[stunnel-users] stunnel + openbsd + popa3d
Pedro [bodymind]
pbodymind at gmail.com
Wed Dec 28 15:30:51 CET 2005
hi! I'm getting nuts with this... i hope someone can help me... i'm trying
to use popa3d trough stunnel, with inetd...
stunnel.log:
2005.12.28 14:03:45 LOG5[6298:2102628352]: stunnel 4.11 on
i386-unknown-openbsd3.8 PTHREAD+POLL+IPv6+LIBWRAP with OpenSSL 0.9.7g 11 Apr
2005
2005.12.28 14:03:45 LOG7[6298:2102628352]: Snagged 64 random bytes from
/dev/arandom
2005.12.28 14:03:45 LOG7[6298:2102628352]: RAND_status claims sufficient
entropy for the PRNG
2005.12.28 14:03:45 LOG6[6298:2102628352]: PRNG seeded successfully
2005.12.28 14:03:45 LOG7[6298:2102628352]: Certificate:
/etc/stunnel/teste.pem
2005.12.28 14:03:45 LOG7[6298:2102628352]: Key file: /etc/stunnel/teste.pem
2005.12.28 14:03:45 LOG7[6298:2102628352]: stunnel started
2005.12.28 14:03:45 LOG7[6298:2102628352]: FD 0 in non-blocking mode
2005.12.28 14:03:45 LOG7[6298:2102628352]: FD 1 in non-blocking mode
2005.12.28 14:03:45 LOG5[6298:2102628352]: stunnel connected from 2x.x.x.x
:37594
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): before/accept
initialization
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 read
client hello A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 write
server hello A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 write
certificate A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 write
server done A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 flush
data
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 read
client key exchange A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 read
finished A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 write
change cipher spec A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 write
finished A
2005.12.28 14:03:45 LOG7[6298:2102628352]: SSL state (accept): SSLv3 flush
data
2005.12.28 14:03:45 LOG7[6298:2102628352]: 1 items in the session cache
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 client connects
(SSL_connect())
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 client connects that
finished
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 client renegotiatations
requested
2005.12.28 14:03:45 LOG7[6298:2102628352]: 1 server connects
(SSL_accept())
2005.12.28 14:03:45 LOG7[6298:2102628352]: 1 server connects that
finished
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 server renegotiatiations
requested
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 session cache hits
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 session cache misses
2005.12.28 14:03:45 LOG7[6298:2102628352]: 0 session cache timeouts
2005.12.28 14:03:45 LOG6[6298:2102628352]: SSL accepted: new session
negotiated
2005.12.28 14:03:45 LOG6[6298:2102628352]: Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2005.12.28 14:03:45 LOG7[6298:2102628352]: bind#1: Invalid argument (22)
2005.12.28 14:03:45 LOG7[6298:2102628352]: bind#2: Invalid argument (22)
2005.12.28 14:03:45 LOG3[6298:2102628352]: connect: Invalid argument (22)
2005.12.28 14:03:45 LOG3[6298:2102628352]: Failed to initialize remote
connection
2005.12.28 14:03:45 LOG7[6298:2102628352]: stunnel finished (0 left)
openssl error when i connect:
$ openssl s_client -connect xxx.xxx.xxx.xxx:995 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080A6E20 [080A6E68] (148 bytes => 148 (0x94))
0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00 ......i... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../.......
0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00 ....f...........
0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12 ...c..b..a......
0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00 ..... at ..e..d..`.
0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00 ................
0070 - 03 02 00 80 1f e8 cf 61-77 e3 92 52 b4 e8 c6 04 .......aw..R....
0080 - c9 67 e7 93 20 4e 20 36-28 fa 98 6f b6 e5 29 c3 .g.. N 6(..o..).
0090 - 53 b0 ce 69 S..i
SSL_connect:SSLv2/v3 write client hello A
read from 080A6E20 [080AC3C8] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 4a 02 ....J.
0007 - <SPACES/NULS>
read from 080A6E20 [080AC3CF] (72 bytes => 72 (0x48))
0000 - 00 46 03 01 43 b2 9f 7f-42 8f 27 c4 ec 25 62 81 .F..C...B.'..%b.
0010 - 93 e3 33 1b f5 4f 12 ab-41 50 97 69 29 ba a2 b4 ..3..O..AP.i)...
0020 - 56 5c d6 10 20 c3 77 7b-35 5b 05 da 22 0f 14 47 V\.. .w{5[.."..G
0030 - 00 21 e3 96 d8 5b 57 04-5d b1 75 60 fa 72 62 49 .!...[W.].u`.rbI
0040 - 19 2a 0d 12 af 00 35 .*....5
0048 - <SPACES/NULS>
SSL_connect:SSLv3 read server hello A
read from 080A6E20 [080AC3C8] (5 bytes => 5 (0x5))
0000 - 16 03 01 02 39 ....9
read from 080A6E20 [080AC3CD] (569 bytes => 569 (0x239))
0000 - 0b 00 02 35 00 02 32 00-02 2f 30 82 02 2b 30 82 ...5..2../0..+0.
0010 - 01 94 02 09 00 eb 73 d0-24 42 f1 a3 36 30 0d 06 ......s.$B..60..
0020 - 09 2a 86 48 86 f7 0d 01-01 04 05 00 30 5a 31 0b .*.H........0Z1.
0030 - 30 09 06 03 55 04 06 13-02 70 74 31 0e 30 0c 06 0...U....pt1.0..
0040 - 03 55 04 08 13 05 45 76-6f 72 61 31 0e 30 0c 06 .U....Xxxxx1.0..
0050 - 03 55 04 07 13 05 45 76-6f 72 61 31 0d 30 0b 06 .U....Xxxxx1.0..
0060 - 03 55 04 0a 13 04 4e 65-65 69 31 0d 30 0b 06 03 .U....Xxxx1.0...
0070 - 55 04 0b 13 04 4e 65 65-69 31 0d 30 0b 06 03 55 U....Xxxx1.0...U
0080 - 04 03 13 04 4e 65 65 69-30 1e 17 0d 30 35 31 32 ....Xxxx0...0512
0090 - 32 36 30 31 30 31 33 31-5a 17 0d 30 36 30 31 32 26010131Z..06012
00a0 - 35 30 31 30 31 33 31 5a-30 5a 31 0b 30 09 06 03 5010131Z0Z1.0...
00b0 - 55 04 06 13 02 70 74 31-0e 30 0c 06 03 55 04 08 U....pt1.0...U..
00c0 - 13 05 45 76 6f 72 61 31-0e 30 0c 06 03 55 04 07 ..Xxxxx1.0...U..
00d0 - 13 05 45 76 6f 72 61 31-0d 30 0b 06 03 55 04 0a ..Xxxxx1.0...U..
00e0 - 13 04 4e 65 65 69 31 0d-30 0b 06 03 55 04 0b 13 ..Xxxx1.0...U...
00f0 - 04 4e 65 65 69 31 0d 30-0b 06 03 55 04 03 13 04 .Xxxx1.0...U....
0100 - 4e 65 65 69 30 81 9f 30-0d 06 09 2a 86 48 86 f7 Xxxx0..0...*.H..
0110 - 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81 ..........0.....
0120 - 00 9e e7 9f f2 de 73 9e-79 d5 76 4c d9 83 63 94 ......s.y.vL..c.
0130 - 53 12 e8 8d 73 43 9d 09-b1 48 d6 69 05 5d 31 1d S...sC...H.i.]1.
0140 - 24 a7 bd d6 8f a0 79 4a-1c 73 dc 78 75 9b 66 0b $.....yJ.s.xu.f.
0150 - dc 0b 27 a2 fe 4f 4a 0b-67 77 d4 96 34 c8 81 3f ..'..OJ.gw..4..?
0160 - 4a 6d a6 50 f5 6a f0 fa-53 f8 ed ba f7 51 c5 27 Jm.P.j..S....Q.'
0170 - 71 77 cf cb 95 85 83 f8-a2 c0 2b 0a c2 56 b9 6e qw........+..V.n
0180 - d1 fa e4 1a 72 a0 58 6a-41 99 ba 5e 3c 75 0c 97 ....r.XjA..^<u..
0190 - 0f 67 e2 93 a5 48 b1 1a-18 9c 22 cf 41 2b 75 ec .g...H....".A+u.
01a0 - 05 02 03 01 00 01 30 0d-06 09 2a 86 48 86 f7 0d ......0...*.H...
01b0 - 01 01 04 05 00 03 81 81-00 8c ef 64 ef d0 62 8d ...........d..b.
01c0 - c5 77 68 00 28 d5 c6 18-d0 c8 17 d2 c4 9a 65 40 .wh.(.........e@
01d0 - 4c 7b c8 bb 5d 5b 03 af-db e6 00 c7 3f 5a a0 a2 L{..][......?Z..
01e0 - d5 90 bc eb 77 c2 87 88-e2 6a 25 09 c9 f6 3c 47 ....w....j%...<G
01f0 - 25 b2 85 90 d3 a2 a2 51-52 26 7a 50 b3 f4 e3 a2 %......QR&zP....
0200 - 97 b9 ea bd 31 19 5b c8-70 bc c3 01 8e ea 0b a2 ....1.[.p.......
0210 - d5 5b 60 64 cd 65 37 60-63 94 8d 8f 72 4a d3 4f .[`d.e7`c...rJ.O
0220 - 0a a3 be c8 b4 f0 fa 60-83 b2 30 f5 59 47 45 2e .......`..0.YGE.
0230 - 50 a2 2f 17 52 0c d9 23-d1 P./.R..#.
depth=0 /C=pt/ST=Xxxxx/L=Xxxxx/O=Xxxx/OU=Xxxx/CN=Xxxx
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=pt/ST=Xxxxx/L=Xxxxx/O=Xxxx/OU=Xxxx/CN=Xxxx
verify return:1
SSL_connect:SSLv3 read server certificate A
read from 080A6E20 [080AC3C8] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 04 .....
read from 080A6E20 [080AC3CD] (4 bytes => 4 (0x4))
0000 - 0e .
0004 - <SPACES/NULS>
SSL_connect:SSLv3 read server done A
write to 080A6E20 [080B6640] (139 bytes => 139 (0x8B))
0000 - 16 03 01 00 86 10 00 00-82 00 80 65 51 68 44 44 ...........eQhDD
0010 - 2e 50 99 2d 01 7b 10 39-93 94 8e 9d 0d 80 bf b8 .P.-.{.9........
0020 - fd 55 11 35 a2 3c 9d 66-cd bb 0e 91 32 fe c6 b9 .U.5.<.f....2...
0030 - 86 2c 21 6c af ba c5 ac-08 2a 17 4a a8 97 5c b5 .,!l.....*.J..\.
0040 - e4 36 ed a0 a3 0b ab c4-19 61 c3 fc 17 cf b3 7f .6.......a......
0050 - 5b f3 8b bc 8f e5 e4 fd-88 5c 83 da 61 1f a3 4b [........\..a..K
0060 - df 00 37 61 31 8f 50 fe-72 8b 72 8d 48 bf 2f 3b ..7a1.P.r.r.H./;
0070 - 10 fc 3b cf 5a 61 4a 51-ab e4 76 54 57 5e d6 4d ..;.ZaJQ..vTW^.M
0080 - 9a c2 a7 9f fc 5c f8 0d-55 40 bb .....\..U at .
SSL_connect:SSLv3 write client key exchange A
write to 080A6E20 [080B6640] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01 ......
SSL_connect:SSLv3 write change cipher spec A
write to 080A6E20 [080B6640] (53 bytes => 53 (0x35))
0000 - 16 03 01 00 30 fe 84 71-85 05 57 bf bc 74 1f 55 ....0..q..W..t.U
0010 - db 54 8f eb 38 a8 d4 fe-1d 24 a9 4e d1 65 6b 6a .T..8....$.N.ekj
0020 - e1 c8 47 57 1f 64 80 1e-7a af a0 9b fd 6e 1c 0b ..GW.d..z....n..
0030 - 0c a7 a6 3e 30 ...>0
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
read from 080A6E20 [080AC3C8] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01 .....
read from 080A6E20 [080AC3CD] (1 bytes => 1 (0x1))
0000 - 01 .
read from 080A6E20 [080AC3C8] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 30 ....0
read from 080A6E20 [080AC3CD] (48 bytes => 48 (0x30))
0000 - ef 6b 5b 33 44 bb 18 4a-a4 e5 95 07 cf 17 d2 4c .k[3D..J.......L
0010 - b2 c0 10 59 68 4b aa a4-96 a7 e7 9c 0c bd ae 80 ...YhK..........
0020 - 38 fb 08 ec 28 2c 51 15-26 fe 44 3f c8 31 f7 99 8...(,Q.&.D?.1..
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=pt/ST=Xxxxx/L=Xxxxx/O=Xxxx/OU=Xxxx/CN=Xxxx
i:/C=pt/ST=Xxxxx/L=Xxxxx/O=Xxxx/OU=Xxxx/CN=Xxxx
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICKzCCAZQCCQDrc9AkQvGjNjANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJw
dDEOMAwGA1UECBMFRXZvcmExDjAMBgNVBAcTBUV2b3JhMQ0wCwYDVQQKEwROZWVp
MQ0wCwYDVQQLEwROZWVpMQ0wCwYDVQQDEwROZWVpMB4XDTA1MTIyNjAxMDEzMVoX
DTA2MDEyNTAxMDEzMVowWjELMAkGA1UEBhMCcHQxDjAMBgNVBAgTBUV2b3JhMQ4w
DAYDVQQHEwVFdm9yYTENMAsGA1UEChMETmVlaTENMAsGA1UECxMETmVlaTENMAsG
A1UEAxMETmVlaTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnuef8t5znnnV
dkzZg2OUUxLojXNDnQmxSNZpBV0xHSSnvdaPoHlKHHPceHWbZgvcCyei/k9KC2d3
1JY0yIE/Sm2mUPVq8PpT+O2691HFJ3F3z8uVhYP4osArCsJWuW7R+uQacqBYakGZ
ul48dQyXD2fik6VIsRoYnCLPQSt17AUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCM
72Tv0GKNxXdoACjVxhjQyBfSxJplQEx7yLtdWwOv2+YAxz9aoKLVkLzrd8KHiOJq
JQnJ9jxHJbKFkNOiolFSJnpQs/Tjope56r0xGVvIcLzDAY7qC6LVW2BkzWU3YGOU
jY9yStNPCqO+yLTw+mCDsjD1WUdFLlCiLxdSDNkj0Q==
-----END CERTIFICATE-----
subject=/C=pt/ST=Xxxxx/L=Xxxxx/O=Xxxx/OU=Xxxx/CN=Xxxx
issuer=/C=pt/ST=Xxxxx/L=Xxxxx/O=Xxxx/OU=Xxxx/CN=Xxxx
---
No client certificate CA names sent
---
SSL handshake has read 721 bytes and written 346 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
C3777B355B05DA220F14470021E396D85B57045DB17560FA726249192A0D12AF
Session-ID-ctx:
Master-Key:
89A9BC55E2B4700DDA80F799A1B5B958CAF9BFEF8970921A7158CB6EFE3F352693B500BA258CA508B3B2A25517941FD6
Key-Arg : None
Start Time: 1135779714
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
read from 080A6E20 [080AC3C8] (5 bytes => -1 (0xFFFFFFFF))
read:errno=104
write to 080A6E20 [080B0BD8] (37 bytes => -1 (0xFFFFFFFF))
configs:
inetd.conf:
pop3s stream tcp nowait root /usr/local/sbin/stunnel
stunnel /etc/stunnel/pop3s.conf
pop3s.conf:
exec = /usr/sbin/popa3d
execargs = popa3d
output = /var/log/stunnel.log
debug = 7
cert = /etc/stunnel/stunnel.pem
Versions:
OpenSSL 0.9.7g 11 Apr 2005
stunnel:
stunnel 4.11 on i386-unknown-openbsd3.8 PTHREAD+POLL+IPv6+LIBWRAP with
OpenSSL 0.9.7g 11 Apr 2005
Global options
cert = /etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
debug = 5
key = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid
RNDbytes = 64
RNDfile = /dev/arandom
RNDoverwrite = yes
session = 300 seconds
verify = none
Service-level options
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
$ uname -a
OpenBSD xxx.xxx.xxx.xxx 3.8 GENERIC#138 i386
Thanks in advance for helping me =)
Pedro Gouveia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20051228/869163e8/attachment.html>
More information about the stunnel-users
mailing list