[stunnel-users] Mysql doesnt run with stunnel

Craig Retief stunnel at rsw.co.za
Tue Oct 9 15:42:44 CEST 2007 

I see that on your server you have specified your config for mysqls like
this:

[mysqls]
accept =3307
connect =3306

try setting it like this:

[mysqls]
accept =3307
connect =127.0.0.1:3306

and see if that works...

Craig



-----Original Message-----
From: stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net]
On Behalf Of subrata at indiatimes.com
Sent: 09 October 2007 08:25 AM
To: Brian Hatch
Cc: stunnel-users at mirt.net
Subject: Re: [stunnel-users] Mysql doesnt run with stunnel

Hi

The mysql gives the following error when connecting with stunnel :

ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial
communication packet', system error: 104

The following is the dump at the stunnel at the client side :

2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 4 in non-blocking mode
2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 5 in non-blocking mode
2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 6 in non-blocking mode
2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on
accept socket
2007.10.09 11:56:59 LOG7[27211:182898183552]: pop3s bound to 0.0.0.0:995
2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 7 in non-blocking mode
2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on
accept socket
2007.10.09 11:56:59 LOG7[27211:182898183552]: imaps bound to 0.0.0.0:993
2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 8 in non-blocking mode
2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on
accept socket
2007.10.09 11:56:59 LOG7[27211:182898183552]: ssmtp bound to 0.0.0.0:465
2007.10.09 11:56:59 LOG7[27211:182898183552]: FD 9 in non-blocking mode
2007.10.09 11:56:59 LOG7[27211:182898183552]: SO_REUSEADDR option set on
accept socket
2007.10.09 11:56:59 LOG7[27211:182898183552]: mysqls bound to 0.0.0.0:3307
2007.10.09 11:56:59 LOG7[27211:182898183552]: Created pid file
/var/stunnel.pid
2007.10.09 11:57:07 LOG7[27211:182898183552]: mysqls accepted FD=10 from
127.0.0.1:32807
2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls started
2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 10 in non-blocking mode
2007.10.09 11:57:07 LOG7[27211:1073809760]: TCP_NODELAY option set on local
socket
2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 11 in non-blocking mode
2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 12 in non-blocking mode
2007.10.09 11:57:07 LOG7[27211:182898183552]: Cleaning up the signal pipe
2007.10.09 11:57:07 LOG6[27211:182898183552]: Child process 27214 finished
with code 0
2007.10.09 11:57:07 LOG7[27211:1073809760]: Connection from 127.0.0.1:32807
permitted by libwrap
2007.10.09 11:57:07 LOG5[27211:1073809760]: mysqls accepted connection from
127.0.0.1:32807
2007.10.09 11:57:07 LOG7[27211:1073809760]: FD 11 in non-blocking mode
2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls connecting
192.168.1.6:3307
2007.10.09 11:57:07 LOG7[27211:1073809760]: connect_wait: waiting 10 seconds
2007.10.09 11:57:07 LOG7[27211:1073809760]: connect_wait: connected
2007.10.09 11:57:07 LOG5[27211:1073809760]: mysqls connected remote server
from 192.168.1.232:32808
2007.10.09 11:57:07 LOG7[27211:1073809760]: Remote FD=11 initialized
2007.10.09 11:57:07 LOG7[27211:1073809760]: TCP_NODELAY option set on remote
socket
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect):
before/connect initialization
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write
client hello A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read
server hello A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read
server certificate A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read
server done A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write
client key exchange A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write
change cipher spec A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 write
finished A
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 flush
data
2007.10.09 11:57:07 LOG7[27211:1073809760]: SSL state (connect): SSLv3 read
finished A
2007.10.09 11:57:07 LOG7[27211:1073809760]:    1 items in the session cache
2007.10.09 11:57:07 LOG7[27211:1073809760]:    1 client connects
(SSL_connect())
2007.10.09 11:57:07 LOG7[27211:1073809760]:    1 client connects that
finished
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 client renegotiations
requested
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 server connects
(SSL_accept())
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 server connects that
finished
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 server renegotiations
requested
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 session cache hits
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 session cache misses
2007.10.09 11:57:07 LOG7[27211:1073809760]:    0 session cache timeouts
2007.10.09 11:57:07 LOG6[27211:1073809760]: SSL connected: new session
negotiated
2007.10.09 11:57:07 LOG6[27211:1073809760]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2007.10.09 11:57:07 LOG3[27211:1073809760]: SSL_read: Connection reset by
peer (104)
2007.10.09 11:57:07 LOG5[27211:1073809760]: Connection reset: 0 bytes sent
to SSL, 0 bytes sent to socket
2007.10.09 11:57:07 LOG7[27211:1073809760]: mysqls finished (0 left)

and on the server side 

2007.10.09 12:03:35 LOG5[4829:1073809760]: mysqls accepted connection from
192.168.1.232:32808
2007.10.09 12:03:35 LOG3[4829:1073809760]: connect_wait: getsockopt:
Connection refused (111)
2007.10.09 12:03:35 LOG5[4829:1073809760]: Connection reset: 0 bytes sent to
SSL, 0 bytes sent to socket

thanks in advance .
Subrata

----- Original Message -----
From: subrata at indiatimes.com
To: Brian Hatch <bri at stunnel.org>
Cc: stunnel-users at mirt.net
Sent: Mon, 8 Oct 2007 14:46:50 +0530 (IST)
Subject: Re: [stunnel-users] Stunnel on the same machine

The configuration files are :

pid = /var/stunnel.pid
;chroot = /var/lib/stunnel

setuid = nobody
setgid = nobody
foreground =yes

; Use it for client mode
client = yes

; Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

[mysqls]
accept  = 3307
connect = 192.168.1.6:3307

On 192.168.1.6 
----------------------
pid = /var/stunnel.pid

setuid =nobody
setgid = nobody
foreground = yes

client = no

; Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

[mysqls]
accept =3307
connect =3306

connecting like 
/usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p -P 3307
Enter password:

On entring password the following lines appear : 
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial
communication packet', system error: 104


Subrata

----- Original Message -----
From: Brian Hatch <bri at stunnel.org>
To: subrata at indiatimes.com
Sent: Sun, 7 Oct 2007 10:02:17 +0530 (IST)
Subject: Re: [stunnel-users] Stunnel on the same machine

Near 2007-10-05 22:17 +0530, subrata at indiatimes.com insisted:

> After starting stunnel and connecting the mysql
client/usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p   the flow gets
stuck at the Enter password prompt any suggestions how to proceed from
there.

What do your stunnel configuration files look like?

Other problem: mysql client may decide to use a local domain socket when
connecting to localhost, thwarting your attempts to go via Stunnel.
You might want to 'strace mysql ...' and look for the connect() lines.


-- 
Brian Hatch                  Time flies like an
   Systems and                arrow. Fruit flies
   Security Engineer          like a banana.
http://www.ifokr.org/bri/

Every message PGP signed


--
My life has changed. What about yours?
Log on to the new Indiatimes Mail and Live out of the Inbox!
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users


--
My life has changed. What about yours?
Log on to the new Indiatimes Mail and Live out of the Inbox!
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

More information about the stunnel-users mailing list