Hi All,
We have found the problem. PRNGD config was missing. It was not too easy to analyze because the message was not really relevant in this case and "PRNG seed" was reported successful in the log.
Regards, DoJo
On Mon, 03 Oct 2005 13:57:53 +0200, DoJo dojo@mailbox.hu wrote:
Hi There,
We have run into "SSL_GET_NEW_SESSION:ssl session id callback failed" error. Can anyone describe what it means? I didn't find any information about it. We'd like to use stunnel to secure Oracle SQL*Net communication. HP-UX server communicates with Win32 clients. We use stunnel standalone not from inetd. Any help would be appreciated.
Thanks DoJo
Here is a cut from the log file (level 7):
2005.09.29 11:49:53 LOG5[10388:1]: stunnel 4.09 on hppa2.0w-hp-hpux11.11 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004 2005.09.29 11:49:53 LOG7[10388:1]: Snagged 0 random bytes from EGD Socket /var/run/egd-pool 2005.09.29 11:49:53 LOG6[10388:1]: PRNG seeded successfully 2005.09.29 11:49:53 LOG7[10388:1]: Certificate: /opt/iexpress/stunnel/etc/stunnel/..._cert.cer 2005.09.29 11:49:53 LOG7[10388:1]: Key file: /opt/iexpress/stunnel/etc/stunnel/..._privkey.pem 2005.09.29 11:49:53 LOG6[10388:1]: file ulimit = 60 (can be changed with 'ulimit -n') 2005.09.29 11:49:53 LOG6[10388:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.09.29 11:49:53 LOG5[10388:1]: 27 clients allowed 2005.09.29 11:49:53 LOG7[10388:1]: FD 4 in non-blocking mode 2005.09.29 11:49:53 LOG7[10388:1]: FD 5 in non-blocking mode 2005.09.29 11:49:53 LOG7[10388:1]: FD 6 in non-blocking mode 2005.09.29 11:49:53 LOG7[10388:1]: SO_REUSEADDR option set on accept socket 2005.09.29 11:49:53 LOG7[10388:1]: myapp bound to 0.0.0.0:2000 2005.09.29 11:49:53 LOG7[10389:1]: Created pid file /stunnel.pid 2005.09.30 12:01:47 LOG7[10389:1]: myapp accepted FD=1 from 10.3.125.165:3570 2005.09.30 12:01:47 LOG7[10389:1]: FD 1 in non-blocking mode 2005.09.30 12:01:47 LOG7[10389:2]: myapp started 2005.09.30 12:01:47 LOG5[10389:2]: myapp connected from 10.3.125.165:3570 2005.09.30 12:01:47 LOG7[10389:2]: SSL state (accept): before/accept initialization 2005.09.30 12:01:47 LOG3[10389:2]: SSL_accept: 140B544E: error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed 2005.09.30 12:01:47 LOG7[10389:2]: myapp finished (0 left)
Our config file:
cert = /opt/iexpress/stunnel/etc/stunnel/..._cert.cer # contains the server's signed (by a CA) cert. key = /opt/iexpress/stunnel/etc/stunnel/..._privkey.pem # contains the server's private key service = myapp-ssl chroot = /var/run/stunnel
pid = /stunnel.pid setuid = oracle setgid = oracle
debug = 7 output = stunnel.log
client = no
[myapp] accept=2000 connect=1521
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users