Hi Phan Anh,

Can you please execute "stunnel -version" on that system (the command "stunnel" with the "-version" parameter")?

Yes, updating both stunnel *and* OpenSSL to their latest stable versions (5.69 and 3.1.1 respectively) is a good idea.

What exactly is this "mbient-linux"?  Which version of libc and OpenSSL does it use?  Are there any public documentation for that project?  I've seen similar errors caused by 3rd party modifications of OpenSSL or recently by a bug in musl that is used instead of glibc on Alpine Linux.

Best regards,
    Mike

On 7/6/23 16:54, phananh.nguyen@dxc.com wrote:
Hi Mike,
thanks for the quick reply. It's not easy to reproduce the crash on the production system and also it's not possible to run valgrind on the production system as well. However I have tried to collect some more information as following:

stunnel-version:
LOG5[ui]: stunnel 5.57 on aarch64-mbient-linux-gnu platform

stunnel.conf
[proxy-r]
; local endpoint
accept = 16666
; remote endpoint
connect = some-server-name:443
verifyChain = yes
checkHost = some-server-name
sslVersion = TLSv1.3

system log around the crash point:

593805 2023/06/16 01:36:59.284173 133.4751 105 LNX SYS JOUR 927 log debug verbose 5 2023/06/16 01:36:58.878789 133.074348 stunnel[4346]: Debug: LOG7[ui]: Service [proxy-r] accepted (FD=16) from 127.0.0.1:38392
593807 2023/06/16 01:36:59.284181 133.4751 107 LNX SYS JOUR 927 log warn verbose 5 2023/06/16 01:36:58.881544 133.075156 kernel: Warning: CPU: 6 PID: 17279 Comm: stunnel Tainted: P        W  O      5.4.134-qgki #1
593830 2023/06/16 01:36:59.284839 133.4753 130 LNX SYS JOUR 927 log debug verbose 5 2023/06/16 01:36:59.005061 133.200639 systemd[1]: Debug: Received SIGCHLD from PID 4346 (stunnel).
593831 2023/06/16 01:36:59.284948 133.4753 131 LNX SYS JOUR 927 log debug verbose 5 2023/06/16 01:36:59.005130 133.200828 systemd[1]: Debug: Child 4346 (stunnel) died (code=killed, status=6/ABRT)

the logs for the working case should look like this:
2023.04.25 11:03:48 LOG7[ui]: Service [proxy-r] accepted (FD=16) from 127.0.0.1:56650
2023.04.25 11:03:48 LOG7[4]: Service [proxy-r] started

I have seen some refactoring regarding stunnel logging for the versions after 5.57, do you think it makes sense to upgrade the stunnel to the later version in the hope to resolve the crash?
Many thanks.
BR,
Phan Anh
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-leave@stunnel.org