create_client failed - stunnel-users

29 Sep 2006


      I am running Debian 3.1 (stable) with stunnel 3.26 (Debian package) 
to wrap my qmail pop3 daemon.  Stunnel works properly for a good amount 
of time, but at a point (I am unable to find any specific influencing 
factors) it begins to fail with the error, "Connection reject: 
create_client failed" (see below for more info).  To fix the error I 
have to kill and restart stunnel. I have adjusted the timeouts for both 
stunnel and the pop3 daemon, but nothing appears to have a lasting 
affect.  When stunnel errors out the pop3 daemon is still available and 
can be connected to, so it does not appear to be an issue related to 
stunnel not being able to talk to the pop3 daemon.
   Below I have some of the debugging and system information regarding 
the system and problem.  I would be more than appreciative if anyone had 
some input.
Thank you.
# Error
stunnel[2500]: pop3 accepted FD=9 ###.###.###.###
stunnel[2500]: Connection rejected: create_client failed
# strace -p
select(7, [4 6], NULL, NULL, NULL)      = 1 (in [6])
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
accept(6, {sa_family=AF_INET, sin_port=htons(63759), 
sin_addr=inet_addr("###.###.###.###")}, [16]) = 9
fcntl64(6, F_SETFL, O_RDWR)             = 0
fcntl64(9, F_SETFD, FD_CLOEXEC)         = 0
rt_sigprocmask(SIG_BLOCK, [HUP INT QUIT TERM CHLD], [], 8) = 0
mmap2(NULL, 8388608, PROT_READ|PROT_WRITE|PROT_EXEC, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
close(9)                                = 0
time([1159535901])                      = 1159535901
getpid()                                = 21864
rt_sigaction(SIGPIPE, {0x40253a70, [], 0}, {SIG_IGN}, 8) = 0
send(3, "<27>Sep 29 09:18:21 stunnel[2186"..., 77, 0) = 77
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
close(9)                                = -1 EBADF (Bad file descriptor)
# uname -a
2.6.8-3-686-smp #1 SMP Thu Sep 7 04:39:15 UTC 2006 i686 GNU/Linux
# libc version
GNU C Library stable release version 2.3.2
# Command Running
/usr/sbin/stunnel -d pop3s -r pop3 -p /etc/ssl/certs/pop3d.pem -R 
/dev/urandom -s nobody -g root
# stunnel -V
stunnel 3.26 on i386-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7e 25 
Oct 2004
Default behaviour:
         run in inetd mode (unless -d used)
         run in background (unless -f used)
         run in ssl server mode (unless -c used)
Compile time defaults:
         -v level        no verify
         -a directory    /etc/ssl/certs
         -A file         (none)
         -S sources      3
         -t timeout      300 seconds
         -B bytes        64
         -D level        5
         -P pid dir      /var/run/stunnel/
         -p pemfile      in server mode: /etc/ssl/certs/stunnel.pem
                         in client mode: none
Socket option defaults:
         Option          Accept    Local     Remote    OS default
         SO_DEBUG            --        --        --             0
         SO_DONTROUTE        --        --        --             0
         SO_KEEPALIVE        --        --        --             0
         SO_LINGER           --        --        --    0:0
         SO_OOBINLINE        --        --        --             0
         SO_RCVBUF           --        --        --         87380
         SO_SNDBUF           --        --        --         16384
         SO_RCVLOWAT         --        --        --             1
         SO_SNDLOWAT         --        --        --             1
         SO_RCVTIMEO         --        --        --         0:0
         SO_SNDTIMEO         --        --        --         0:0
         SO_REUSEADDR             1    --        --             0
         SO_BINDTODEVICE     --        --        --        --
         IP_TOS              --        --        --             0
         IP_TTL              --        --        --            64
         TCP_NODELAY         --        --        --             0