Hello,
I've upgraded to stunnel 4.10 yesterday and since this time I can't managed to get stunnel working with xinetd. I try to access a CVS server with ssl encryption. If stunnel is started as stand-alone, it works as before, but when it's started by xinetd all I get is:
cvs [update aborted]: reading from server: Connection reset by peer
I've attached the connection logs with 4.09 and 4.10 as well as my configuration file (which used to work for more than a year). My xinetd is version 2.3.13 (and I haven't changed it for several months).
Please, let me know if I'm overlooking at something or if I can try anything to debug more in depth...
Thanks in advance, Eric
PS: actually the CVS is accesible from outside, so you might want to try yourself!
# Sample stunnel configuration file # Copyright by Michal Trojnara 2002
setuid = root setgid = root
# Authentication stuff verify = 2 CAfile = /etc/ssl/stunnel/lifl-cvs.pem
# Use it for client mode client = yes #debug = 7 #output = /home/eric/busy/stunnel.log connect = cvs.lifl.fr:2405
On 2005-04-26, at 13:07, Eric Piel wrote:
Please, let me know if I'm overlooking at something or if I can try anything to debug more in depth...
Great error report. It's a pleasure to receive such reports. Thank you.
Here is the patch that corrects your problem: ftp://stunnel.mirt.net/stunnel/inetd.patch
Best regards, Mike
Michal Trojnara a écrit :
On 2005-04-26, at 13:07, Eric Piel wrote:
Please, let me know if I'm overlooking at something or if I can try anything to debug more in depth...
Great error report. It's a pleasure to receive such reports. Thank you.
Thanks :-)
Here is the patch that corrects your problem: ftp://stunnel.mirt.net/stunnel/inetd.patch
I've applied it and it seems to work... more but still bugged :-(
On my CVS client after a while I get this error: cvs update: authorization failed: server localhost rejected access to /west for user piel
Then, just after the connection seems closed, stunnel goes inside an infinite loop. strace shows me something like this: : read(0, "", 16) = 0 poll([{fd=0, events=POLLIN, revents=POLLIN}, {fd=4, events=POLLIN, revents=POLLIN}], 2, 43200000) = 2 :
I've attached the log too. (There is a strange "I HATE YOU" ?!)
Hoping that it helps to fix the bug, Eric
PS: It keeps working perfectly when run in standalone
On 2005-04-26, at 23:27, Eric Piel wrote:
I've applied it and it seems to work... more but still bugged :-(
I'll investigate the problem tomorrow.
I've attached the log too. (There is a strange "I HATE YOU" ?!)
$ grep -r 'I HATE YOU' /usr 2> /dev/null Binary file /usr/bin/cvs matches
poll([{fd=0, events=POLLIN, revents=POLLIN}, {fd=4, events=POLLIN}], 2, 43200000) = 1 read(0, "", 16) = 0
I think I got the the bug.
BTW: Why not to use stunnel in deamon mode instead of inetd mode? Memory usage? It's not very high.
Best regards, Mike
We use the IP to control access. Any plan to do it?
Regards Billy Ng
"Billy Ng" mobile@btx-eznet.com wrote:
We use the IP to control access. Any plan to do it?
AFAIK Winsock does not support transparent proxy. I know no clean way to write a transparent proxy for Win32. 8-(
Best regards, Mike
-
Billy Ng -
Eric Piel -
Michal Trojnara -
Michal Trojnara