There are several minor problems using the Sun Studion 12 compiler (on Solaris 10 SPARC)...
- in str.c, use of STR causes errors because /usr/include/sys/stropts.h contains: #define STR ('S'<<8) The this just requires replacing "STR" with something safer, such as "XSTR".
- things fail horribly because SIZEOF_UNSIGNED_CHAR and friends get defined to 0. AFAICT, this happens because configure erroneously decides that cc suports -pendantic (which it appears to, but which causes linking to fail with the symbol "mcount" undefined). The following patch works around this:
Index: configure --- configure.orig 2011-05-03 08:14:28.000000000 +1000 +++ configure 2011-05-04 13:51:53.785750000 +1000 @@ -4210,7 +4210,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ /* end confdefs.h. */ int main() {return 0;} _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else
- the compiler also gives warnings for the '\r' characters in version.h
Hope this helps, rlr
Ross Richardson wrote:
- in str.c, use of STR causes errors because /usr/include/sys/
stropts.h contains: #define STR ('S'<<8) The this just requires replacing "STR" with something safer, such as "XSTR".
Thank you. I'll publish the changes with stunnel 4.37.
- things fail horribly because SIZEOF_UNSIGNED_CHAR and friends get
defined to 0. AFAICT, this happens because configure erroneously decides that cc suports -pendantic (which it appears to, but which causes linking to fail with the symbol "mcount" undefined). The following patch works around this:
configure script is automatically generated from configure.ac. I have updated this file to test allowed compiler options with AC_LINK_IFELSE instead of AC_COMPILE_IFELSE. I'll publish the changes with stunnel 4.37.
Mike
Unforutnately, although I've got stunnel 4.36 built OK using Sun Studio, it's not running correctly.
As a test, I'm using stunnel to provide an SSL wrapper for (Apache) httpd. The first client connection (using curl or "openssl s_client") works without problem, but subsequent connections just sit there with no log output (and "truss -f" showing it just sitting at 25346: read(5, 0xFFBFFB44, 4) (sleeping...) ). The stunnel configuration file works perfectly with stunnel-4.34.
Running "netstat -an | fgrep 480" (where 480 is stunnel's listening port) shows: - before the first client connection *.480 *.* 0 0 49152 0 LISTEN - after the first [successful] client connection *.480 *.* 0 0 49152 0 LISTEN - after the second client connection attempt [unsuccessful] *.480 *.* 0 0 49152 0 LISTEN 192.168.1.23.48371 192.168.1.23.480 49152 0 49152 0 ESTABLISHED 192.168.1.23.480 192.168.1.23.48371 49152 0 49152 0 ESTABLISHED
The config file: ================ ; global
chroot = /var/stunnel/server/chroot setuid = stunnel0 setgid = stunnel0 ; testing debug = debug foreground = yes
[stunnel-server] libwrap = yes client = no accept = 480 connect = 80 key = /etc/local/apache/ssl.key/myhost.key cert = /etc/local/apache/ssl.crt/myhost.chain ciphers = HIGH sslVersion = TLSv1 ================
The log: ================ 2011.05.10 12:12:42 LOG5[24551:1]: Reading configuration from file /etc/local/stunnel/stunnel.conf.server 2011.05.10 12:12:42 LOG7[24551:1]: Snagged 64 random bytes from //.rnd 2011.05.10 12:12:42 LOG7[24551:1]: Wrote 1024 new random bytes to //.rnd 2011.05.10 12:12:42 LOG7[24551:1]: PRNG seeded successfully 2011.05.10 12:12:43 LOG6[24551:1]: Could not load DH parameters from /etc/local/apache/ssl.crt/myhost.chain 2011.05.10 12:12:43 LOG7[24551:1]: ECDH initialized 2011.05.10 12:12:43 LOG7[24551:1]: Certificate: /etc/local/apache/ssl.crt/myhost.chain 2011.05.10 12:12:43 LOG7[24551:1]: Certificate loaded 2011.05.10 12:12:43 LOG7[24551:1]: Key file: /etc/local/apache/ssl.key/myhost.key 2011.05.10 12:12:43 LOG7[24551:1]: Private key loaded 2011.05.10 12:12:43 LOG7[24551:1]: SSL context initialized for service stunnel-server 2011.05.10 12:12:43 LOG5[24551:1]: Configuration successful 2011.05.10 12:12:43 LOG5[24551:1]: No limit detected for the number of clients 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=6 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=7 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=8 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=9 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=10 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: libwrap_init: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: signal_pipe: FD=5 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: signal_pipe: FD=11 allocated (blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: accept socket: FD=12 allocated (non-blocking mode) 2011.05.10 12:12:43 LOG7[24551:1]: Option SO_REUSEADDR set on accept socket 2011.05.10 12:12:43 LOG7[24551:1]: Service stunnel-server bound to 0.0.0.0:480 2011.05.10 12:12:43 LOG7[24551:1]: Service stunnel-server opened FD=12 2011.05.10 12:12:43 LOG7[24551:1]: Created pid file /var/run/stunnel.pid 2011.05.10 12:12:43 LOG5[24551:1]: stunnel 4.36 on sparc-sun-solaris2.10 with OpenSSL 1.0.0d 8 Feb 2011 2011.05.10 12:12:43 LOG5[24551:1]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL, IPv6 2011.05.10 12:13:30 LOG7[24551:1]: local socket: FD=13 allocated (non-blocking mode) 2011.05.10 12:13:30 LOG7[24551:1]: Service stunnel-server accepted FD=13 from 192.168.1.23:48367 2011.05.10 12:13:30 LOG7[24551:2]: Service stunnel-server started 2011.05.10 12:13:30 LOG7[24551:2]: Waiting for a libwrap process 2011.05.10 12:13:30 LOG7[24551:2]: Acquired libwrap process #0 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG7[24551:2]: Releasing libwrap process #0 2011.05.10 12:13:30 LOG7[24551:2]: Released libwrap process #0 2011.05.10 12:13:30 LOG7[24551:2]: Service stunnel-server permitted by libwrap from 192.168.1.23:48367 2011.05.10 12:13:30 LOG5[24551:2]: Service stunnel-server accepted connection from 192.168.1.23:48367 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): before/accept initialization 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 read client hello A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write server hello A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write certificate A 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write key exchange A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write server done A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 flush data 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 read client key exchange A 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG6[24551:1]: Child process 24643 finished with code 0 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 read finished A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write change cipher spec A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 write finished A 2011.05.10 12:13:30 LOG7[24551:2]: SSL state (accept): SSLv3 flush data 2011.05.10 12:13:30 LOG7[24551:2]: 1 items in the session cache 2011.05.10 12:13:30 LOG7[24551:2]: 0 client connects (SSL_connect()) 2011.05.10 12:13:30 LOG7[24551:2]: 0 client connects that finished 2011.05.10 12:13:30 LOG7[24551:2]: 0 client renegotiations requested 2011.05.10 12:13:30 LOG7[24551:2]: 1 server connects (SSL_accept()) 2011.05.10 12:13:30 LOG7[24551:2]: 1 server connects that finished 2011.05.10 12:13:30 LOG7[24551:2]: 0 server renegotiations requested 2011.05.10 12:13:30 LOG7[24551:2]: 0 session cache hits 2011.05.10 12:13:30 LOG7[24551:2]: 0 external session cache hits 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:2]: 0 session cache misses 2011.05.10 12:13:30 LOG7[24551:2]: 0 session cache timeouts 2011.05.10 12:13:30 LOG6[24551:2]: SSL accepted: new session negotiated 2011.05.10 12:13:30 LOG6[24551:2]: Negotiated ciphers: ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 2011.05.10 12:13:30 LOG7[24551:2]: remote socket: FD=14 allocated (non-blocking mode) 2011.05.10 12:13:30 LOG6[24551:2]: connect_blocking: connecting 127.0.0.1:80 2011.05.10 12:13:30 LOG5[24551:2]: connect_blocking: connected 127.0.0.1:80 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG5[24551:2]: Service stunnel-server connected remote server from 127.0.0.1:48368 2011.05.10 12:13:30 LOG7[24551:2]: Remote FD=14 initialized 2011.05.10 12:13:30 LOG7[24551:2]: SSL alert (read): warning: close notify 2011.05.10 12:13:30 LOG7[24551:2]: SSL closed on SSL_read 2011.05.10 12:13:30 LOG7[24551:2]: Sending socket write shutdown 2011.05.10 12:13:30 LOG7[24551:2]: Socket closed on read 2011.05.10 12:13:30 LOG7[24551:2]: Sending SSL write shutdown 2011.05.10 12:13:30 LOG7[24551:2]: SSL alert (write): warning: close notify 2011.05.10 12:13:30 LOG6[24551:2]: SSL_shutdown successfully sent close_notify 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe 2011.05.10 12:13:30 LOG5[24551:2]: Connection closed: 340 bytes sent to SSL, 169 bytes sent to socket 2011.05.10 12:13:30 LOG7[24551:2]: Service stunnel-server finished (0 left) 2011.05.10 12:13:30 LOG7[24551:2]: str_stats: 0 blocks, 0 bytes 2011.05.10 12:13:30 LOG7[24551:1]: Signal pipe is empty 2011.05.10 12:13:30 LOG7[24551:1]: Dispatching signals from the signal pipe ================
Suggestions welcome.
rlr
Ross Richardson wrote:
As a test, I'm using stunnel to provide an SSL wrapper for (Apache)
httpd.
The first client connection (using curl or "openssl s_client") works without problem, but subsequent connections just sit there with no log output
1. Can you try to replace your src/str.c with: ftp://ftp.stunnel.org/stunnel/str.c
2. If it does not help please edit src/sthreads.c and remove any pthread_sigmask function calls (just delete the lines).
Let me know if any of these solutions solved your problem, so I can fix it for the future versions of stunnel.
Best regards, Mike
Mike,
On Tue, May 10, 2011 at 09:49:55 +0200, Michal Trojnara wrote:
Ross Richardson wrote:
As a test, I'm using stunnel to provide an SSL wrapper for (Apache)
httpd.
The first client connection (using curl or "openssl s_client") works without problem, but subsequent connections just sit there with no log output
- Can you try to replace your src/str.c with: ftp://ftp.stunnel.org/stunnel/str.c
This didn't seem to help. There are still no log entries following the successful completion of the first client request.
- If it does not help please edit src/sthreads.c and remove any
pthread_sigmask function calls (just delete the lines).
Unfortunately, this didn't make any (obvious) difference.
[...]
Thanks, rlr
-
Michal Trojnara -
Ross Richardson