On Sat, Apr 7, 2012 at 8:00 PM, stunnel-users-request@stunnel.org wrote:
Send stunnel-users mailing list submissions to stunnel-users@stunnel.org
To subscribe or unsubscribe via the World Wide Web, visit http://stunnel.mirt.net/mailman/listinfo/stunnel-users or, via email, send a message with subject or body 'help' to stunnel-users-request@stunnel.org
You can reach the person managing the list at stunnel-users-owner@stunnel.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of stunnel-users digest..."
Today's Topics:
- Re: [Stunnel Guru needed] stunnel running, but no longer serve connection after a while ("Dispatching signals from the signal pipe" in logs ==> all stops) (Thomas Manson)
Message: 1 Date: Sat, 7 Apr 2012 08:24:46 +0200 From: Thomas Manson dev.mansonthomas@gmail.com To: Scott Gifford sgifford@suspectclass.com Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] [Stunnel Guru needed] stunnel running, but no longer serve connection after a while ("Dispatching signals from the signal pipe" in logs ==> all stops) Message-ID: <CA+PenvGYr+tTiKsavOgyaLOtoRxUo0nfxuRVDEzdvGDrFpefLg@mail.gmail.com
Content-Type: text/plain; charset="utf-8"
This bug has been corrected in
Version 4.38, 2011.06.28, urgency: MEDIUM:
- New features
service-level option "nsi".
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
interactivity.
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved
- Bugfixes
stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected.
- A compilation fix was added for OpenSSL version < 1.0.0.
- Signal pipe set to non-blocking mode. This bug caused hangs of
however it don't precise from which version it affects stunnel... so my try with 11.04 is a bit risky, even if 4.29 is quite far from 4.38.
Maybe upgrading to 12.04 could solve the issue, but I don't like to upgrade right away (I had some bad surpise ;))
so compiling from source seems to be the safest option.
Thomas.
On Sat, Apr 7, 2012 at 07:58, Thomas Manson <dev.mansonthomas@gmail.com
wrote:
i've just checked my setup right now and the funny thing is that I think it stopped working exactly at the same second of the same hour & minute
of
the day :
root@ns0:/var/log/stunnel4# ll total 940 drwxr-xr-x 2 stunnel4 stunnel4 4096 2012-04-07 06:25 . drwxr-xr-x 14 root root 4096 2012-04-07 06:25 .. -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 926267 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 mansonthomas.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 5804 2012-04-07 06:25 mansonthomas.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 stunnel.log -rw-r----- 1 stunnel4 stunnel4 11710 2012-04-07 06:25 stunnel.log.1 root@ns0:/var/log/stunnel4# ll total 940 drwxr-xr-x 2 stunnel4 stunnel4 4096 2012-04-07 06:25 . drwxr-xr-x 14 root root 4096 2012-04-07 06:25 .. -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 926267 2012-04-07 06:25 extranet.serviceplus-hse.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 mansonthomas.com_stunnel.log -rw-r----- 1 stunnel4 stunnel4 5804 2012-04-07 06:25 mansonthomas.com_stunnel.log.1 -rw-r----- 1 stunnel4 stunnel4 0 2012-04-07 06:25 stunnel.log -rw-r----- 1 stunnel4 stunnel4 11710 2012-04-07 06:25 stunnel.log.1 root@ns0:/var/log/stunnel4# tail stunnel.log.1 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Option TCP_NODELAY set
on
remote socket 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Socket closed on read 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending SSL write
shutdown
2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL alert (write): warning: close notify 2012.04.06 22:21:19 LOG6[4745:139677248579328]: SSL_shutdown
successfully
sent close_notify 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL socket closed on SSL_read 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending socket write shutdown 2012.04.06 22:21:19 LOG5[4745:139677248579328]: Connection closed: 206 bytes sent to SSL, 139 bytes sent to socket 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Service https-123monsite.com finished (0 left) 2012.04.07 06:25:04 LOG7[4745:139677248583456]: Dispatching signals from the signal pipe root@ns0:/var/log/stunnel4#
compared to my first post... :
- 2012.04.04 06:25:04 LOG7[24778:139641780213536]: Dispatching
signals
from the signal pipe
and at the same time (2012.04.04 06:25:04) all logs file stops :
- root@ns0:/var/log/stunnel4# ll
- total 128
- drwxr-xr-x 2 stunnel4 stunnel4 4096 2012-04-04 12:10 .
- drwxr-xr-x 14 root root 4096 2012-04-04 06:25 ..
- -rw-r----- 1 stunnel4 stunnel4 98084 2012-04-04 *06:25*
extranet.serviceplus-hse.com_stunnel.log
- -rw-r----- 1 stunnel4 stunnel4 4491 2012-04-04 06:25
mansonthomas.com_stunnel.log
- -rw-r----- 1 stunnel4 stunnel4 0 2012-04-04 06:25 stunnel.log
- -rw-r----- 1 stunnel4 stunnel4 11058 2012-04-04 06:25 stunnel.log.1
I could cron a restart at the appropriate time but I think I'll compile from sources.
Regards, Thomas.
On Sat, Apr 7, 2012 at 07:51, Thomas Manson <dev.mansonthomas@gmail.com wrote:
Yes, it helps a lot !
I've another server running a different version of Ubuntu (11.04 where stunnel version is 4.29-1 instead of 11.10 and stunnel 4.35-2build1)
Do you think it can work on older version ?
I was thinking to try this because I've seen some message about the same symptoms after upgrade so...
but maybe the two version are too close and I will need to compile from sources...
what do you think about this?
Regards, Thomas.
On Sat, Apr 7, 2012 at 06:56, Scott Gifford <sgifford@suspectclass.com
wrote:
On Wed, Apr 4, 2012 at 6:16 AM, Thomas Manson < dev.mansonthomas@gmail.com> wrote:
Hi All,
I'm really struggling to make stunnel working for more than a few hours. (and the client is yelling hard...) (I solved some other issue
:
logging per website and making more than one stunnel works)
Hi Thomas,
I was just troubleshooting what looks like a very similar issue. I believe this is fixed in a later version of stunnel, which you can get
from
stunnel.org and compile yourself from source.
This is the ChangeLog entry that I think addresses your problem:
- Signal pipe set to non-blocking mode. This bug caused hangs of
stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not
affected.
I have just updated from the official Oneiric version to this one, so I don't yet know if it will fix the problem long-term, but I think my
odds
are not too bad.
Hope this helps,
-----Scott.
-
Bill Tindal