[stunnel-users] Newbie: Keep getting connection closed

Charles A. Monteiro charles at datasof.com
Tue Aug 17 18:31:20 CEST 2004


We are using a proprietary protocol over tcp/ip which works fine and has  
for a number of years. I have tested it without stunnel and it checks fine  
as well. I keep getting the connection closed when I run through stunnel.  
I don't understand if something bad has actually happened i.e. from the  
error warnings. Is an "alert" a bad thing i.e. does it indicate that  
something is broken? Does stunnel normally close the connection after  
every message exchange? I have included the logs for both the stunnel  
client and server as well as the respective conf files.

thanks in advance,

-Charles

---------------------------------------

client log:

2004.08.17 11:13:27 LOG7[1824:1544]: 55555 accepted FD=536 from  
127.0.0.1:1085
2004.08.17 11:13:27 LOG7[1824:1544]: FD 536 in non-blocking mode
2004.08.17 11:13:27 LOG7[1824:1544]: Creating a new thread
2004.08.17 11:13:27 LOG7[1824:1544]: New thread created
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 started
2004.08.17 11:13:27 LOG5[1824:1040]: 55555 connected from 127.0.0.1:1085
2004.08.17 11:13:27 LOG7[1824:1040]: FD 564 in non-blocking mode
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 connecting 192.168.20.76:55555
2004.08.17 11:13:27 LOG7[1824:1040]: remote connect #1: EWOULDBLOCK:  
retrying
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=write
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok
2004.08.17 11:13:27 LOG7[1824:1040]: Remote FD=564 initialized
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): before/connect  
initialization
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
client hello A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
server hello A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
server certificate A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
server done A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
client key exchange A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
change cipher spec A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 write  
finished A
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 flush data
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: FD=564, DIR=read
2004.08.17 11:13:27 LOG7[1824:1040]: waitforsocket: ok
2004.08.17 11:13:27 LOG7[1824:1040]: SSL state (connect): SSLv3 read  
finished A
2004.08.17 11:13:27 LOG7[1824:1040]:    6 items in the session cache
2004.08.17 11:13:27 LOG7[1824:1040]:    7 client connects (SSL_connect())
2004.08.17 11:13:27 LOG7[1824:1040]:    7 client connects that finished
2004.08.17 11:13:27 LOG7[1824:1040]:    0 client renegotiatations requested
2004.08.17 11:13:27 LOG7[1824:1040]:    0 server connects (SSL_accept())
2004.08.17 11:13:27 LOG7[1824:1040]:    0 server connects that finished
2004.08.17 11:13:27 LOG7[1824:1040]:    0 server renegotiatiations  
requested
2004.08.17 11:13:27 LOG7[1824:1040]:    1 session cache hits
2004.08.17 11:13:27 LOG7[1824:1040]:    0 session cache misses
2004.08.17 11:13:27 LOG7[1824:1040]:    0 session cache timeouts
2004.08.17 11:13:27 LOG6[1824:1040]: Negotiated ciphers:  
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2004.08.17 11:13:27 LOG7[1824:1040]: Socket closed on read
2004.08.17 11:13:27 LOG7[1824:1040]: SSL write shutdown (output buffer  
empty)
2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (write): warning: close  
notify
2004.08.17 11:13:27 LOG7[1824:1040]: SSL_shutdown retrying
2004.08.17 11:13:27 LOG7[1824:1040]: SSL alert (read): warning: close  
notify
2004.08.17 11:13:27 LOG7[1824:1040]: SSL closed on SSL_read
2004.08.17 11:13:27 LOG7[1824:1040]: Socket write shutdown (output buffer  
empty)
2004.08.17 11:13:27 LOG5[1824:1040]: Connection closed: 110 bytes sent to  
SSL, 13 bytes sent to socket
2004.08.17 11:13:27 LOG7[1824:1040]: 55555 finished (0 left)

-------------------------------------------------------------
server log:

2004.08.17 11:03:12 LOG7[28177:3073021920]: 55555 accepted FD=7 from  
192.168.20.77:1086
2004.08.17 11:03:12 LOG7[28177:3073021920]: FD 7 in non-blocking mode
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 started
2004.08.17 11:03:12 LOG5[28177:3062528944]: 55555 connected from  
192.168.20.77:1086
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept):  
before/accept initialization
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read  
client hello A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write server hello A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write certificate A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write server done A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
flush data
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=7, DIR=read
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read  
client key exchange A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3 read  
finished A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write change cipher spec A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
write finished A
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL state (accept): SSLv3  
flush data
2004.08.17 11:03:12 LOG7[28177:3062528944]:    2 items in the session cache
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 client connects  
(SSL_connect())
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 client connects that  
finished
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 client renegotiatations  
requested
2004.08.17 11:03:12 LOG7[28177:3062528944]:   18 server connects  
(SSL_accept())
2004.08.17 11:03:12 LOG7[28177:3062528944]:   10 server connects that  
finished
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 server renegotiatiations  
requested
2004.08.17 11:03:12 LOG7[28177:3062528944]:    2 session cache hits
2004.08.17 11:03:12 LOG7[28177:3062528944]:    0 session cache misses
2004.08.17 11:03:12 LOG7[28177:3062528944]:    6 session cache timeouts
2004.08.17 11:03:12 LOG6[28177:3062528944]: Negotiated ciphers:  
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2004.08.17 11:03:12 LOG7[28177:3062528944]: FD 8 in non-blocking mode
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 connecting  
192.168.20.76:4242
2004.08.17 11:03:12 LOG7[28177:3062528944]: remote connect #1:  
EINPROGRESS: retrying
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: FD=8, DIR=write
2004.08.17 11:03:12 LOG7[28177:3062528944]: waitforsocket: ok
2004.08.17 11:03:12 LOG7[28177:3062528944]: Remote FD=8 initialized
2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket closed on read
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (write): warning:  
close notify
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL write shutdown (output  
buffer empty)
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL alert (read): warning:  
close notify
2004.08.17 11:03:12 LOG7[28177:3062528944]: SSL closed on SSL_read
2004.08.17 11:03:12 LOG7[28177:3062528944]: Socket write shutdown (output  
buffer empty)
2004.08.17 11:03:12 LOG5[28177:3062528944]: Connection closed: 13 bytes  
sent to SSL, 110 bytes sent to socket
2004.08.17 11:03:12 LOG7[28177:3062528944]: 55555 finished (0 left)

-------------------------------------------------------------------------------------------------------------------

My client stunnel.conf:

cert=stunnel.pem
client=yes
debug=7
[55555]
accept=localhost:55555
connect=192.168.20.76:55555
- eof -

My server stunnel.conf:

cert=stunnel.pem
debug=7
output=stunnel.err
[55555]
accept=192.168.20.76:55555
connect=192.168.20.76:4242
- eof -







-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/



More information about the stunnel-users mailing list