Hi Lars,
I checked out your previous mails... And I don't know if it's related. I haven't dived into the code or done any extensive testing to try to figure out why Stunnel was failing when using "exec = ...". And I haven't had any problems when using it the way we do.
Could you try to run stunnel from a terminal instead?
I can (and did yesterday when I was helping Tom) ... but I'm not entirely sure what you'd like me to test :-)
-Claus
____________________________________________ Claus Lund Systems Developer
Vermont Department of Taxes Information Systems 133 State Street Montpelier, Vermont 05633-1401 (802) 828-3735
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of Lars Kruse Sent: Thursday, January 22, 2009 4:17 PM To: stunnel-users@mirt.net Subject: Re: [stunnel-users] Stunnel 4.26 - AIX 5.3
Hi Claus,
I'm not sure why the stunnel process dies for you.
maybe I am wrong, but I could imagine, that this issue is related to the behaviour that I described in my mail to this list (sent on the 10th of January).
I have several processes running using config files similar to what I included earlier. We generally create one config file per service. So if I was to run an TSSL service like you then I'd have a config file called /etc/stunnel/stunnel_tssl.conf ... and the service is started from /etc/inittab with a line like this:
stunnel_tssl:2:once:/usr/local/bin/stunnel /etc/stunnel/stunnel_tssl.conf
/dev/console
I haven't experienced any problems with the stunnel process not staying alive... And the process I started early this morning on my test box is still alive:
clund@prod-db-2:/home/clund $ ps -ef|grep stunnel nobody 1233036 1 0 08:15:28 - 0:00 /usr/local/bin/stunnel /etc/stunnel/stunnel_tssl.conf
I guess, the initial /sbin/init is not connected to a terminal - thus the "tty" column is always empty in your setup. Could you try to run stunnel from a terminal instead?
Or am I completely off-track?
regards, Lars _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of stephan.w.schindehette@jpmchase.com Sent: Thursday, January 22, 2009 4:41 PM To: stunnel-users@mirt.net Subject: Re: [stunnel-users] Stunnel 4.26 - AIX 5.3
I'm running into the same issue on one of our AIX boxes (using stunnel 4.22). Everything looks fine when stunnel is started. The first connection comes along and everything works properly. But then stunnel dies after the connection is closed.
I'm working with ldaps instead of tssl. I tried to equate the "connect = localhost:23" solution in the previous e-mails to my situation, but wasn't having any success.
My config files currently includes:
[ldaps] accept = 127.0.0.1:636 connect = entldap.jpmchase.net:636 TIMEOUTclose = 0
Any suggestions?
-Stephan
------------------------------------------------------ Stephan Schindehette JPMorgan Chase Consumer Risk Modeling & Analytics (614) 213-6622 ________________________________
This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities.
--_000_0124A9436EBA7D4D84E25C4CCB0F9AAFECBE56C3FEENTMAILBOX02v_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <meta name=Generator content="Microsoft Word 12 (filtered medium)"> <!--[if !mso]> <style> v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman","serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman","serif";} span.EmailStyle18 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1" /> </o:shapelayout></xml><![endif]--> </head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'>Hi Stephan,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'>I have done some testing in the past with using stunnel to wrap LDAP traffic … and I seem to remember that it worked just fine (we never switched to using it though so I may just remember wrong).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'>Can you post your entire config file? And maybe also a log file with debug level logging?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'>-Claus<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"; color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] <b>On Behalf Of </b>stephan.w.schindehette@jpmchase.com<br> <b>Sent:</b> Thursday, January 22, 2009 4:41 PM<br> <b>To:</b> stunnel-users@mirt.net<br> <b>Subject:</b> Re: [stunnel-users] Stunnel 4.26 - AIX 5.3<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I'm running into the same issue on one of our AIX boxes (using stunnel 4.22). Everything looks fine when stunnel is started. The first connection comes along and everything works properly. But then stunnel dies after the connection is closed.</span> <br> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I'm working with ldaps instead of tssl. I tried to equate the "connect = localhost:23" solution in the previous e-mails to my situation, but wasn't having any success.</span> <br> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>My config files currently includes:</span> <br> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>[ldaps]</span> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>accept = 127.0.0.1:636</span> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>connect = entldap.jpmchase.net:636</span> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>TIMEOUTclose = 0</span> <br> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Any suggestions?</span> <br> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>-Stephan</span> <br> <br> <span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>------------------------------------------------------<br> Stephan Schindehette<br> JPMorgan Chase<br> Consumer Risk Modeling & Analytics<br> (614) 213-6622</span><o:p></o:p></p>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=1 width="100%" align=center>
</div>
<p>This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to UK legal entities. <o:p></o:p></p>
</div>
</body>
</html>
--_000_0124A9436EBA7D4D84E25C4CCB0F9AAFECBE56C3FEENTMAILBOX02v_--