[stunnel-users] Trying to redirect with stunnel - seems to hang
Carter Browne
cbrowne at cbcs-usa.com
Wed Oct 25 15:18:34 CEST 2006
Len,
I would expect to see at least a few more lines in you log file. The next lines should be something like:
FD n in non-blocking mode
8084 connecting hostname:8084
connect_wait: waiting 10 seconds
Followed by the result of the connect attempt. You have established a secure connection with stunnel, stunnel is trying
to connect to the indicated port. The most obvious problem is that no process is listening on hostname:8084. Another
potential issue is that a process has opened port 8084 exclusively. Running netstat -an before connecting and while the
process is hung might help with some of those issues.
Carter
Len DiMaggio wrote:
> 'Evening everyone,
>
> I'm wondering if anyone has already seen a problem like this.
>
> Background - I'm trying to use stunnel to act as an SSL server and
> redirect connections so that I can use the JMeter script recorder to
> build automated tests for an app's web GUI. (The recorder does not
> support SSL.)
>
> The software versions are: stunnel 4.15 on i686-redhat-linux-gnu with
> OpenSSL 0.9.8b 04 May 2006
>
> I'm able to set up the redirection, and everything in the stunnel log
> looks OK - and, this is just making the connection manually - without
> JMeter - but trying to access the target app just hangs in the browser
> with a "connecting to..." status message.
>
> Here's the stunnel config file that I'm using - the log is attached.
>
> client=yes
> output=/tmp/stunnel.log
> debug=debug
> [8084]
> accept=hostname:8079
> connect=hostname:8084
>
> Interestingly - when I kill the stunnel process, the browser displays
> (most of) the target app's top level page.
>
>
> Thanks in advance,
> Len DiMaggio
> ldimaggi at redhat.com
>
>
>
> The stunnel log sez:
>
> 2006.10.24 04:58:33 LOG5[5869:3086362304]: stunnel 4.15 on
> i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
> 2006.10.24 04:58:33 LOG5[5869:3086362304]: Threading:PTHREAD SSL:ENGINE
> Sockets:POLL,IPv6 Auth:LIBWRAP
> 2006.10.24 04:58:33 LOG6[5869:3086362304]: file ulimit = 1024 (can be
> changed with 'ulimit -n')
> 2006.10.24 04:58:33 LOG6[5869:3086362304]: poll() used - no FD_SETSIZE
> limit for file descriptors
> 2006.10.24 04:58:33 LOG5[5869:3086362304]: 500 clients allowed
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 4 in non-blocking mode
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 5 in non-blocking mode
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 6 in non-blocking mode
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: SO_REUSEADDR option set on
> accept socket
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: 8084 bound to 10.15.49.274:8079
> 2006.10.24 04:58:33 LOG7[5870:3086362304]: Created pid file
> /var/run/stunnel.pid
> 2006.10.24 04:58:52 LOG7[5870:3086362304]: 8084 accepted FD=7 from
> 172.16.83.99:58417
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 started
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 7 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 9 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086362304]: Cleaning up the signal pipe
> 2006.10.24 04:58:52 LOG6[5870:3086362304]: Child process 5874 finished
> with code 0
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: Connection from
> 172.16.83.99:58417 permitted by libwrap
> 2006.10.24 04:58:52 LOG5[5870:3086359440]: 8084 connected from
> 172.16.83.99:58417
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 connecting
> 10.15.49.274:8084
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: waiting 10 seconds
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: connected
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: Remote FD=8 initialized
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect):
> before/connect initialization
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> write client hello A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> read server hello A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> read server certificate A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> read server done A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> write client key exchange A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> write change cipher spec A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> write finished A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> flush data
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3
> read finished A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 items in the session cache
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 client connects
> (SSL_connect())
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 1 client connects that
> finished
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 client renegotiations
> requested
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server connects
> (SSL_accept())
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server connects that
> finished
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 server renegotiations
> requested
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache hits
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache misses
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 0 session cache timeouts
> 2006.10.24 04:58:52 LOG6[5870:3086359440]: SSL connected: new session
> negotiated
> 2006.10.24 04:58:52 LOG6[5870:3086359440]: Negotiated ciphers:
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cbrowne.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061025/5799ce20/attachment.vcf>
More information about the stunnel-users
mailing list