At some point in the near past stunnel stopped working on my laptop. The laptop is running Linux Mint 17.1 Rebecca x64 and stunnel from the repositories. I enabled debug=7, but I am not getting much from the log:
2015.05.08 17:12:06 LOG7[10804:140318864611136]: Clients allowed=500 2015.05.08 17:12:06 LOG5[10804:140318864611136]: stunnel 4.53 on x86_64-pc-linux-gnu platform 2015.05.08 17:12:06 LOG5[10804:140318864611136]: Compiled with OpenSSL 1.0.1e 11 Feb 2013 2015.05.08 17:12:06 LOG5[10804:140318864611136]: Running with OpenSSL 1.0.1f 6 Jan 2014 2015.05.08 17:12:06 LOG5[10804:140318864611136]: Update OpenSSL shared libraries or rebuild stunnel 2015.05.08 17:12:06 LOG5[10804:140318864611136]: Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6 2015.05.08 17:12:06 LOG5[10804:140318864611136]: Reading configuration from file /etc/stunnel/stunnel.conf 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Compression not enabled 2015.05.08 17:12:06 LOG7[10804:140318864611136]: PRNG seeded successfully 2015.05.08 17:12:06 LOG6[10804:140318864611136]: Initializing service section [telnets] 2015.05.08 17:12:06 LOG4[10804:140318864611136]: Insecure file permissions on /etc/ssl/certs/stunnel.pem 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Certificate: /etc/ssl/certs/stunnel.pem 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Certificate loaded 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Key file: /etc/ssl/certs/stunnel.pem 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Private key loaded 2015.05.08 17:12:06 LOG7[10804:140318864611136]: SSL options set: 0x00000004 2015.05.08 17:12:06 LOG6[10804:140318864611136]: Initializing service section [dsp3270s] 2015.05.08 17:12:06 LOG4[10804:140318864611136]: Insecure file permissions on /etc/ssl/certs/stunnel.pem 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Certificate: /etc/ssl/certs/stunnel.pem 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Certificate loaded 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Key file: /etc/ssl/certs/stunnel.pem 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Private key loaded 2015.05.08 17:12:06 LOG7[10804:140318864611136]: SSL options set: 0x00000004 2015.05.08 17:12:06 LOG5[10804:140318864611136]: Configuration successful 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Service [telnets] (FD=12) bound to 0.0.0.0:3141 2015.05.08 17:12:06 LOG7[10804:140318864611136]: Service [dsp3270s] (FD=13) bound to 0.0.0.0:7490 2015.05.08 17:12:06 LOG7[10810:140318864611136]: Created pid file /stunnel4.pid 2015.05.08 17:12:31 LOG7[10810:140318864611136]: Service [telnets] accepted (FD=3) from 127.0.0.1:40090 2015.05.08 17:12:31 LOG7[10810:140318864770816]: Service [telnets] started 2015.05.08 17:12:31 LOG7[10810:140318864770816]: Waiting for a libwrap process 2015.05.08 17:12:31 LOG7[10810:140318864770816]: Acquired libwrap process #0 2015.05.08 17:12:31 LOG3[10810:140318864770816]: Unexpected socket close (read_blocking) 2015.05.08 17:12:31 LOG5[10810:140318864770816]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2015.05.08 17:12:31 LOG7[10810:140318864770816]: Local socket (FD=3) closed 2015.05.08 17:12:31 LOG7[10810:140318864770816]: Service [telnets] finished (0 left) 2015.05.08 17:12:31 LOG7[10810:140318864770816]: str_stats: 1 block(s), 32 data byte(s), 58 control byte(s) 2015.05.08 17:13:32 LOG7[10810:140318864611136]: Service [dsp3270s] accepted (FD=3) from 127.0.0.1:48534 2015.05.08 17:13:32 LOG7[10810:140318864770816]: Service [dsp3270s] started 2015.05.08 17:13:32 LOG7[10810:140318864770816]: Waiting for a libwrap process 2015.05.08 17:13:32 LOG7[10810:140318864770816]: Acquired libwrap process #1 2015.05.08 17:13:32 LOG3[10810:140318864770816]: Unexpected socket close (read_blocking) 2015.05.08 17:13:32 LOG5[10810:140318864770816]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2015.05.08 17:13:32 LOG7[10810:140318864770816]: Local socket (FD=3) closed 2015.05.08 17:13:32 LOG7[10810:140318864770816]: Service [dsp3270s] finished (0 left) 2015.05.08 17:13:32 LOG7[10810:140318864770816]: str_stats: 1 block(s), 32 data byte(s), 58 control byte(s)
I don't even see the IP address for the outbound connection, so it seems as if it is hitting a problem even before it gets that far. Configuration is pretty simple:
; Sample stunnel configuration file by Michal Trojnara 2002-2009 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of the chroot jail)
; Certificate/key is needed in server mode and optional in client mode cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = TLSv1
; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1
socket = l:TCP_KEEPCNT=5 socket = r:TCP_KEEPCNT=5
socket = l:TCP_KEEPIDLE=10 socket = r:TCP_KEEPIDLE=10
socket = l:TCP_KEEPINTVL=2 socket = r:TCP_KEEPINTVL=2
;compression = zlib
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Use it for client mode client = yes
; Service-level configuration
[telnets] accept = 3141 ;connect = 192.168.80.11:992 ;connect = DurgeeEnterprises.publicvm.com:992 connect = 192.168.80.5:992
[dsp3270s] accept = 7490 ;connect = 192.168.80.11:246 ;connect = DurgeeEnterprises.publicvm.com:246 connect = 192.168.80.5:246
;[pop3s] ;accept = 995 ;connect = 110
;[imaps] ;accept = 993 ;connect = 143
;[ssmtp] ;accept = 465 ;connect = 25
;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0
; vim:ft=dosini
Any thoughts on how to track this down and get this working?
Dave