Hello everyone.
I have not been on the list for a long time. I last compiled openssl and stunnel in 2000 or so and have been using the same code ever since. I use it very simply in client mode ... I have an application to authorize credit cards and it connect to stunnel in inetd mode (with -c in the command line).
visanet is now requiring version 2 SSL so I have to change so I got all the new stuff and compiled it up and made a .conf file.
I have two problems (for now :-) ): 1) No matter what I do it seems that at least some debug is coming back through the socket, and no debug is going to my debug file 2) The debug I am getting is very strange -- the first time it says "Snagged 64 from bytes from stunnel.rnd" The second time it says "Unable to retrieve any random data from stunnel.rnd" When I examine the file it has a current date and zero bytes. If I copy back my old (2000) stunnel.rnd it always reads once, and then writes it back out with zero bytes.
I am AIX 4.3.3 and I compiled with xlc and the only option I used that was not default was to not link in the wrappers. I did get a ton of warnings that the "-pthreaded" option was not valid ... but it executes and responds so I am not sure that matters? Or should I do something (what?) about that?
My configuration files for the service (visanet) is:
output = /tmp/stunnel.log debug = 7 RNDfile = /visanet/ssl/stunnel.rnd [visanet] client = yes connect = ssllab.pgs.wcom.net:443 sslVersion = SSLv2 protocol = smtp cert = /viasanet/ssl/stunnel.pem
The rnd file and cert file are from 2000 (old old old!). I would have expected a file /tmp/stunnel.log -- the file is not even created!
The old inetd line was:
(blah blah) stunnel -r ssllab.pgs.wcom.net:443 -c -R /visanet/sslold/stunnel.rnd
What stupid thing am I doing wrong? Does anyone else have experience using stunnel with visanet and can they give me any pointers?
Thanks!
Eric
This email sent by:
Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax
928-301-7537 -- you may call any time day or night, I turn it off when I sleep :-) Please try to use a land line first (reception often poor).
Note the change in the domain from vicspdi.com to vicsmba.com !!!!
For Metropolis support and VICS MBA Support!!!!
Completely updated web site of personal pictures with many new pictures! Includes horses, dogs, Corvairs, and more.
http://www.vicsmba.com/ourpics/index.html
Corvair pictures including the Judson setup on our 62 Sedan and lots of pictures of Cheryl's 62 Monza Wagon and our 62 Spyder convertible.
http://www.vicsmba.com/ourpics/corvairs.html
My younger brother Martin has started a very serious car company. A hot rod (very fast) electric roadster is the first offering. The chassis is built by Lotus to their specs. Check it out: http://www.teslamotors.com
On Friday 29 September 2006 23:01, Eric S. Eberhard wrote:
I am AIX 4.3.3 and I compiled with xlc and the only option I used that was not default was to not link in the wrappers. I did get a ton of warnings that the "-pthreaded" option was not valid ... but it executes and responds so I am not sure that matters? Or should I do something (what?) about that?
IMHO it doesn't matter. Did you upgrade your OpenSSL library as well?
I have two problems (for now :-) ): 1) No matter what I do it seems that at least some debug is coming back through the socket, and no debug is going to my debug file
Very strange. What about logging to stdout with "foreground=yes"?
2) The debug I am getting is very strange -- the first timeit says "Snagged 64 from bytes from stunnel.rnd" The second time it says "Unable to retrieve any random data from stunnel.rnd" When I examine the file it has a current date and zero bytes. If I copy back my old (2000) stunnel.rnd it always reads once, and then writes it back out with zero bytes.
"RNDoverwrite = no" should help.
My configuration files for the service (visanet) is:
output = /tmp/stunnel.log debug = 7 RNDfile = /visanet/ssl/stunnel.rnd [visanet] client = yes connect = ssllab.pgs.wcom.net:443 sslVersion = SSLv2 protocol = smtp cert = /viasanet/ssl/stunnel.pem
Strange. There's no "accept" option in your configuration.
Best regards, Mike
Thanks for the reply ...
No "accept" ... I suppose I should have mentioned I am running it from inetd.conf just passing in the .conf file.
I do have the latest and greatest "stable" openssl library. Not overwriting the RND files does keep it intact ... so now stdout just gets:
2006.10.02 12:02:05 LOG7[29958:1]: Snagged 64 random bytes from /visanet/ssl/stunnel.rnd
Nothing else at all :-(
At 10:16 AM 10/1/2006, you wrote:
On Friday 29 September 2006 23:01, Eric S. Eberhard wrote:
I am AIX 4.3.3 and I compiled with xlc and the only option I used that was not default was to not link in the wrappers. I did get a ton of warnings that the "-pthreaded" option was not valid ... but it executes and responds so I am not sure that matters? Or should I do something (what?) about that?
IMHO it doesn't matter. Did you upgrade your OpenSSL library as well?
I have two problems (for now :-) ): 1) No matter what I do it seems that at least some debug is coming back through the socket, and no debug is going to my debug file
Very strange. What about logging to stdout with "foreground=yes"?
2) The debug I am getting is very strange -- the first timeit says "Snagged 64 from bytes from stunnel.rnd" The second time it says "Unable to retrieve any random data from stunnel.rnd" When I examine the file it has a current date and zero bytes. If I copy back my old (2000) stunnel.rnd it always reads once, and then writes it back out with zero bytes.
"RNDoverwrite = no" should help.
My configuration files for the service (visanet) is:
output = /tmp/stunnel.log debug = 7 RNDfile = /visanet/ssl/stunnel.rnd [visanet] client = yes connect = ssllab.pgs.wcom.net:443 sslVersion = SSLv2 protocol = smtp cert = /viasanet/ssl/stunnel.pem
Strange. There's no "accept" option in your configuration.
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
This email sent by:
Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax
928-301-7537 -- you may call any time day or night, I turn it off when I sleep :-) Please try to use a land line first (reception often poor).
Note the change in the domain from vicspdi.com to vicsmba.com !!!!
For Metropolis support and VICS MBA Support!!!!
Completely updated web site of personal pictures with many new pictures! Includes horses, dogs, Corvairs, and more.
http://www.vicsmba.com/ourpics/index.html
Corvair pictures including the Judson setup on our 62 Sedan and lots of pictures of Cheryl's 62 Monza Wagon and our 62 Spyder convertible.
http://www.vicsmba.com/ourpics/corvairs.html
My younger brother Martin has started a very serious car company. A hot rod (very fast) electric roadster is the first offering. The chassis is built by Lotus to their specs. Check it out: http://www.teslamotors.com
On Monday 02 October 2006 21:19, Eric S. Eberhard wrote:
No "accept" ... I suppose I should have mentioned I am running it from inetd.conf just passing in the .conf file.
[cut]
output = /tmp/stunnel.log debug = 7 RNDfile = /visanet/ssl/stunnel.rnd [visanet] client = yes connect = ssllab.pgs.wcom.net:443 sslVersion = SSLv2 protocol = smtp cert = /viasanet/ssl/stunnel.pem
Don't define any section in inetd mode!
Mike
-
Eric S. Eberhard -
Michal Trojnara