Hello All,
I am facing problems running stunnel for Qnx 6.3 cross compiled on solaris. I want to provide a https front end to thtttpd (www.acme.com). stunnel starts but fails. Logs are like this:
1980.01.01 15:01:46 LOG5[1069085:1]: stunnel 4.20 on sparc-sun-solaris2.9 with OpenSSL 0.9.8 05 Jul 2005 1980.01.01 15:01:46 LOG5[1069085:1]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 1980.01.01 15:01:46 LOG6[1069085:1]: file ulimit = 1000 (can be changed with 'ulimit -n') 1980.01.01 15:01:46 LOG6[1069085:1]: poll() used - no FD_SETSIZE limit for file descriptors 1980.01.01 15:01:46 LOG5[1069085:1]: 488 clients allowed 1980.01.01 15:01:46 LOG7[1069085:1]: FD 4 in non-blocking mode 1980.01.01 15:01:46 LOG7[1069085:1]: FD 5 in non-blocking mode 1980.01.01 15:01:46 LOG7[1069085:1]: FD 6 in non-blocking mode 1980.01.01 15:01:46 LOG7[1069085:1]: SO_REUSEADDR option set on accept socket 1980.01.01 15:01:46 LOG7[1069085:1]: stunnel bound to xxx.xx.xxx.xxx:443 1980.01.01 15:01:46 LOG7[1073200:1]: Created pid file /stunnel.pid
<Browser connects>
1980.01.01 15:05:12 LOG7[1073200:1]: stunnel accepted FD=7 from yyy.yy.yyy.yyy:64822 1980.01.01 15:05:12 LOG7[1073200:2]: stunnel started 1980.01.01 15:05:12 LOG7[1073200:2]: FD 7 in non-blocking mode 1980.01.01 15:05:12 LOG7[1073200:2]: TCP_NODELAY option set on local socket 1980.01.01 15:05:12 LOG5[1073200:2]: stunnel accepted connection from qqq.qqq.qqq.qqq:64822 1980.01.01 15:05:12 LOG5[1073200:2]: Server mode 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): before/accept initialization 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 read client hello A 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write server hello A 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write certificate A 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 write server done A 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 flush data 1980.01.01 15:05:12 LOG7[1073200:2]: SSL state (accept): SSLv3 read client key exchange A 1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 read finished A 1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 write change cipher spec A 1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 write finished A 1980.01.01 15:05:13 LOG7[1073200:2]: SSL state (accept): SSLv3 flush data 1980.01.01 15:05:13 LOG7[1073200:2]: 1 items in the session cache 1980.01.01 15:05:13 LOG7[1073200:2]: 0 client connects (SSL_connect()) 1980.01.01 15:05:13 LOG7[1073200:2]: 0 client connects that finished 1980.01.01 15:05:13 LOG7[1073200:2]: 0 client renegotiations requested 1980.01.01 15:05:13 LOG7[1073200:2]: 1 server connects (SSL_accept()) 1980.01.01 15:05:13 LOG7[1073200:2]: 1 server connects that finished 1980.01.01 15:05:13 LOG7[1073200:2]: 0 server renegotiations requested 1980.01.01 15:05:13 LOG7[1073200:2]: 0 session cache hits 1980.01.01 15:05:13 LOG7[1073200:2]: 1 session cache misses 1980.01.01 15:05:13 LOG7[1073200:2]: 0 session cache timeouts 1980.01.01 15:05:13 LOG6[1073200:2]: SSL accepted: new session negotiated 1980.01.01 15:05:13 LOG6[1073200:2]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
< SSL Negotiation done >
1980.01.01 15:08:49 LOG3[1073200:2]: remote socket: Address family not supported by protocol family (247) <<<<<< 1980.01.01 15:08:49 LOG5[1073200:2]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 1980.01.01 15:08:49 LOG7[1073200:2]: stunnel finished (0 left)
I checked the address family; it is AF_INET :) socket syscall in client.c:989 is failing. I know the error "Address family not supported by protocol family (247)" says it all, but there are other applications running on the box which do the same thing and it works for them.
Versions: OpenSSL 0.9.8 and stunnel 4.20.
stunnel.conf ## stunnel.conf starts cert = /etc/localhost_cert.pem key = /etc/localhost_key.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = all
; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /some_dir setuid = root setgid = root ; PID is created inside chroot jail pid = /stunnel.pid
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
debug = 7 output = /some_dir/stunnel.log
[https] accept = <Qnx box IP>:443 connect = <Qnx box IP>:80 ## stunnel.conf end
# uname -a QNX localhost 6.3.0 2006/04/27-13:08:16EST armbe
It was configured thus: ./configure --prefix=/vob/nmi/3rd_party/stunnel --enable-dependency-tracking --with-ssl=/vob/nmi/3rd_party/openssl/ --build=armbe-qnx --host=sparc-sun-solaris2.9 --with-threads=pthread --disable-libwrap
Removing the --disable-libwrap does not help.
stunnel is started like this: stunnel /etc/stunnel.conf -d http -r localhost:http -p /etc
This also did not help: stunnel /etc/stunnel.conf -d https -r localhost:http -p /etc stunnel /etc/stunnel.conf
# stunnel -version stunnel 4.20 on sparc-sun-solaris2.9 with OpenSSL 0.9.8 05 Jul 2005 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4
Global options debug = 5 pid = /some_path/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /some_path/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH key = /some_path/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
Please reply, All comments appreciated.
Cheers, Raj
--------------------------------- New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes.