'Evening everyone,
I'm wondering if anyone has already seen a problem like this.
Background - I'm trying to use stunnel to act as an SSL server and redirect connections so that I can use the JMeter script recorder to build automated tests for an app's web GUI. (The recorder does not support SSL.)
The software versions are: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
I'm able to set up the redirection, and everything in the stunnel log looks OK - and, this is just making the connection manually - without JMeter - but trying to access the target app just hangs in the browser with a "connecting to..." status message.
Here's the stunnel config file that I'm using - the log is attached.
client=yes output=/tmp/stunnel.log debug=debug [8084] accept=hostname:8079 connect=hostname:8084
Interestingly - when I kill the stunnel process, the browser displays (most of) the target app's top level page.
Thanks in advance, Len DiMaggio ldimaggi@redhat.com
The stunnel log sez:
2006.10.24 04:58:33 LOG5[5869:3086362304]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006 2006.10.24 04:58:33 LOG5[5869:3086362304]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2006.10.24 04:58:33 LOG6[5869:3086362304]: file ulimit = 1024 (can be changed with 'ulimit -n') 2006.10.24 04:58:33 LOG6[5869:3086362304]: poll() used - no FD_SETSIZE limit for file descriptors 2006.10.24 04:58:33 LOG5[5869:3086362304]: 500 clients allowed 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 4 in non-blocking mode 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 5 in non-blocking mode 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 6 in non-blocking mode 2006.10.24 04:58:33 LOG7[5869:3086362304]: SO_REUSEADDR option set on accept socket 2006.10.24 04:58:33 LOG7[5869:3086362304]: 8084 bound to 10.15.49.274:8079 2006.10.24 04:58:33 LOG7[5870:3086362304]: Created pid file /var/run/stunnel.pid 2006.10.24 04:58:52 LOG7[5870:3086362304]: 8084 accepted FD=7 from 172.16.83.99:58417 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 started 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 7 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 9 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086362304]: Cleaning up the signal pipe 2006.10.24 04:58:52 LOG6[5870:3086362304]: Child process 5874 finished with code 0 2006.10.24 04:58:52 LOG7[5870:3086359440]: Connection from 172.16.83.99:58417 permitted by libwrap 2006.10.24 04:58:52 LOG5[5870:3086359440]: 8084 connected from 172.16.83.99:58417 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 connecting 10.15.49.274:8084 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: waiting 10 seconds 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: connected 2006.10.24 04:58:52 LOG7[5870:3086359440]: Remote FD=8 initialized 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): before/connect initialization 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write client hello A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read server hello A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read server certificate A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read server done A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write client key exchange A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write change cipher spec A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write finished A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 flush data 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read finished A 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 items in the session cache 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 client connects (SSL_connect()) 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 client connects that finished 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 client renegotiations requested 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server connects (SSL_accept()) 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server connects that finished 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server renegotiations requested 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache hits 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache misses 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache timeouts 2006.10.24 04:58:52 LOG6[5870:3086359440]: SSL connected: new session negotiated 2006.10.24 04:58:52 LOG6[5870:3086359440]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
Len,
I would expect to see at least a few more lines in you log file. The next lines should be something like:
FD n in non-blocking mode 8084 connecting hostname:8084 connect_wait: waiting 10 seconds
Followed by the result of the connect attempt. You have established a secure connection with stunnel, stunnel is trying to connect to the indicated port. The most obvious problem is that no process is listening on hostname:8084. Another potential issue is that a process has opened port 8084 exclusively. Running netstat -an before connecting and while the process is hung might help with some of those issues.
Carter
Len DiMaggio wrote:
'Evening everyone,
I'm wondering if anyone has already seen a problem like this.
Background - I'm trying to use stunnel to act as an SSL server and redirect connections so that I can use the JMeter script recorder to build automated tests for an app's web GUI. (The recorder does not support SSL.)
The software versions are: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
I'm able to set up the redirection, and everything in the stunnel log looks OK - and, this is just making the connection manually - without JMeter - but trying to access the target app just hangs in the browser with a "connecting to..." status message.
Here's the stunnel config file that I'm using - the log is attached.
client=yes output=/tmp/stunnel.log debug=debug [8084] accept=hostname:8079 connect=hostname:8084
Interestingly - when I kill the stunnel process, the browser displays (most of) the target app's top level page.
Thanks in advance, Len DiMaggio ldimaggi@redhat.com
The stunnel log sez:
2006.10.24 04:58:33 LOG5[5869:3086362304]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006 2006.10.24 04:58:33 LOG5[5869:3086362304]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2006.10.24 04:58:33 LOG6[5869:3086362304]: file ulimit = 1024 (can be changed with 'ulimit -n') 2006.10.24 04:58:33 LOG6[5869:3086362304]: poll() used - no FD_SETSIZE limit for file descriptors 2006.10.24 04:58:33 LOG5[5869:3086362304]: 500 clients allowed 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 4 in non-blocking mode 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 5 in non-blocking mode 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 6 in non-blocking mode 2006.10.24 04:58:33 LOG7[5869:3086362304]: SO_REUSEADDR option set on accept socket 2006.10.24 04:58:33 LOG7[5869:3086362304]: 8084 bound to 10.15.49.274:8079 2006.10.24 04:58:33 LOG7[5870:3086362304]: Created pid file /var/run/stunnel.pid 2006.10.24 04:58:52 LOG7[5870:3086362304]: 8084 accepted FD=7 from 172.16.83.99:58417 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 started 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 7 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 9 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086362304]: Cleaning up the signal pipe 2006.10.24 04:58:52 LOG6[5870:3086362304]: Child process 5874 finished with code 0 2006.10.24 04:58:52 LOG7[5870:3086359440]: Connection from 172.16.83.99:58417 permitted by libwrap 2006.10.24 04:58:52 LOG5[5870:3086359440]: 8084 connected from 172.16.83.99:58417 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 connecting 10.15.49.274:8084 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: waiting 10 seconds 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: connected 2006.10.24 04:58:52 LOG7[5870:3086359440]: Remote FD=8 initialized 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): before/connect initialization 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write client hello A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read server hello A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read server certificate A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read server done A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write client key exchange A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write change cipher spec A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 write finished A 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 flush data 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 read finished A 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 items in the session cache 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 client connects (SSL_connect()) 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 client connects that finished 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 client renegotiations requested 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server connects (SSL_accept()) 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server connects that finished 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server renegotiations requested 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache hits 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache misses 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache timeouts 2006.10.24 04:58:52 LOG6[5870:3086359440]: SSL connected: new session negotiated 2006.10.24 04:58:52 LOG6[5870:3086359440]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
Len DiMaggio wrote:
I'm able to set up the redirection, and everything in the stunnel log looks OK - and, this is just making the connection manually - without JMeter - but trying to access the target app just hangs in the browser with a "connecting to..." status message.
Buggy Microsoft implementation of SSL protocol does not send close_notify alert before closing TCP connection. Use: TIMEOUTclose = 0 option in your configuration file.
Best regards, Mike
-
Carter Browne -
Len DiMaggio -
Michal Trojnara