Having strange issue with newer kernels? 6.8. - stunnel-users

18 Apr 2024


      Having issues with stunnel not working with this settings that 
have work with previous kernels?
[guamsmtp]
client=yes
accept = 127.0.0.1:20466
connect = smtp1.guam.net:465
connect = smtp1.guam.net:465
debug = 7
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = mail.guam.net
OCSPaia = yes
But now changing to 
[guamsmtp]
client=yes
accept = 127.0.0.1:20466
connect = smtp1.guam.net:465
connect = smtp1.guam.net:465
debug = 7
Seems to work.
systemctl status stunnel.
stunnel.service - TLS tunnel for network daemons
     Loaded: loaded (/usr/lib/systemd/system/stunnel.service; 
enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Thu 2024-04-18 14:48:15 ChST; 
5s ago
    Process: 15349 ExecStart=/usr/bin/stunnel (code=exited, 
status=0/SUCCESS)
   Main PID: 15352 (stunnel)
      Tasks: 3 (limit: 18938)
     Memory: 3.6M
        CPU: 1.618s
     CGroup: /system.slice/stunnel.service
             └─15352 /usr/bin/stunnel
Apr 18 14:48:14 setzconote.dyndns.org systemd[1]: Starting 
stunnel.service - TLS tunnel for network daemons...
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
stunnel 5.72 on x86_64-redhat-linux-gnu platform
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
Compiled/running with OpenSSL 3.1.1 30 May 2023
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD 
TLS:ENGINE,>
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
Reading configuration from file /etc/stunnel/stunnel.co>
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
UTF-8 byte order mark not detected
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
FIPS mode disabled
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]: 
Configuration successful
Apr 18 14:48:15 setzconote.dyndns.org systemd[1]: Started 
stunnel.service - TLS tunnel for network daemons.
Using the longer one gives this after attempting to sent smtp.
stunnel.service - TLS tunnel for network daemons
     Loaded: loaded (/usr/lib/systemd/system/stunnel.service; 
enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Thu 2024-04-18 14:57:22 ChST; 
1min 15s ago
    Process: 15616 ExecStart=/usr/bin/stunnel (code=exited, 
status=0/SUCCESS)
   Main PID: 15619 (stunnel)
      Tasks: 3 (limit: 18938)
     Memory: 4.0M
        CPU: 1.639s
     CGroup: /system.slice/stunnel.service
             └─15619 /usr/bin/stunnel
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG4[3]: 
CERT: Pre-verification error: unable to get local issuer>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG4[3]: 
Rejected by CERT at depth=0: CN=*.guam.net
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]: 
TLS alert (write): fatal: unknown CA
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: 
LOG3[3]: SSL_connect: ssl/statem/statem_clnt.c:1889: 
error:0A0000>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG5[3]: 
Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]: 
Deallocating application specific data for session conne>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]: 
Remote descriptor (FD=16) closed
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]: 
local_rfd/local_wfd reset (FD=3)
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]: 
Local descriptor (FD=3) closed
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]: 
Service [guamsmtp] finished (0 left)
lines 1-23/23 (END)
Was using the Fedora stunnel the is 5.71, but downloaded the 
latest 5.72, but seem to get same results.
Had some issues with nvidia drives that work fine with 6.7.11 
kernels, but fail with the 6.8.x drivers, so not sure if it is linked to 
that?
+------------------------------------------------------------+
 Michael D. Setzer II - Computer Science Instructor (Retired)     
 mailto:mikes@guam.net                            
 mailto:msetzerii@gmail.com
 mailto:msetzerii@gmx.com
 Guam - Where America's Day Begins                        
 G4L Disk Imaging Project maintainer 
 http://sourceforge.net/projects/g4l/
+------------------------------------------------------------+