My message before was too big. Here it is, with the first part of the log cut out.
stunnel 4.05 on powerpc-ibm-aix5.2.0.0 FORK with OpenSSL 0.9.7d 17 Mar 2004
Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none
Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTidle = 43200 seconds
OpenSSL 0.9.7d 17 Mar 2004
conf-file: cert = /usr/local/ssl/stunnel.pem #chroot = /usr/local/var/run/stunnel/ pid = /usr/local/etc/stunnel/stunnel.pid setuid = HTTPD setgid = rrms debug = 7 output = stunnel.log
foreground = yes
# Service-level configuration
[https] accept = 443 connect = 80 TIMEOUTclose = 0
stunnel - log (from running openssl s_client command to test setup):
2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read client hello A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write server hello A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write certificate A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write server done A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 flush data 2004.08.19 15:22:30 LOG7[21344:0]: waitforsocket: FD=7, DIR=read 2004.08.19 15:22:30 LOG7[21344:0]: waitforsocket: ok 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read client key exc hange A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read finished A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write change cipher spec A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write finished A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 flush data 2004.08.19 15:22:30 LOG7[21344:0]: 1 items in the session cache 2004.08.19 15:22:30 LOG7[21344:0]: 0 client connects (SSL_connect()) 2004.08.19 15:22:30 LOG7[21344:0]: 0 client connects that finished 2004.08.19 15:22:30 LOG7[21344:0]: 0 client renegotiatations requested 2004.08.19 15:22:30 LOG7[21344:0]: 1 server connects (SSL_accept()) 2004.08.19 15:22:30 LOG7[21344:0]: 1 server connects that finished 2004.08.19 15:22:30 LOG7[21344:0]: 0 server renegotiatiations requested 2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache hits 2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache misses 2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache timeouts 2004.08.19 15:22:30 LOG6[21344:0]: Negotiated ciphers: AES256-SHA S SLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2004.08.19 15:22:30 LOG7[21344:0]: FD 4 in non-blocking mode 2004.08.19 15:22:30 LOG7[21344:0]: https connecting 127.0.0.1:80 2004.08.19 15:22:30 LOG7[21344:0]: Remote FD=4 initialized 2004.08.19 15:22:32 LOG7[21344:0]: Socket closed on read 2004.08.19 15:22:32 LOG7[21344:0]: SSL write shutdown (output buffer empty) 2004.08.19 15:22:32 LOG7[21344:0]: SSL alert (write): warning: close notify 2004.08.19 15:22:32 LOG7[21344:0]: SSL_shutdown retrying 2004.08.19 15:22:32 LOG7[21344:0]: select timeout waiting for SSL close_notify 2004.08.19 15:22:32 LOG5[21344:0]: Connection closed: 311 bytes sent to SSL, 9 b ytes sent to socket 2004.08.19 15:22:32 LOG7[21344:0]: removing pid file /usr/local/etc/stunnel/stun nel.pid
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net]On Behalf Of Michal Trojnara Sent: Monday, August 23, 2004 11:04 AM To: STUNNEL-USERS@MIRT.NET Subject: Re: [stunnel-users] Problem running Stunnel 4.05 on AIX 5.2
Baker Nelson wrote:
I am trying to run Stunnel 4.05 on AIX 5.2 to secure our homegrown webserver. I have been searching archives all over the place, and have yet to find the answer, but have found many comments here and there that seem
to
indicate a problem with Stunnel on AIX. The problem, in a nutshell, is
that
I get an error on SSL_read in the stunnel log and it shuts down with a segmentation fault after the first connection, no matter what I do. Configuration info attached below. Any help anyone can give would be
greatly
appreciatted.
Could you
_______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users