Re: [stunnel-users] stunnel 4.36 execution problem on Solaris 10

Unforutnately, although I've got stunnel 4.36 built OK using Sun Studio, it's not running correctly.

As a test, I'm using stunnel to provide an SSL wrapper for (Apache) httpd. The first client connection (using curl or "openssl s_client") works without problem, but subsequent connections just sit there with no log output (and "truss -f" showing it just sitting at 25346: read(5, 0xFFBFFB44, 4) (sleeping...) ). The stunnel configuration file works perfectly with stunnel-4.34.

Running "netstat -an | fgrep 480" (where 480 is stunnel's listening port) shows: - before the first client connection *.480 *.* 0 0 49152 0 LISTEN - after the first [successful] client connection *.480 *.* 0 0 49152 0 LISTEN - after the second client connection attempt [unsuccessful] *.480 *.* 0 0 49152 0 LISTEN 192.168.1.23.48371 192.168.1.23.480 49152 0 49152 0 ESTABLISHED 192.168.1.23.480 192.168.1.23.48371 49152 0 49152 0 ESTABLISHED

The config file: ================ ; global

chroot = /var/stunnel/server/chroot setuid = stunnel0 setgid = stunnel0 ; testing debug = debug foreground = yes

[stunnel-server] libwrap = yes client = no accept = 480 connect = 80 key = /etc/local/apache/ssl.key/myhost.key cert = /etc/local/apache/ssl.crt/myhost.chain ciphers = HIGH sslVersion = TLSv1 ================

The log: ================ 2011.05.10 12:12:42 LOG5[24551:1]: Reading configuration from file /etc/local/stunnel/stunnel.conf.server 2011.05.10 12:12:42 LOG7[24551:1]: Snagged 64 random bytes from //.rnd 2011.05.10 12:12:42 LOG7[24551:1]: Wrote 1024 new random bytes to //.rnd 2011.05.10 12:12:42 LOG7[24551:1]: PRNG seeded successfully 2011.05.10 12:12:43 LOG6[24551:1]: Could not load DH parameters from /etc/local/apache/ssl.crt/myhost.chain 2011.05.10 12:12:43 LOG7[24551:1]: ECDH initialized 2011.05.10 12:12:43 LOG7[24551:1]: Certificate: /etc/local/apache/ssl.crt/myhost.chain 2011.05.10 12:12:43 LOG7[24551:1]: Certificate loaded 2011.05.10 12:12:43 LOG7[24551:1]: Key file: /etc/local/apache/ssl.key/myhost.key 2011.05.10 12:12:43 LOG7[24551:1]: Private key loaded 2011.05.10 12:12:43 LOG7[24551:1]: SSL context initialized for service stunnel-server 2011.05.10 12:12:43 LOG5[24551:1]: Configuration successful 2011.05.10 12:12:43 LOG5[24551:1]: No limit detected for the number of clients 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=6 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=7 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=8 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=9 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=10 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: signal_pipe: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: signal_pipe: FD=11 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: accept socket: FD=12 allocated (non-blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: Option SO_REUSEADDR set on accept socket 2011.05.10 12:12:43 LOG7[24551:1]: Service stunnel-server bound to 0.0.0.0:480 2011.05.10 12:12:43 LOG7[24551:1]: Service stunnel-server opened FD=12 2011.05.10 12:12:43 LOG7[24551:1]: Created pid file /var/run/stunnel.pid 2011.05.10 12:12:43 LOG5[24551:1]: stunnel 4.36 on sparc-sun-solaris2.10 with OpenSSL 1.0.0d 8 Feb 2011 2011.05.10 12:12:43 LOG5[24551:1]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL, IPv6 2011.05.10 12:13:30 LOG7[24551:1]: local socket: FD=13 allocated (non-blocking mode) 2011.05.10 12:13:30 LOG7[24551:1]: Service stunnel-server accepted FD=13 from 192.168.1.23:48367 2011.05.10 12:13:30 LOG7[24551:2]: Service stunnel-server started 2011.05.10 12:13:30 LOG7[24551:2]: Waiting for a libwrap process 2011.05.10 12:13:30 LOG7[24551:2]: Acquired libwrap process #0 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG7[24551:2]: Releasing libwrap process #0 2011.05.10 12:13:30 LOG7[24551:2]: Released libwrap process #0 2011.05.10 12:13:30 LOG7[24551:2]: Service stunnel-server permitted by libwrap from 192.168.1.23:48367 2011.05.10 12:13:30 LOG5[24551:2]: Service stunnel-server accepted connection from 192.168.1.23:48367 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): before/accept initialization 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 read client hello A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write server hello A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write certificate A 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write key exchange A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write server done A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 flush data 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 read client key exchange A 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG6[24551:1]: Child process 24643 finished with code 0 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 read finished A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write change cipher spec A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write finished A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 flush data 2011.05.10 12:13:30 LOG7[24551:2]: 1 items in the session cache 2011.05.10 12:13:30 LOG7[24551:2]: 0 client connects (SSL_connect()) 2011.05.10 12:13:30 LOG7[24551:2]: 0 client connects that finished 2011.05.10 12:13:30 LOG7[24551:2]: 0 client renegotiations requested 2011.05.10 12:13:30 LOG7[24551:2]: 1 server connects (SSL_accept()) 2011.05.10 12:13:30 LOG7[24551:2]: 1 server connects that finished 2011.05.10 12:13:30 LOG7[24551:2]: 0 server renegotiations requested 2011.05.10 12:13:30 LOG7[24551:2]: 0 session cache hits 2011.05.10 12:13:30 LOG7[24551:2]: 0 external session cache hits 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:2]: 0 session cache misses 2011.05.10 12:13:30 LOG7[24551:2]: 0 session cache timeouts 2011.05.10 12:13:30 LOG6[24551:2]: SSL accepted: new session negotiated 2011.05.10 12:13:30 LOG6[24551:2]: Negotiated ciphers: ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 2011.05.10 12:13:30 LOG7[24551:2]: remote socket: FD=14 allocated (non-blocking mode) 2011.05.10 12:13:30 LOG6[24551:2]: connect_blocking: connecting 127.0.0.1:80 2011.05.10 12:13:30 LOG5[24551:2]: connect_blocking: connected 127.0.0.1:80 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG5[24551:2]: Service stunnel-server connected remote server from 127.0.0.1:48368 2011.05.10 12:13:30 LOG7[24551:2]: Remote FD=14 initialized 2011.05.10 12:13:30 LOG7[24551:2]: SSL alert (read): warning: close notify 2011.05.10 12:13:30 LOG7[24551:2]: SSL closed on SSL_read 2011.05.10 12:13:30 LOG7[24551:2]: Sending socket write shutdown 2011.05.10 12:13:30 LOG7[24551:2]: Socket closed on read 2011.05.10 12:13:30 LOG7[24551:2]: Sending SSL write shutdown 2011.05.10 12:13:30 LOG7[24551:2]: SSL alert (write): warning: close notify 2011.05.10 12:13:30 LOG6[24551:2]: SSL_shutdown successfully sent close_notify 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG5[24551:2]: Connection closed: 340 bytes sent to SSL, 169 bytes sent to socket 2011.05.10 12:13:30 LOG7[24551:2]: Service stunnel-server finished (0 left) 2011.05.10 12:13:30 LOG7[24551:2]: str_stats: 0 blocks, 0 bytes 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe ================

Suggestions welcome.

rlr