Hello,
I would like to report two bugs. I recently upgraded to stunnel 5.50 on FreeBSD 12.0 and noticed that the stunnel server service now crashes periodically. When checking the logs after a crash, I see the following error:
INTERNAL ERROR: Dead canary at /usr/src/crypto/openssl/ssl/statem/extensions_sr
The stunnel server service only ever talks to a stunnel client service, also running version 5.50 on FreeBSD 12.0. The server configuration is as follows. Anything
in {} brackets has been redacted. I have seen this issue on multiple servers configured the same way.
<config>
client = no
setuid = stunnel
setgid = stunnel
pid = {/path/to/file}
output = {/path/to/file}
debug = 4
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[server]
accept = {ip}:{port}
connect = {ip}:{port}
ciphers = PSK
PSKsecrets = {/path/to/file}
</config>
Additionally, I have noticed another error in the logs. Although it appears far more frequently than the error above, it does not seem to cause the server service
to crash.
INTERNAL ERROR: Double free attempt: ptr=0x802119050 alloc=/usr/src/crypto/openssl/crypto/stack/stack.c:198
free#1=/usr/src/crypto/openssl/crypto/stack/stack.c:376 free#2=/usr/src/crypto/openssl/ssl/ssl_sess.c:814
Please
let me know if additional information is needed to fix these bugs.
Thank
you.