Hello all

About half a year ago, we started using stunnel on Solaris to secure NFS. The latest available pkg was 5.59 at that time. After a couple of months, stunnel started to core dump on several systems. We updated to the then latest version 5.63. It took again some time until core dumps occurred with 5.63 (still same stack traces). I am aware, that in the meantime 5.64 is out. We are in the process of updating it but it will take some time.

Could you please have a look at the below mdb output and tell me if you need any further information to find the root cause?

# mdb core.stunnel.339.60001 Loading modules: [ libc.so.1 ld.so.1 ]

::status

debugging core file of stunnel (32-bit) from xxxxxxx file: /opt/csw/bin/stunnel initial argv: /opt/csw/bin/stunnel /etc/opt/csw/stunnel/stunnel.conf start threading model: multi-threaded status: process terminated by SIGSEGV (Segmentation Fault)

$c

libssl.so.1.0.0`freelist_extract+0x57(0, 2000000, 14, 42e4db16, 9bd6f8a0, eaf57a5d)

$q

In the other dumps, libssl was involved as well.

This is the stunnel config:

setuid = nobody setgid = nogroup

debug = info output = /var/adm/stunnel syslog = no

options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1

sslVersion=TLSv1.2

renegotiation=no

options = SINGLE_ECDH_USE options = SINGLE_DH_USE

ciphers = aes192-ctr:aes256-ctr socket = a:TCP_NODELAY=1 socket = a:SO_KEEPALIVE=1

TIMEOUTidle = 300

pid = /tmp/stunnel.pid

;include = /etc/opt/csw/stunnel/conf.d

[tls-nfs-srv] accept = 31039 connect = localhost:2049 ciphers = PSK PSKsecrets = /etc/opt/csw/stunnel/psk-s.keys libwrap = yes

[tls-nfs-client-1] client = yes accept = localhost:31701 connect = yyyyyy:31039 ciphers = PSK PSKsecrets = /etc/opt/csw/stunnel/psk-c.key libwrap = yes

; vim:ft=dosini

Kind regards Sasha

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.