[stunnel-users] Stunnel crashing
Vasil Dimov
vd at datamax.bg
Mon Jun 20 07:23:01 CEST 2005
On Sun, Jun 19, 2005 at 04:58:34PM +0200, David Gomel wrote:
> I have been having some major problems trying to secure pop3 and imap with
> stunnel. I am running a RHEL3 box with Cpanel. I first started off by
> installing a clean copy of stunnel 4.10 but it was causing numerous bizarre
> problems. 1) it would crash after a few hours of the daemon operating, 2)
> before it would crash I would be getting tons of 'mailbox locked' errors and
> 3) the occasional timeout connecting. I eventually gave up with 4.10 and
> decided to try to use the stunnel 4.04 that was already doing https for
> cpanel/whm. I created a separate config file and ran a separate daemon just
> for pop/imap (I did this because I want them to be using different SSL
> certs). This seemed to be working perfectly as there were no timeouts, no
> locked mailbox errors and it didn't seem to be crashing. After about 24
> hours however, the process had shut down. I tried a few more times and
> again after about 12-24 hours of running my pop/imap only stunnel daemon
> crashes. I should also mention 2 other things: 1) prior to having set up
> 4.10 on my box, stunnel 4.04 was listening for pop/imap without crashing (it
> just wasn't being used however). 2) The other daemon running https for
> cpanel/whm hasn't crashed at all.
>
> I've included the log (level 7) for everything that happened in the 1-2
> seconds before it crashed. If anyone could offer any advice, it would be
> greatly appreciated!
>
> Thanks!
> David
>
> Info needed:
>
>
> 6) Output of "openssl version":
>
> OpenSSL 0.9.7a Feb 19 2003
>
I am not sure if this is not redhat's somehow patched version of 0.9.7a,
but if it is the original 0.9.7a then it has A LOT OF BUGS that may be
causing the crash.
I would suggest that you try openssl 0.9.7g and stunnel-4.09:
1. install openssl 0.9.7g manually (from source) with
--prefix=/tmp/openssl (for example)
2. export LD_LIBRARY_PATH=/tmp/openssl/lib
3. use stunnel's configure option --with-ssl=/tmp/openssl
4. make sure the new stunnel links with openssl-0.9.7g:
ldd .../stunnel-4.09/src/stunnel, libssl.so.3 and libcrypto.so.3
should point to /tmp/openssl/lib/
5. run stunnel .../stunnel-4.09/src/stunnel /path/to/stunnel.conf and
see what happens
If it still crashes you shoud try to get a backtrace.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050620/d28715a0/attachment.sig>
More information about the stunnel-users
mailing list