[stunnel-users] Trying to redirect with stunnel - seems to hang

Carter Browne cbrowne at cbcs-usa.com
Wed Oct 25 15:18:34 CEST 2006


Len,

I would expect to see at least a few more lines in you log file.  The next lines should be something like:

FD n in non-blocking mode
8084 connecting hostname:8084
connect_wait: waiting 10 seconds

Followed by the result of the connect attempt.  You have established a secure connection with stunnel, stunnel is trying 
to connect to the indicated port.  The most obvious problem is that no process is listening on hostname:8084.  Another 
potential issue is that a process has opened port 8084 exclusively.  Running netstat -an before connecting and while the 
process is hung might help with some of those issues.

Carter

Len DiMaggio wrote:
> 'Evening everyone,
> 
>  I'm wondering if anyone has already seen a problem like this.
> 
>  Background - I'm trying to use stunnel to act as an SSL server and 
> redirect connections so that I can use the JMeter script recorder to 
> build automated tests for an app's web GUI. (The recorder does not 
> support SSL.)
> 
>  The software versions are: stunnel 4.15 on i686-redhat-linux-gnu with 
> OpenSSL 0.9.8b 04 May 2006
> 
>  I'm able to set up the redirection, and everything in the stunnel log 
> looks OK - and, this is just making the connection manually - without 
> JMeter - but trying to access the target app just hangs in the browser 
> with a "connecting to..." status message.
> 
>  Here's the stunnel config file that I'm using - the log is attached.
> 
>   client=yes
>   output=/tmp/stunnel.log
>   debug=debug
>   [8084]
>   accept=hostname:8079
>   connect=hostname:8084
> 
>  Interestingly - when I kill the stunnel process, the browser displays 
> (most of) the target app's top level page.
> 
> 
> Thanks in advance,
> Len DiMaggio
> ldimaggi at redhat.com
> 
> 
> 
> The stunnel log sez:
> 
> 2006.10.24 04:58:33 LOG5[5869:3086362304]: stunnel 4.15 on 
> i686-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
> 2006.10.24 04:58:33 LOG5[5869:3086362304]: Threading:PTHREAD SSL:ENGINE 
> Sockets:POLL,IPv6 Auth:LIBWRAP
> 2006.10.24 04:58:33 LOG6[5869:3086362304]: file ulimit = 1024 (can be 
> changed with 'ulimit -n')
> 2006.10.24 04:58:33 LOG6[5869:3086362304]: poll() used - no FD_SETSIZE 
> limit for file descriptors
> 2006.10.24 04:58:33 LOG5[5869:3086362304]: 500 clients allowed
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 4 in non-blocking mode
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 5 in non-blocking mode
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: FD 6 in non-blocking mode
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: SO_REUSEADDR option set on 
> accept socket
> 2006.10.24 04:58:33 LOG7[5869:3086362304]: 8084 bound to 10.15.49.274:8079
> 2006.10.24 04:58:33 LOG7[5870:3086362304]: Created pid file 
> /var/run/stunnel.pid
> 2006.10.24 04:58:52 LOG7[5870:3086362304]: 8084 accepted FD=7 from 
> 172.16.83.99:58417
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 started
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 7 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 9 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086362304]: Cleaning up the signal pipe
> 2006.10.24 04:58:52 LOG6[5870:3086362304]: Child process 5874 finished 
> with code 0
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: Connection from 
> 172.16.83.99:58417 permitted by libwrap
> 2006.10.24 04:58:52 LOG5[5870:3086359440]: 8084 connected from 
> 172.16.83.99:58417
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: FD 8 in non-blocking mode
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: 8084 connecting 
> 10.15.49.274:8084
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: waiting 10 seconds
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: connect_wait: connected
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: Remote FD=8 initialized
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): 
> before/connect initialization
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> write client hello A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> read server hello A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> read server certificate A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> read server done A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> write client key exchange A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> write change cipher spec A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> write finished A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> flush data
> 2006.10.24 04:58:52 LOG7[5870:3086359440]: SSL state (connect): SSLv3 
> read finished A
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    1 items in the session cache
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    1 client connects 
> (SSL_connect())
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    1 client connects that 
> finished
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 client renegotiations 
> requested
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 server connects 
> (SSL_accept())
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 server connects that 
> finished
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 server renegotiations 
> requested
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 session cache hits
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 session cache misses
> 2006.10.24 04:58:52 LOG7[5870:3086359440]:    0 session cache timeouts
> 2006.10.24 04:58:52 LOG6[5870:3086359440]: SSL connected: new session 
> negotiated
> 2006.10.24 04:58:52 LOG6[5870:3086359440]: Negotiated ciphers: 
> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cbrowne.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061025/5799ce20/attachment.vcf>


More information about the stunnel-users mailing list