Charles,
Check to see if you are being bitten by the "Eudora" problem -- add the following line to the top of your stunnel.conf file, and see if it magically starts working:
options = DONT_INSERT_EMPTY_FRAGMENTS
You can also see a related set of mails from myself, describing the problem we had.
Regards,
David Hansen
-----Original Message----- From: stunnel-users-admin@mirt.net [mailto:stunnel-users-admin@mirt.net]On Behalf Of Charles A. Monteiro Sent: Dienstag, 17. August 2004 18:31 To: stunnel-users@mirt.net Subject: [stunnel-users] Newbie: Keep getting connection closed
We are using a proprietary protocol over tcp/ip which works fine and has for a number of years. I have tested it without stunnel and it checks fine as well. I keep getting the connection closed when I run through stunnel. I don't understand if something bad has actually happened i.e. from the error warnings. Is an "alert" a bad thing i.e. does it indicate that something is broken? Does stunnel normally close the connection after every message exchange? I have included the logs for both the stunnel client and server as well as the respective conf files.
thanks in advance,
-Charles
---------------------------------------
client log:
2004.08.17 11:13:27 LOG7[1824:1544]: 55555 accepted FD=536 from 127.0.0.1:1085 2004.08.17 11:13:27 LOG7[1824:1544]: FD 536 in non-blocking mode 2004.08.17 11:13:27 LOG7[1824:1544]: Creating a new thread 2004.08.17 11:13:27 LOG7[1824:1544]: New thread created 2004.08.17 11:13:27 LOG7[1824:1040]: 55555 started 2004.08.17 11:13:27 LOG5[1824:1040]: 55555 connected from 127.0.0.1:1085 2004.08.17 11:13:27 LOG7[1824:1040]: FD 564 in non-blocking mode 2004.08.17 11:13:27 LOG7[1824:1040]: 55555 connecting 192.168.20.76:55555 2004.08.17 11:13:27 LOG7[1824:1040]: remote connect #1: EWOULDBLOCK: retrying 2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=write 2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok 2004.08.17 11:13:27 LOG7[1824:1040]: Remote FD=564 initialized 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): before/connect initialization 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write client hello A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read server hello A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read server certificate A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read server done A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write client key exchange A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write change cipher spec A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write finished A 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 flush data 2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=read 2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok 2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read finished A 2004.08.17 11:13:27 LOG7[1824:1040]: 6 items in the session cache 2004.08.17 11:13:27 LOG7[1824:1040]: 7 client connects (SSL_connect()) 2004.08.17 11:13:27 LOG7[1824:1040]: 7 client connects that finished 2004.08.17 11:13:27 LOG7[1824:1040]: 0 client renegotiatations requested 2004.08.17 11:13:27 LOG7[1824:1040]: 0 server connects (SSL_accept()) 2004.08.17 11:13:27 LOG7[1824:1040]: 0 server connects that finished 2004.08.17 11:13:27 LOG7[1824:1040]: 0 server renegotiatiations requested 2004.08.17 11:13:27 LOG7[1824:1040]: 1 session cache hits 2004.08.17 11:13:27 LOG7[1824:1040]: 0 session cache misses 2004.08.17 11:13:27 LOG7[1824:1040]: 0 session cache timeouts 2004.08.17 11:13:27 LOG6[1824:1040]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2004.08.17 11:13:27 LOG7[1824:1040]: Socket closed on read 2004.08.17 11:13:27 LOG7[1824:1040]: SSL write shutdown (output buffer empty) 2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (write): warning: close notify 2004.08.17 11:13:27 LOG7[1824:1040]: SSL_shutdown retrying 2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (read): warning: close notify 2004.08.17 11:13:27 LOG7[1824:1040]: SSL closed on SSL_read 2004.08.17 11:13:27 LOG7[1824:1040]: Socket write shutdown (output buffer empty) 2004.08.17 11:13:27 LOG5[1824:1040]: Connection closed: 110 bytes sent to SSL, 13 bytes sent to socket 2004.08.17 11:13:27 LOG7[1824:1040]: 55555 finished (0 left)
------------------------------------------------------------- server log:
2004.08.17 11:03:12 LOG7[28177:3073021920]: 55555 accepted FD=7 from 192.168.20.77:1086 2004.08.17 11:03:12 LOG7[28177:3073021920]: FD 7 in non-blocking mode 2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 started 2004.08.17 11:03:12 LOG5[28177:3062528944]: 55555 connected from 192.168.20.77:1086 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): before/accept initialization 2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read 2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read client hello A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 write server hello A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 write certificate A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 write server done A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 flush data 2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read 2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read client key exchange A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read finished A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 write change cipher spec A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 write finished A 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 flush data 2004.08.17 11:03:12 LOG7[28177:3062528944]: 2 items in the session cache 2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 client connects (SSL_connect()) 2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 client connects that finished 2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 client renegotiatations requested 2004.08.17 11:03:12 LOG7[28177:3062528944]: 18 server connects (SSL_accept()) 2004.08.17 11:03:12 LOG7[28177:3062528944]: 10 server connects that finished 2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 server renegotiatiations requested 2004.08.17 11:03:12 LOG7[28177:3062528944]: 2 session cache hits 2004.08.17 11:03:12 LOG7[28177:3062528944]: 0 session cache misses 2004.08.17 11:03:12 LOG7[28177:3062528944]: 6 session cache timeouts 2004.08.17 11:03:12 LOG6[28177:3062528944]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2004.08.17 11:03:12 LOG7[28177:3062528944]: FD 8 in non-blocking mode 2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 connecting 192.168.20.76:4242 2004.08.17 11:03:12 LOG7[28177:3062528944]: remote connect #1: EINPROGRESS: retrying 2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=8, DIR=write 2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok 2004.08.17 11:03:12 LOG7[28177:3062528944]: Remote FD=8 initialized 2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket closed on read 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (write): warning: close notify 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL write shutdown (output buffer empty) 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (read): warning: close notify 2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL closed on SSL_read 2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket write shutdown (output buffer empty) 2004.08.17 11:03:12 LOG5[28177:3062528944]: Connection closed: 13 bytes sent to SSL, 110 bytes sent to socket 2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 finished (0 left)
-------------------------------------------------------------------------------------------------------------------
My client stunnel.conf:
cert=stunnel.pem client=yes debug=7 [55555] accept=localhost:55555 connect=192.168.20.76:55555 - eof -
My server stunnel.conf:
cert=stunnel.pem debug=7 output=stunnel.err [55555] accept=192.168.20.76:55555 connect=192.168.20.76:4242 - eof -