This bug has been corrected in
Version 4.38, 2011.06.28, urgency: MEDIUM:
- New features - Server-side SNI implemented (RFC 3546 section 3.1) with a new service-level option "nsi". - "socket" option also accepts "yes" and "no" for flags. - Nagle's algorithm is now disabled by default for improved interactivity. - Bugfixes - A compilation fix was added for OpenSSL version < 1.0.0. - Signal pipe set to non-blocking mode. This bug caused hangs of stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected.
however it don't precise from which version it affects stunnel... so my try with 11.04 is a bit risky, even if 4.29 is quite far from 4.38.
Maybe upgrading to 12.04 could solve the issue, but I don't like to upgrade right away (I had some bad surpise ;))
so compiling from source seems to be the safest option.
Thomas.
On Sat, Apr 7, 2012 at 07:58, Thomas Manson dev.mansonthomas@gmail.comwrote:
i've just checked my setup right now and the funny thing is that I think it stopped working exactly at the same second of the same hour & minute of the day :
root@ns0:/var/log/stunnel4# ll total 940 drwxr-xr-x 2 stunnel4 stunnel4 4096 2012-04-07 06:25 . drwxr-xr-x 14 root root 4096 2012-04-07 06:25 .. -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 926267 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 mansonthomas.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 5804 2012-04-07 06:25 mansonthomas.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 stunnel.log -rw-r----- 1 stunnel4 stunnel4 11710 2012-04-07 06:25 stunnel.log.1 root@ns0:/var/log/stunnel4# ll total 940 drwxr-xr-x 2 stunnel4 stunnel4 4096 2012-04-07 06:25 . drwxr-xr-x 14 root root 4096 2012-04-07 06:25 .. -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 926267 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 mansonthomas.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 5804 2012-04-07 06:25 mansonthomas.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 stunnel.log -rw-r----- 1 stunnel4 stunnel4 11710 2012-04-07 06:25 stunnel.log.1 root@ns0:/var/log/stunnel4# tail stunnel.log.1 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Option TCP_NODELAY set on remote socket 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Socket closed on read 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending SSL write shutdown 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL alert (write): warning: close notify 2012.04.06 22:21:19 LOG6[4745:139677248579328]: SSL_shutdown successfully sent close_notify 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL socket closed on SSL_read 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending socket write shutdown 2012.04.06 22:21:19 LOG5[4745:139677248579328]: Connection closed: 206 bytes sent to SSL, 139 bytes sent to socket 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Service https-123monsite.com finished (0 left) 2012.04.07 06:25:04 LOG7[4745:139677248583456]: Dispatching signals from the signal pipe root@ns0:/var/log/stunnel4#
compared to my first post... :
- 2012.04.04 06:25:04 LOG7[24778:139641780213536]: Dispatching signals
from the signal pipe
and at the same time (2012.04.04 06:25:04) all logs file stops :
- root@ns0:/var/log/stunnel4# ll
- total 128
- drwxr-xr-x 2 stunnel4 stunnel4 4096 2012-04-04 12:10 .
- drwxr-xr-x 14 root root 4096 2012-04-04 06:25 ..
- -rw-r----- 1 stunnel4 stunnel4 98084 2012-04-04 *06:25*
extranet.serviceplus-hse.com_stunnel.log
- -rw-r----- 1 stunnel4 stunnel4 4491 2012-04-04 06:25
mansonthomas.com_stunnel.log
- -rw-r----- 1 stunnel4 stunnel4 0 2012-04-04 06:25 stunnel.log
- -rw-r----- 1 stunnel4 stunnel4 11058 2012-04-04 06:25 stunnel.log.1
I could cron a restart at the appropriate time but I think I'll compile from sources.
Regards, Thomas.
On Sat, Apr 7, 2012 at 07:51, Thomas Manson dev.mansonthomas@gmail.comwrote:
Yes, it helps a lot !
I've another server running a different version of Ubuntu (11.04 where stunnel version is 4.29-1 instead of 11.10 and stunnel 4.35-2build1)
Do you think it can work on older version ?
I was thinking to try this because I've seen some message about the same symptoms after upgrade so...
but maybe the two version are too close and I will need to compile from sources...
what do you think about this?
Regards, Thomas.
On Sat, Apr 7, 2012 at 06:56, Scott Gifford sgifford@suspectclass.comwrote:
On Wed, Apr 4, 2012 at 6:16 AM, Thomas Manson < dev.mansonthomas@gmail.com> wrote:
Hi All,
I'm really struggling to make stunnel working for more than a few hours. (and the client is yelling hard...) (I solved some other issue : logging per website and making more than one stunnel works)
Hi Thomas,
I was just troubleshooting what looks like a very similar issue. I believe this is fixed in a later version of stunnel, which you can get from stunnel.org and compile yourself from source.
This is the ChangeLog entry that I think addresses your problem:
- Signal pipe set to non-blocking mode. This bug caused hangs of
stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected.
I have just updated from the official Oneiric version to this one, so I don't yet know if it will fix the problem long-term, but I think my odds are not too bad.
Hope this helps,
-----Scott.