I’m trying to do a proof of concept using Stunnel on AIX 6.1. 

 

Without stunnel I’d have:

 

Telnet session -> listening service

 

With stunnel, I want:

 

telnet session -> stunnel client –[secure connection]--> Stunnel server  -->listening service.

 

The stunnel client seems to be working fine, but the stunnel server abends as soon as it receives a secure connection.

 

 

 

 

 

 

 

Client:

 

Accepts non-secure on port 33342.  Forwards to secure socket 33343

 

stunnel stunnel.conf.2

2017.02.21 09:31:35 LOG5[ui]: stunnel 5.40 on powerpc-ibm-aix6.1.0.0 platform

2017.02.21 09:31:35 LOG5[ui]: Compiled/running with OpenSSL 1.0.2j  26 Sep 2016

2017.02.21 09:31:35 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

2017.02.21 09:31:35 LOG5[ui]: Reading configuration from file /bmo/stunnel/bin/stunnel.conf.2

2017.02.21 09:31:35 LOG5[ui]: UTF-8 byte order mark detected

2017.02.21 09:31:35 LOG5[ui]: FIPS mode disabled

2017.02.21 09:31:35 LOG6[ui]: Initializing service [hif]

2017.02.21 09:31:35 LOG6[ui]: Loading certificate from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:35 LOG6[ui]: Certificate loaded from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:35 LOG6[ui]: Loading private key from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:35 LOG4[ui]: Insecure file permissions on /bmo/stunnel/stunnel.pem

2017.02.21 09:31:35 LOG6[ui]: Private key loaded from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:35 LOG4[ui]: Service [hif] needs authentication to prevent MITM attacks

2017.02.21 09:31:35 LOG5[ui]: Configuration successful

2017.02.21 09:31:38 LOG5[0]: Service [hif] accepted connection from 127.0.0.1:34749

2017.02.21 09:31:38 LOG6[0]: s_connect: connecting 127.0.0.1:33343

2017.02.21 09:31:38 LOG6[0]: s_connect: connected 127.0.0.1:33343

2017.02.21 09:31:38 LOG5[0]: Service [hif] connected remote server from 127.0.0.1:34750

2017.02.21 09:31:38 LOG6[0]: SNI: sending servername: localhost

2017.02.21 09:31:38 LOG6[0]: Peer certificate not required

2017.02.21 09:31:38 LOG3[0]: SSL_connect: Peer suddenly disconnected

2017.02.21 09:31:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

 

 

Server

 

Accepts SSL connections on port 33343, connects to a non-secure service.

 

stunnel stunnel.conf.1

2017.02.21 09:31:25 LOG5[ui]: stunnel 5.40 on powerpc-ibm-aix6.1.0.0 platform

2017.02.21 09:31:25 LOG5[ui]: Compiled/running with OpenSSL 1.0.2j  26 Sep 2016

2017.02.21 09:31:25 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

2017.02.21 09:31:25 LOG5[ui]: Reading configuration from file /bmo/stunnel/bin/stunnel.conf.1

2017.02.21 09:31:25 LOG5[ui]: UTF-8 byte order mark detected

2017.02.21 09:31:25 LOG5[ui]: FIPS mode disabled

2017.02.21 09:31:25 LOG6[ui]: Initializing service [hif]

2017.02.21 09:31:25 LOG6[ui]: Loading certificate from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:25 LOG6[ui]: Certificate loaded from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:25 LOG6[ui]: Loading private key from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:25 LOG4[ui]: Insecure file permissions on /bmo/stunnel/stunnel.pem

2017.02.21 09:31:25 LOG6[ui]: Private key loaded from file: /bmo/stunnel/stunnel.pem

2017.02.21 09:31:25 LOG5[ui]: Configuration successful

2017.02.21 09:31:38 LOG5[0]: Service [hif] accepted connection from 127.0.0.1:34750

2017.02.21 09:31:38 LOG6[0]: Peer certificate not required

INTERNAL ERROR: Bad magic at OpenSSL, line 0

 

(this is an abend – core file gets created).

 

 

 

log file exactly matches the standard output.

 

Any idea what’s going wrong here?

 

 

 

 

 

 

 

dbx of the core file:

tbs@netcbccadvwvr01 /bmo/hif/stunnel-5.40/src>dbx /bmo/stunnel/bin/stunnel core

Type 'help' for help.

[using memory image in core]

reading symbolic information ...

 

IOT/Abort trap in abort at 0xd01af1f8 ($t3)

0xd01af1f8 (abort+0xf8) 80410014         lwz   r2,0x14(r1)

 

(dbx) where

abort() at 0xd01af1f8

fatal_debug(txt = "Bad magic", file = "OpenSSL", line = 0), line 359 in "log.c"

get_alloc_list_ptr(ptr = 0x2007e1c8, file = "OpenSSL", line = 0), line 399 in "str.c"

str_detach_debug(ptr = 0x2007e1c8, file = "OpenSSL", line = 0), line 348 in "str.c"

str_free_debug(ptr = 0x2007e1c8, file = "OpenSSL", line = 0), line 383 in "str.c"

free_function(ptr = 0x2007e1c8), line 191 in "tls.c"

mem.CRYPTO_free() at 0xd97dd8d8

bn_lib.bn_expand2@AF37_5() at 0xd97e8da4

bn_mont.BN_mod_mul_montgomery() at 0xd981e150

ecp_mont.ec_GFp_mont_field_mul() at 0xd9837a18

ecp_smpl.ec_GFp_simple_point_get_affine_coordinates() at 0xd9839890

ec_lib.EC_POINT_get_affine_coordinates_GFp() at 0xd9a81dfc

ecp_oct.ec_GFp_simple_point2oct() at 0xd9acc0d4

ec_oct.EC_POINT_point2oct() at 0xd9acb754

ssl3_send_server_key_exchange() at 0xd99e7c28

ssl3_accept() at 0xd99e9950

SSL_accept() at 0xd99c0b98

ssl23_get_client_hello() at 0xd9a003f4

ssl23_accept() at 0xd9a00c5c

SSL_accept() at 0xd99c0b98

ssl_start(c = 0x20084cb8), line 431 in "client.c"

client_try(c = 0x20084cb8), line 273 in "client.c"

client_run(c = 0x20084cb8), line 181 in "client.c"

client_main(c = 0x20084cb8), line 140 in "client.c"

client_thread(arg = 0x20084cb8), line 99 in "client.c"

 

(dbx) thread

thread  state-k     wchan    state-u    k-tid   mode held scope function

$t1     run                  running  26279997     u   no   sys  __fd_poll

$t2     run                  running  45088879     u   no   sys  _p_nsleep

>$t3     run                  running  19070997     k   no   sys  abort

 

(dbx) list free_function

  186

  187   #if OPENSSL_VERSION_NUMBER<0x10100000L

  188   NOEXPORT void free_function(void *ptr) {

  189       /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */

  190       /* unfortunately, OpenSSL provides no file:line information here */

  191       str_free_debug(ptr, "OpenSSL", 0);

  192   }

  193   #endif

  194

  195   /* end of tls.c */

 

Should I be concerned that it looks like it is executing "free_function" from within an if statement "if OPENSSL_VERSION_NUMBER<0x1010000L but my openssl version is

2017.02.21 09:31:35 LOG5[ui]: Compiled/running with OpenSSL 1.0.2j  26 Sep 2016

 

Troubleshooting so far:

 

-          I had the same problem with earlier versions of openssl.

-          I’ve tried this with 5.37 as well (based on Brian McGinity’s post from a few days ago), but get the same error.

 

Jacob