Hello having a problem with stunnel sigsegv'ing on a machine answers to list questions below:
1. https to/from IPs bound on same machine the contents of my config file:
cert = /usr/local/etc/poundcert.pem foreground = yes [poundssl] connect = xx.xx.xx.xx:80 accept = xx.xx.xx.xx:443
foreground option because I was debugging, does it with or without this option.
2. 4.10 3. standalone, /usr/local/sbin/stunnel /usr/local/etc/stunnel.cfg 4. -D and -f aren't flags in version I am using apparently. assume -D 7 is debug level debug (7)
I'll add the log from a single session, all I am doing is connecting from a mozilla client and it instantly segfaults:
# /usr/local/sbin/stunnel /usr/local/etc/stunnel.cfg 2005.06.15 10:02:21 LOG5[1245:1]: stunnel 4.10 on i686-pc-linux-gnu UCONTEXT+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7g 11 Apr 2005 2005.06.15 10:02:21 LOG7[1245:1]: Snagged 64 random bytes from /root/.rnd 2005.06.15 10:02:21 LOG7[1245:1]: Wrote 1024 new random bytes to /root/.rnd 2005.06.15 10:02:21 LOG7[1245:1]: RAND_status claims sufficient entropy for the PRNG 2005.06.15 10:02:21 LOG6[1245:1]: PRNG seeded successfully 2005.06.15 10:02:21 LOG7[1245:1]: Certificate: /usr/local/etc/poundcert.pem 2005.06.15 10:02:21 LOG7[1245:1]: Key file: /usr/local/etc/poundcert.pem 2005.06.15 10:02:21 LOG6[1245:1]: file ulimit = 1024 (can be changed with 'ulimit -n') 2005.06.15 10:02:21 LOG6[1245:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.06.15 10:02:21 LOG5[1245:1]: 500 clients allowed 2005.06.15 10:02:21 LOG7[1245:1]: FD 3 in non-blocking mode 2005.06.15 10:02:21 LOG7[1245:1]: FD 4 in non-blocking mode 2005.06.15 10:02:21 LOG7[1245:1]: FD 5 in non-blocking mode 2005.06.15 10:02:21 LOG7[1245:1]: SO_REUSEADDR option set on accept socket 2005.06.15 10:02:21 LOG7[1245:1]: poundssl bound to xx.xx.xx.xx:443 2005.06.15 10:02:21 LOG7[1245:1]: Created pid file /usr/local/var/run/stunnel.pid 2005.06.15 10:02:21 LOG7[1245:0]: Waiting -1 second(s) for 2 file descriptor(s) 2005.06.15 10:02:39 LOG7[1245:0]: CONTEXT 1, FD=3, (IN)->() 2005.06.15 10:02:39 LOG7[1245:0]: CONTEXT 1, FD=5, (IN)->(IN) 2005.06.15 10:02:39 LOG7[1245:1]: poundssl accepted FD=6 from xx.xx.xx.xx:3939 2005.06.15 10:02:39 LOG7[1245:1]: Creating a new context 2005.06.15 10:02:39 LOG7[1245:1]: Context 2 created Segmentation fault
5. /usr/local/sbin/stunnel -version stunnel 4.10 on i686-pc-linux-gnu UCONTEXT+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7g 11 Apr 2005
Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none
Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds
6. uname -a Linux hsc14 2.4.27 #1 SMP Fri Feb 11 09:13:33 EST 2005 i686 i686 i386 GNU/Linux
7. # /lib/libc.so.6 GNU C Library stable release version 2.3.2, by Roland McGrath et al. Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 3.2.2 20030222 (Red Hat Linux 3.2.2-5). Compiled on a Linux 2.4.20 system on 2003-02-27. Available extensions: GNU libio by Per Bothner crypt add-on version 2.1 by Michael Glad and others linuxthreads-0.10 by Xavier Leroy BIND-8.2.3-T5B libthread_db work sponsored by Alpha Processor Inc NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk Thread-local storage support included.
8.]# gcc -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.2.2/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --host=i386-redhat-linux Thread model: posix gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
9. ok maybe this is a problem?
# ]# openssl version OpenSSL 0.9.7a Feb 19 2003 but: [root@hsc14 etc]# grep "OpenSSL 0.9.7a" /usr/local/sbin/stunnel [root@hsc14 etc]# grep "OpenSSL 0.9.7g" /usr/local/sbin/stunnel Binary file /usr/local/sbin/stunnel matches
which -a openssl only shows one binary and it's that old one.
additionally here is the output of gdb:
[root@hsc14 etc]# gdb /usr/local/sbin/stunnel GNU gdb Red Hat Linux (5.3post-0.20021129.18rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (gdb) set arg /usr/local/etc/stunnel.cfg (gdb) run Starting program: /usr/local/sbin/stunnel /usr/local/etc/stunnel.cfg [New Thread 16384 (LWP 20866)] 2005.06.15 09:44:11 LOG5[20866:1]: stunnel 4.10 on i686-pc-linux-gnu UCONTEXT+PO LL+IPv4+LIBWRAP with OpenSSL 0.9.7g 11 Apr 2005 2005.06.15 09:44:11 LOG5[20866:1]: 500 clients allowed
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 20866)] 0x40026f0c in __pthread_internal_tsd_get () from /lib/libpthread.so.0 (gdb) bt #0 0x40026f0c in __pthread_internal_tsd_get () from /lib/libpthread.so.0 #1 0x40105edd in malloc () from /lib/libc.so.6 #2 0x400f59e3 in __fopen_internal () from /lib/libc.so.6 #3 0x400f5aae in fopen@@GLIBC_2.1 () from /lib/libc.so.6 #4 0x4008c28b in hosts_access () from /usr/lib/libwrap.so.0 #5 0x4008c207 in hosts_access () from /usr/lib/libwrap.so.0 #6 0x0804b9d9 in auth_libwrap (c=0x4009225c) at client.c:706 #7 0x0804a535 in init_local (c=0x811d638) at client.c:196 #8 0x0804a3b1 in do_client (c=0x811d638) at client.c:143 #9 0x0804a338 in client (arg=0x811d638) at client.c:120 #10 0x400d84b4 in __makecontext () from /lib/libc.so.6
any help is much appreciated. let me know if you need any more information.
Thank you, brian