024.08.05 15:22:13 LOG6[ui]: Service [imaps] (FD=10) bound to 0.0.0.0:993 2024.08.05 15:22:13 LOG7[ui]: No pid file being created 2024.08.05 15:22:13 LOG6[ui]: Accepting new connections 2024.08.05 15:22:13 LOG7[per-second]: Per-second thread initialized 2024.08.05 15:22:13 LOG7[per-day]: Per-day thread initialized 2024.08.05 15:22:13 LOG6[per-day]: Executing per-day jobs 2024.08.05 15:22:13 LOG6[per-day]: Per-day jobs completed in 0 seconds 2024.08.05 15:22:13 LOG7[per-day]: Waiting 86400 seconds 2024.08.05 15:22:34 LOG7[ui]: Found 1 ready file descriptor(s) 2024.08.05 15:22:34 LOG7[ui]: FD=4 events=0x1 revents=0x0 2024.08.05 15:22:34 LOG7[ui]: FD=9 events=0x1 revents=0x0 2024.08.05 15:22:34 LOG7[ui]: FD=10 events=0x1 revents=0x1 2024.08.05 15:22:34 LOG7[ui]: Service [imaps] accepted (FD=3) from 192.168.10.127:50130 2024.08.05 15:22:34 LOG7[0]: Service [imaps] started 2024.08.05 15:22:34 LOG7[0]: Setting local socket options (FD=3) 2024.08.05 15:22:34 LOG7[0]: Option TCP_NODELAY set on local socket 2024.08.05 15:22:34 LOG5[0]: Service [imaps] accepted connection from 192.168.10.127:50130 2024.08.05 15:22:34 LOG6[0]: Peer certificate not required 2024.08.05 15:22:34 LOG7[0]: TLS state (accept): before SSL initialization 2024.08.05 15:22:34 LOG7[0]: TLS state (accept): before SSL initialization 2024.08.05 15:22:34 LOG7[0]: Initializing application specific data for session authenticated 2024.08.05 15:22:34 LOG7[0]: SNI: no virtual services defined 2024.08.05 15:22:34 LOG7[0]: OCSP stapling: Server callback called 2024.08.05 15:22:34 LOG5[0]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" Segmentation fault (core dumped) uname -a from the clean NetBSD 10.0 install ——————————————————————— NetBSD Thundercats.virtual.bigjar.com 10.0 NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64 dmesg from the same system ——————————— [ 1.000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, [ 1.000000] 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, [ 1.000000] 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, [ 1.000000] 2024 [ 1.000000] The NetBSD Foundation, Inc. All rights reserved. [ 1.000000] Copyright (c) 1982, 1986, 1989, 1991, 1993 [ 1.000000] The Regents of the University of California. All rights reserved. [ 1.000000] NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024 [ 1.000000] mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC [ 1.000000] total memory = 2047 MB [ 1.000000] avail memory = 1953 MB [ 1.000000] timecounter: Timecounters tick every 10.000 msec [ 1.000000] Kernelized RAIDframe activated [ 1.000000] timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100 [ 1.000004] mainbus0 (root) [ 1.000004] ACPI: RSDP 0x00000000000F5220 000014 (v00 BOCHS ) [ 1.000004] ACPI: RSDT 0x000000007FFE3036 000038 (v01 BOCHS BXPC 00000001 BXPC 00 [ 1.000004] ACPI: FACP 0x000000007FFE2E08 000074 (v01 BOCHS BXPC 00000001 BXPC 00 [ 1.000004] ACPI: DSDT 0x000000007FFDF040 003DC8 (v01 BOCHS BXPC 00000001 BXPC 0 [ 1.000004] ACPI: FACS 0x000000007FFDF000 000040 [ 1.000004] ACPI: APIC 0x000000007FFE2E7C 000090 (v03 BOCHS BXPC 00000001 BXPC 00 [ 1.000004] ACPI: SSDT 0x000000007FFE2F0C 0000CA (v01 BOCHS VMGENID 00000001 BXPC [ 1.000004] ACPI: HPET 0x000000007FFE2FD6 000038 (v01 BOCHS BXPC 00000001 BXPC 00 [ 1.000004] ACPI: WAET 0x000000007FFE300E 000028 (v01 BOCHS BXPC 00000001 BXPC 00 [ 1.000004] ACPI: 2 ACPI AML tables successfully acquired and loaded [ 1.000004] ioapic0 at mainbus0 apid 0: pa 0xfec00000, version 0x11, 24 pins [ 1.000004] cpu0 at mainbus0 apid 0 [ 1.000004] cpu0: Use lfence to serialize rdtsc [ 1.000004] cpu0: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, id 0x1067a [ 1.000004] cpu0: node 0, package 0, core 0, smt 0 [ 1.000004] cpu1 at mainbus0 apid 1 [ 1.000004] cpu1: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, id 0x1067a [ 1.000004] cpu1: node 0, package 0, core 1, smt 0 [ 1.000004] cpu2 at mainbus0 apid 2 [ 1.000004] cpu2: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, id 0x1067a [ 1.000004] cpu2: node 0, package 1, core 0, smt 0 [ 1.000004] cpu3 at mainbus0 apid 3 [ 1.000004] cpu3: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, id 0x1067a [ 1.000004] cpu3: node 0, package 1, core 1, smt 0 [ 1.000004] acpi0 at mainbus0: Intel ACPICA 20221020 [ 1.000004] acpi0: X/RSDT: OemId <BOCHS ,BXPC ,00000001>, AslId <BXPC,00000001> [ 1.000004] LNKS: ACPI: Found matching pin for 0.1.INTA at func 3: 9 [ 1.000004] LNKD: ACPI: Found matching pin for 0.1.INTD at func 2: 11 [ 1.000004] LNKC: ACPI: Found matching pin for 0.3.INTA at func 0: 11 [ 1.000004] LNKA: ACPI: Found matching pin for 0.5.INTA at func 0: 10 [ 1.000004] LNKB: ACPI: Found matching pin for 0.18.INTA at func 0: 10 [ 1.000004] LNKB: ACPI: Found matching pin for 0.30.INTA at func 0: 10 [ 1.000004] LNKC: ACPI: Found matching pin for 0.31.INTA at func 0: 11 [ 1.000004] acpi0: SCI interrupting at int 9 [ 1.000004] acpi0: fixed power button present [ 1.000004] timecounter: Timecounter "ACPI-Fast" frequency 3579545 Hz quality 1000 [ 1.026231] hpet0 at acpi0: high precision event timer (mem 0xfed00000-0xfed00400) [ 1.026231] timecounter: Timecounter "hpet0" frequency 100000000 Hz quality 2000 [ 1.029336] qemufwcfg0 at acpi0 (FWCF, QEMU0002): io 0x510-0x51b [ 1.029336] qemufwcfg0: <QEMU> [ 1.029336] pckbc1 at acpi0 (KBD, PNP0303) (kbd port): io 0x60,0x64 irq 1 [ 1.029336] pckbc2 at acpi0 (MOU, PNP0F13) (aux port): irq 12 [ 1.029336] fdc0 at acpi0 (FDC0, PNP0700): io 0x3f2-0x3f5,0x3f7 irq 6 drq 2 [ 1.029336] VGEN (QEMUVGID) at acpi0 not configured [ 1.029336] ACPI: Enabled 3 GPEs in block 00 to 0F [ 1.029336] pckbd0 at pckbc1 (kbd slot) [ 1.029336] pckbc1: using irq 1 for kbd slot [ 1.029336] wskbd0 at pckbd0: console keyboard [ 1.029336] pms0 at pckbc1 (aux slot) [ 1.029336] pckbc1: using irq 12 for aux slot [ 1.029336] wsmouse0 at pms0 mux 0 [ 1.029336] pci0 at mainbus0 bus 0: configuration mode 1 [ 1.029336] pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok [ 1.029336] pchb0 at pci0 dev 0 function 0: Intel 82441FX (PMC) PCI and Memory Controller (rev. 0x0 [ 1.029336] pcib0 at pci0 dev 1 function 0: Intel 82371SB (PIIX3) PCI-ISA Bridge (rev. 0x00) [ 1.029336] piixide0 at pci0 dev 1 function 1: Intel 82371SB IDE Interface (PIIX3) (rev. 0x00) [ 1.029336] piixide0: bus-master DMA support present [ 1.029336] piixide0: primary channel wired to compatibility mode [ 1.029336] piixide0: primary channel interrupting at ioapic0 pin 14 [ 1.029336] atabus0 at piixide0 channel 0 [ 1.029336] piixide0: secondary channel wired to compatibility mode [ 1.029336] piixide0: secondary channel interrupting at ioapic0 pin 15 [ 1.029336] atabus1 at piixide0 channel 1 [ 1.029336] uhci0 at pci0 dev 1 function 2: Intel 82371SB (PIIX3) USB Host Controller (rev. 0x01) [ 1.029336] uhci0: interrupting at ioapic0 pin 11 [ 1.029336] usb0 at uhci0: USB revision 1.0 [ 1.029336] piixpm0 at pci0 dev 1 function 3: Intel 82371AB (PIIX4) Power Management Controller (rev [ 1.029336] timecounter: Timecounter "piixpm0" frequency 3579545 Hz quality 1000 [ 1.029336] piixpm0: 24-bit timer [ 1.029336] piixpm0: interrupting at ioapic0 pin 9 [ 1.029336] iic0 at piixpm0 port 0: I2C bus [ 1.029336] vga0 at pci0 dev 2 function 0: vendor 1234 product 1111 (rev. 0x02) [ 1.029336] wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation), using wskbd0 [ 1.029336] wsmux1: connecting to wsdisplay0 [ 1.029336] drm at vga0 not configured [ 1.029336] virtio0 at pci0 dev 3 function 0 [ 1.029336] virtio0: memory balloon device (id 5, rev. 0x00) [ 1.029336] viomb0 at virtio0: features: 0x10000000<INDIRECT_DESC> [ 1.029336] virtio0: allocated 8192 byte for virtqueue 0 for inflate, size 128 [ 1.029336] virtio0: allocated 8192 byte for virtqueue 1 for deflate, size 128 [ 1.029336] virtio0: interrupting at ioapic0 pin 11 [ 1.029336] ppb0 at pci0 dev 5 function 0: Red Hat Qemu PCI-PCI (rev. 0x00) [ 1.029336] pci1 at ppb0 bus 1 [ 1.029336] pci1: i/o space, memory space enabled [ 1.029336] wm0 at pci0 dev 18 function 0, 64-bit DMA: Intel i82540EM 1000BASE-T Ethernet (rev. 0x [ 1.029336] wm0: interrupting at ioapic0 pin 10 [ 1.029336] wm0: 32-bit 33MHz PCI bus [ 1.029336] wm0: 64 words (6 address bits) MicroWire EEPROM [ 1.029336] wm0: RX packet buffer size: 48KB [ 1.029336] wm0: Ethernet address bc:24:11:28:4e:0d [ 1.029336] wm0: 0x200002<LOCK_EECD,WOL> [ 1.029336] makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 0 [ 1.029336] makphy0: Failed to access EADR. Are you an emulator? [ 1.029336] makphy0: Failed to read EXTSR. Are you an emulator?. Regard as 1000BASE-T. [ 1.029336] makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-F [ 1.029336] ppb1 at pci0 dev 30 function 0: Red Hat Qemu PCI-PCI (rev. 0x00) [ 1.029336] pci2 at ppb1 bus 2 [ 1.029336] pci2: i/o space, memory space enabled [ 1.029336] ppb2 at pci0 dev 31 function 0: Red Hat Qemu PCI-PCI (rev. 0x00) [ 1.029336] pci3 at ppb2 bus 3 [ 1.029336] pci3: i/o space, memory space enabled [ 1.029336] isa0 at pcib0 [ 1.029336] attimer0 at isa0 port 0x40-0x43 [ 1.029336] pcppi0 at isa0 port 0x61 [ 1.029336] spkr0 at pcppi0: PC Speaker [ 1.029336] wsbell at spkr0 not configured [ 1.029336] midi0 at pcppi0: PC speaker [ 1.029336] sysbeep0 at pcppi0 [ 1.029336] attimer0: attached to pcppi0 [ 1.029336] acpicpu0 at cpu0: ACPI CPU [ 1.029336] acpicpu0: C1: HLT, lat 0 us, pow 0 mW [ 1.029336] vmt0 at cpu0 [ 1.029336] vmt0: UUID: 744f4106-92e9-4346-8075-d18275f8edfd [ 1.029336] vmware: open failed, eax=0xffffffff, ecx=0x1e, edx=0x5658 [ 1.029336] vmt0: autoconfiguration error: failed to open backdoor RPC channel (TCLO protocol) [ 1.029336] acpicpu1 at cpu1: ACPI CPU [ 1.029336] acpicpu2 at cpu2: ACPI CPU [ 1.029336] acpicpu3 at cpu3: ACPI CPU [ 1.029336] timecounter: Timecounter "clockinterrupt" frequency 100 Hz quality 0 [ 2.044826] IPsec: Initialized Security Association Processing. [ 2.054842] uhub0 at usb0: NetBSD (0x0000) UHCI root hub (0x0000), class 9/0, rev 1.00/1.00, addr [ 2.054842] uhub0: 2 ports with 2 removable, self powered [ 3.744874] uhidev0 at uhub0 port 1 configuration 1 interface 0 [ 3.744874] uhidev0: QEMU (0x0627) QEMU USB Tablet (0x0001), rev 2.00/0.00, addr 2, iclass 3/0 [ 3.754781] ums0 at uhidev0: 3 buttons and Z dir [ 3.754781] wsmouse1 at ums0 mux 0 [ 5.034767] wd0 at atabus0 drive 0 [ 5.034767] wd0: <QEMU HARDDISK> [ 5.044755] wd0: drive supports 16-sector PIO transfers, LBA48 addressing [ 5.044755] wd0: 256 GB, 532610 cyl, 16 head, 63 sec, 512 bytes/sect x 536870912 sectors [ 5.054776] wd0: GPT GUID: 42a7e333-2c05-4cbd-8664-1555d1755017 [ 5.054776] dk0 at wd0: "f0a8b571-d30a-43a6-a0ef-191b9afe08e7", 16777216 blocks at 2048, typ [ 5.054776] dk1 at wd0: "926b4afc-b71b-4615-9fd2-a2a845a4d129", 4194304 blocks at 1677926 [ 5.067931] dk2 at wd0: "da56269b-1ddb-4cb8-a470-e689f1e1dbe5", 515897311 blocks at 20973 [ 5.067931] wd0: 32-bit data port [ 5.067931] wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100) [ 5.067931] wd0(piixide0:0:0): using PIO mode 4, DMA mode 2 (using DMA) [ 5.067931] atapibus0 at atabus1: 2 targets [ 5.074732] cd0 at atapibus0 drive 0: <QEMU DVD-ROM, QM00003, 2.5+> cdrom removable [ 5.074732] cd0: 32-bit data port [ 5.074732] cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100) [ 5.074732] cd0(piixide0:1:0): using PIO mode 4, DMA mode 2 (using DMA) [ 5.084749] swwdog0: software watchdog initialized [ 5.104732] WARNING: 1 error while detecting hardware; check system log. [ 5.104732] boot device: wd0 [ 5.104732] root on dk0 dumps on dk1 [ 5.104732] root file system type: ffs [ 5.114878] kern.module.path=/stand/amd64/10.0/modules [ 20.034308] wsdisplay0: screen 1 added (80x25, vt100 emulation) [ 20.044324] wsdisplay0: screen 2 added (80x25, vt100 emulation) [ 20.054309] wsdisplay0: screen 3 added (80x25, vt100 emulation) [ 20.054309] wsdisplay0: screen 4 added (80x25, vt100 emulation)

3 2

Response not received
by hiren.bhatt＠westernunion.com 11 Aug '24

11 Aug '24

Here is current setup. Linux Server - Application ==> Stunnel in Client mode ==> Network ==> F5 havingTLS cert to decrypt traffic. We are runnign Stunnel in client mode to encrypt traffic with detination F5. F5 is equipped with TLS cert which decrypts traffic. Setup is working fine but we see some 0.2% traffic is impacted where Stunnel calling app in client side does not receive response. We are not running Stunnel on Server mode on destination. Packet capture does not show any abnormalities. Stunnel used by use is 4.62 coming out of Redhat distribution. We are clueless on traffic drop. Anyone with similar experiences can help?

1 0

stunnel for postgres
by Casey & Gina 10 Aug '24

10 Aug '24

Hi! I'm trying to set up stunnel for postgres, and cannot get it working. For the moment, I'm just trying to test locally on a Mac. I have set up postgres SSL correctly and confirmed that direct connections to the db with psql work with SSL. Here's the most promising config I've come up with: foreground = yes client = yes [postgresql] protocol = pgsql accept = 127.0.0.1:5433 connect = 127.0.0.1:5432 verify = 0 cert = /opt/homebrew/var/postgresql(a)16/server.crt key = /opt/homebrew/var/postgresql(a)16/server.key CAfile = /opt/homebrew/var/postgresql(a)16/ca.crt Here's what I'm getting: $ PGSSLMODE=disable psql -h 127.0.0.1 -p 5432 -U casey -d postgres -c 'select 1' -At 1 $ PGSSLMODE=require psql -h 127.0.0.1 -p 5432 -U casey -d postgres -c 'select 1' -At 1 $ PGSSLMODE=disable psql -h 127.0.0.1 -p 5433 -U casey -d postgres -c 'select 1' -At psql: error: connection to server at "127.0.0.1", port 5433 failed: server offered SCRAM-SHA-256-PLUS authentication over a non-SSL connection $ PGSSLMODE=require psql -h 127.0.0.1 -p 5433 -U casey -d postgres -c 'select 1' -At psql: error: connection to server at "127.0.0.1", port 5433 failed: FATAL: unsupported frontend protocol 1234.5679: server supports 3.0 to 3.0 Also, is it possible to connect to stunnel via UNIX socket instead of TCP? Thanks, -- Casey

3 2

Help
by Hugo Sarkissian 10 Aug '24

10 Aug '24

Hello, Tried to configure stunnel linked to pdm (solidworks) When I try I have an error : Service [ssmtp] started 2024.07.30 15:01:27 LOG7[1]: Setting local socket options (FD=1184) 2024.07.30 15:01:27 LOG7[1]: Option TCP_NODELAY set on local socket 2024.07.30 15:01:27 LOG5[1]: Service [ssmtp] accepted connection from 127.0.0.1:60652 2024.07.30 15:01:27 LOG6[1]: Peer certificate not required 2024.07.30 15:01:27 LOG7[1]: TLS state (accept): before SSL initialization 2024.07.30 15:01:37 LOG7[1]: TLS alert (write): fatal: record overflow 2024.07.30 15:01:37 LOG3[1]: error queue: ssl/record/rec_layer_s3.c:645: error:0A000139:SSL routines::record layer failure 2024.07.30 15:01:37 LOG3[1]: SSL_accept: ssl/record/methods/tls_common.c:654: error:0A0000C6:SSL routines::packet length too long 2024.07.30 15:01:37 LOG5[1]: Connection reset/closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2024.07.30 15:01:37 LOG7[1]: Local descriptor (FD=1184) closed 2024.07.30 15:01:37 LOG7[1]: Service [ssmtp] finished (0 left) My config : ; Configuration de Stunnel ; Niveau de journalisation debug = 7 output = stunnel.log ; Service SMTP sécurisé [ssmtp] accept = 127.0.0.1:25 connect = 127.0.0.1:587 cert = C:\Program Files (x86)\stunnel\config\stunnel.pem key = C:\Program Files (x86)\stunnel\config\stunnel.pem ; Protocoles et suites de chiffrement sslVersion = all ciphers = ALL:!aNULL:!MD5 renegotiation = no options = NO_SSLv2 TIMEOUTclose = 0 Can you help me please [cid:logopiabgroup_89c2c8d4-09f6-4cf6-87f9-3682b4094f7c.jpg] Hugo Sarkissian IT Operation Support Technician Piab Group Montelier FR (+33) 7 88 06 22 31 Hugo.Sarkissian(a)piabgroup.com<mailto:hugo.sarkissian@piabgroup.com> Please consider your environmental responsibility. Before printing this email message, ask yourself whether you really need a hard copy.

2 1

Jump to page: