[stunnel-users] Handshake failure

25 Apr 2007


      Hello,
I am trying to set up a stunnel between two machines running LynxOS, 
which is a POSIX derivative.
I've compiled OpenSSL 0.9.8e, and stunnel 4.20:
stunnel 4.20 on i386-unknown-lynxos with OpenSSL 0.9.8e 23 Feb 2007
Threading:FORK SSL:ENGINE Sockets:POLL,IPv4
[...]
I use the following config files:
////// server side
        debug=7
        foreground=yes
        pid=
CAfile=valid_certs
        key=privkey.pem
        cert=cert.pem
        verify=1
[SSLTunnel]
        accept=1235
        connect=1234
////// end server side
////// client side
        debug=7
        foreground=yes
        pid=
CAfile=valid_certs
        key=privkey.pem
        cert=cert.pem
        verify=1
client=yes
[SSLTunnel]
        accept=4234
        connect=173.16.1.10:1235
////// end client side
(It's run from different directories so the PEM files are different)
After running both stunnels, I connect to the client side and see a 
beginning
of handshake; however, it then breaks down: from afar, it looks like the 
client
doesn't take the server certificate:
///// server trace
2007.04.25 15:33:22 LOG7[58:0]: Snagged 64 random bytes from 
/home/st07815/.rnd
2007.04.25 15:33:22 LOG7[58:0]: Wrote 1024 new random bytes to 
/home/st07815/.rnd
2007.04.25 15:33:22 LOG7[58:0]: RAND_status claims sufficient entropy 
for the PRNG
2007.04.25 15:33:22 LOG7[58:0]: PRNG seeded successfully
2007.04.25 15:33:22 LOG7[58:0]: Certificate: cert.pem
2007.04.25 15:33:22 LOG7[58:0]: Certificate loaded
2007.04.25 15:33:22 LOG7[58:0]: Key file: privkey.pem
2007.04.25 15:33:22 LOG7[58:0]: Private key loaded
2007.04.25 15:33:22 LOG7[58:0]: Loaded verify certificates from valid_certs
2007.04.25 15:33:22 LOG7[58:0]: Loaded valid_certs revocation lookup file
2007.04.25 15:33:22 LOG7[58:0]: SSL context initialized for service 
SSLTunnel
2007.04.25 15:33:22 LOG5[58:0]: stunnel 4.20 on i386-unknown-lynxos with 
OpenSSL 0.9.8e 23 Feb 2007
2007.04.25 15:33:22 LOG5[58:0]: Threading:FORK SSL:ENGINE Sockets:POLL,IPv4
2007.04.25 15:33:22 LOG6[58:0]: file ulimit = 64 (can be changed with 
'ulimit -n')
2007.04.25 15:33:22 LOG6[58:0]: poll() used - no FD_SETSIZE limit for 
file descriptors
2007.04.25 15:33:22 LOG5[58:0]: 29 clients allowed
2007.04.25 15:33:22 LOG7[58:0]: FD 3 in non-blocking mode
2007.04.25 15:33:22 LOG7[58:0]: FD 4 in non-blocking mode
2007.04.25 15:33:22 LOG7[58:0]: FD 5 in non-blocking mode
2007.04.25 15:33:22 LOG7[58:0]: SO_REUSEADDR option set on accept socket
2007.04.25 15:33:22 LOG7[58:0]: SSLTunnel bound to 0.0.0.0:1235
2007.04.25 15:33:22 LOG7[58:0]: No pid file being created
(end of init, waiting for connection)
2007.04.25 15:34:17 LOG7[58:0]: SSLTunnel accepted FD=6 from 173.16.1.7:1092
2007.04.25 15:34:17 LOG7[68:0]: SSLTunnel started
2007.04.25 15:34:17 LOG7[68:0]: FD 6 in non-blocking mode
2007.04.25 15:34:17 LOG5[68:0]: SSLTunnel accepted connection from 
173.16.1.7:1092
2007.04.25 15:34:17 LOG7[68:0]: SSL state (accept): before/accept 
initialization
2007.04.25 15:34:17 LOG7[68:0]: SSL state (accept): SSLv3 read client 
hello A
2007.04.25 15:34:17 LOG7[68:0]: SSL state (accept): SSLv3 write server 
hello A
2007.04.25 15:34:17 LOG7[68:0]: SSL state (accept): SSLv3 write 
certificate A
2007.04.25 15:34:17 LOG7[68:0]: SSL state (accept): SSLv3 write 
certificate request A
2007.04.25 15:34:17 LOG7[68:0]: SSL state (accept): SSLv3 flush data
2007.04.25 15:34:19 LOG3[68:0]: SSL_accept: Peer suddenly disconnected
2007.04.25 15:34:19 LOG5[68:0]: Connection reset: 0 bytes sent to SSL, 0 
bytes sent to socket
2007.04.25 15:34:19 LOG7[58:0]: Cleaning up the signal pipe
2007.04.25 15:34:19 LOG7[58:0]: Process 68 finished with code 0 (0 left)
///// end server trace
///// client trace
2007.04.25 15:33:59 LOG7[12:0]: Snagged 64 random bytes from 
/home/st07815/.rnd
2007.04.25 15:33:59 LOG7[12:0]: Wrote 1024 new random bytes to 
/home/st07815/.rnd
2007.04.25 15:33:59 LOG7[12:0]: RAND_status claims sufficient entropy 
for the PRNG
2007.04.25 15:33:59 LOG7[12:0]: PRNG seeded successfully
2007.04.25 15:33:59 LOG7[12:0]: Certificate: cert.pem
2007.04.25 15:33:59 LOG7[12:0]: Certificate loaded
2007.04.25 15:33:59 LOG7[12:0]: Key file: privkey.pem
2007.04.25 15:33:59 LOG7[12:0]: Private key loaded
2007.04.25 15:33:59 LOG7[12:0]: Loaded verify certificates from valid_certs
2007.04.25 15:33:59 LOG7[12:0]: Loaded valid_certs revocation lookup file
2007.04.25 15:33:59 LOG7[12:0]: SSL context initialized for service 
SSLTunnel
2007.04.25 15:33:59 LOG5[12:0]: stunnel 4.20 on i386-unknown-lynxos with 
OpenSSL 0.9.8e 23 Feb 2007
2007.04.25 15:33:59 LOG5[12:0]: Threading:FORK SSL:ENGINE Sockets:POLL,IPv4
2007.04.25 15:33:59 LOG6[12:0]: file ulimit = 64 (can be changed with 
'ulimit -n')
2007.04.25 15:33:59 LOG6[12:0]: poll() used - no FD_SETSIZE limit for 
file descriptors
2007.04.25 15:33:59 LOG5[12:0]: 29 clients allowed
2007.04.25 15:33:59 LOG7[12:0]: FD 3 in non-blocking mode
2007.04.25 15:33:59 LOG7[12:0]: FD 4 in non-blocking mode
2007.04.25 15:33:59 LOG7[12:0]: FD 5 in non-blocking mode
2007.04.25 15:33:59 LOG7[12:0]: SO_REUSEADDR option set on accept socket
2007.04.25 15:33:59 LOG7[12:0]: SSLTunnel bound to 0.0.0.0:4234
2007.04.25 15:33:59 LOG7[12:0]: No pid file being created
 (end of init, waiting for connection)
2007.04.25 15:34:27 LOG7[12:0]: SSLTunnel accepted FD=6 from 
152.14.101.54:64752
2007.04.25 15:34:27 LOG7[27:0]: SSLTunnel started
2007.04.25 15:34:27 LOG7[27:0]: FD 6 in non-blocking mode
2007.04.25 15:34:27 LOG5[27:0]: SSLTunnel accepted connection from 
152.14.101.54:64752
2007.04.25 15:34:27 LOG7[27:0]: FD 5 in non-blocking mode
2007.04.25 15:34:27 LOG7[27:0]: SSLTunnel connecting 173.16.1.10:1235
2007.04.25 15:34:27 LOG7[27:0]: connect_wait: waiting 10 seconds
2007.04.25 15:34:27 LOG7[27:0]: connect_wait: connected
2007.04.25 15:34:27 LOG5[27:0]: SSLTunnel connected remote server from 
173.16.1.7:1092
2007.04.25 15:34:27 LOG7[27:0]: Remote FD=5 initialized
2007.04.25 15:34:27 LOG7[27:0]: SSL state (connect): before/connect 
initialization
2007.04.25 15:34:27 LOG7[27:0]: SSL state (connect): SSLv3 write client 
hello A
2007.04.25 15:34:27 LOG7[27:0]: SSL state (connect): SSLv3 read server 
hello A
2007.04.25 15:34:28 LOG7[12:0]: Cleaning up the signal pipe
2007.04.25 15:34:28 LOG7[12:0]: Process 27 terminated on signal 11 (0 left)
///// end client trace
Now the strange thing is that this very same setup works on Solaris, so 
I have
something wrong with the port of either OpenSSL or stunnel on LynxOS.
If someone could give me a hint as to where to start poking, I'd greatly
appreciate it.
TIA,
Y.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[stunnel-users] Handshake failure