Hi all,

I am trying to run Stunnel 4.05 on AIX 5.2 to secure our homegrown webserver. I have been searching archives all over the place, and have yet to find the answer, but have found many comments here and there that seem to indicate a problem with Stunnel on AIX. The problem, in a nutshell, is that I get an error on SSL_read in the stunnel log and it shuts down with a segmentation fault after the first connection, no matter what I do. Configuration info attached below. Any help anyone can give would be greatly appreciatted.

Thanks Baker

stunnel 4.05 on powerpc-ibm-aix5.2.0.0 FORK with OpenSSL 0.9.7d 17 Mar 2004

Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none

Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTidle = 43200 seconds

OpenSSL 0.9.7d 17 Mar 2004

conf-file:

cert = /usr/local/ssl/stunnel.pem #chroot = /usr/local/var/run/stunnel/ pid = /usr/local/etc/stunnel/stunnel.pid setuid = HTTPD setgid = rrms

#options = DONT_INSERT_EMPTY_FRAGMENTS

# Some debugging stuff debug = 7 output = stunnel.log

# Use it for client mode #client = yes foreground = yes

# Service-level configuration

[https] accept = 443 connect = 80 TIMEOUTclose = 0

stunnel - log (from running openssl s_client command to test setup):

2004.08.19 15:22:29 LOG5[16718:0]: stunnel 4.05 on powerpc-ibm-aix5.2.0.0 FORK w ith OpenSSL 0.9.7d 17 Mar 2004 2004.08.19 15:22:29 LOG4[16718:0]: Wrong permissions on /usr/local/ssl/stunnel.p em 2004.08.19 15:22:29 LOG7[16718:0]: Snagged 64 random bytes from //.rnd 2004.08.19 15:22:29 LOG7[16718:0]: Wrote 1024 new random bytes to //.rnd 2004.08.19 15:22:29 LOG7[16718:0]: RAND_status claims sufficient entropy for the PRNG 2004.08.19 15:22:29 LOG6[16718:0]: PRNG seeded successfully 2004.08.19 15:22:29 LOG7[16718:0]: Certificate: /usr/local/ssl/stunnel.pem 2004.08.19 15:22:29 LOG7[16718:0]: Key file: /usr/local/ssl/stunnel.pem 2004.08.19 15:22:29 LOG5[16718:0]: FD_SETSIZE=65534, file ulimit=65534 -> 31999 clients allowed 2004.08.19 15:22:29 LOG7[16718:0]: FD 4 in non-blocking mode 2004.08.19 15:22:29 LOG7[16718:0]: SO_REUSEADDR option set on accept socket 2004.08.19 15:22:29 LOG7[16718:0]: https bound to 0.0.0.0:443 2004.08.19 15:22:29 LOG7[16718:0]: FD 5 in non-blocking mode 2004.08.19 15:22:29 LOG7[16718:0]: FD 6 in non-blocking mode 2004.08.19 15:22:29 LOG7[16718:0]: Created pid file /usr/local/etc/stunnel/stunn el.pid 2004.08.19 15:22:30 LOG7[16718:0]: https accepted FD=7 from **ip**:33519 2004.08.19 15:22:30 LOG7[16718:0]: FD 7 in non-blocking mode 2004.08.19 15:22:30 LOG7[21344:0]: https started 2004.08.19 15:22:30 LOG5[21344:0]: https connected from **ip**:33519 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): before/accept initializat ion 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read client hello A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write server hello A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write certificate A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write server done A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 flush data 2004.08.19 15:22:30 LOG7[21344:0]: waitforsocket: FD=7, DIR=read 2004.08.19 15:22:30 LOG7[21344:0]: waitforsocket: ok 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read client key exc hange A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 read finished A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write change cipher spec A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 write finished A 2004.08.19 15:22:30 LOG7[21344:0]: SSL state (accept): SSLv3 flush data 2004.08.19 15:22:30 LOG7[21344:0]: 1 items in the session cache 2004.08.19 15:22:30 LOG7[21344:0]: 0 client connects (SSL_connect()) 2004.08.19 15:22:30 LOG7[21344:0]: 0 client connects that finished 2004.08.19 15:22:30 LOG7[21344:0]: 0 client renegotiatations requested 2004.08.19 15:22:30 LOG7[21344:0]: 1 server connects (SSL_accept()) 2004.08.19 15:22:30 LOG7[21344:0]: 1 server connects that finished 2004.08.19 15:22:30 LOG7[21344:0]: 0 server renegotiatiations requested 2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache hits 2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache misses 2004.08.19 15:22:30 LOG7[21344:0]: 0 session cache timeouts 2004.08.19 15:22:30 LOG6[21344:0]: Negotiated ciphers: AES256-SHA S SLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2004.08.19 15:22:30 LOG7[21344:0]: FD 4 in non-blocking mode 2004.08.19 15:22:30 LOG7[21344:0]: https connecting 127.0.0.1:80 2004.08.19 15:22:30 LOG7[21344:0]: Remote FD=4 initialized 2004.08.19 15:22:32 LOG7[21344:0]: Socket closed on read 2004.08.19 15:22:32 LOG7[21344:0]: SSL write shutdown (output buffer empty) 2004.08.19 15:22:32 LOG7[21344:0]: SSL alert (write): warning: close notify 2004.08.19 15:22:32 LOG7[21344:0]: SSL_shutdown retrying 2004.08.19 15:22:32 LOG7[21344:0]: select timeout waiting for SSL close_notify 2004.08.19 15:22:32 LOG5[21344:0]: Connection closed: 311 bytes sent to SSL, 9 b ytes sent to socket 2004.08.19 15:22:32 LOG7[21344:0]: removing pid file /usr/local/etc/stunnel/stun nel.pid