[stunnel-users] unknown protocol error (140770FC) with xinetd
Ian Pilcher
arequipeno at gmail.com
Mon Mar 10 17:40:15 CET 2008
I am trying to set up rsync over SSL with stunnel. I've got things
working when I run stunnel standalone on both systems, but I have been
unable to get things working when I run stunnel via xinetd on the server
(haven't tried using xinet on the client yet).
Here is the (standalone) server configuration that works:
cert = /etc/stunnel/rsyncs_cert.pem
key = /etc/stunnel/private/rsyncs_key.pem
client = no
pid = /var/run/stunnel.pid
RNDfile = /var/run/stunnel/random_seed
foreground = yes
debug = debug
;output = /var/run/stunnel/stunnel.log
[rsyncs]
accept = 2873
exec = /usr/bin/rsync
execargs = rsync --daemon
Here is the (non-working) server-side xinetd configuration:
# default: off
# description: rsync tunneled over SSL (stunnel)
service rsyncs
{
disable = no
flags = IPv4
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
}
... and the (non-working) server-side stunnel configuration:
cert = /etc/stunnel/rsyncs_cert.pem
key = /etc/stunnel/private/rsyncs_key.pem
client = no
pid = /var/run/stunnel.pid
RNDfile = /var/run/stunnel/random_seed
foreground = yes
debug = debug
output = /var/run/stunnel/stunnel.log
exec = /usr/bin/rsync
execargs = rsync --daemon
Trying to connect to the non-working configuration with openssl
s_client, I get:
CONNECTED(00000003)
write to 0x9b9e938 [0x9b9f068] (133 bytes => 133 (0x85))
0000 - 80 83 01 03 01 00 5a 00-00 00 20 00 00 39 00 00 ......Z...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00
..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-00 00 63 00 00 62 00 00
..........c..b..
0040 - 15 00 00 12 00 00 09 06-00 40 00 00 65 00 00 64
......... at ..e..d
0050 - 00 00 14 00 00 11 00 00-08 00 00 06 04 00 80 00
................
0060 - 00 03 02 00 80 3e b4 89-34 c1 e6 93 97 2d 8d ca
.....>..4....-..
0070 - 90 e1 4c 51 e1 71 c7 54-ed 52 0c 6e 2e 47 90 9b
..LQ.q.T.R.n.G..
0080 - 8e c6 73 3d d8 ..s=.
read from 0x9b9e938 [0x9ba45c8] (7 bytes => 7 (0x7))
0000 - 32 30 30 38 2e 30 33 2008.03
18523:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:567:
The server log shows:
2008.03.10 11:32:23 LOG5[18563:3086215456]: stunnel 4.20 on
i386-redhat-linux-gnu with OpenSSL 0.9.8b 04 May 2006
2008.03.10 11:32:23 LOG5[18563:3086215456]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2008.03.10 11:32:23 LOG7[18563:3086215456]: stunnel started
2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 0 in non-blocking mode
2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 1 in non-blocking mode
2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 4 in non-blocking mode
2008.03.10 11:32:23 LOG7[18563:3086215456]: FD 5 in non-blocking mode
2008.03.10 11:32:23 LOG7[18563:3086215456]: Connection from
127.0.0.1:38481 permitted by libwrap
2008.03.10 11:32:23 LOG5[18563:3086215456]: stunnel accepted
connection from 127.0.0.1:38481
2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept):
before/accept initialization
2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept):
SSLv3 read client hello A
2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept):
SSLv3 write server hello A
2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept):
SSLv3 write certificate A
2008.03.10 11:32:23 LOG7[18563:3086215456]: SSL state (accept):
SSLv3 write server done A
2008.03.10 11:32:23 LOG3[18563:3086215456]: SSL_accept: Peer
suddenly disconnected
2008.03.10 11:32:23 LOG5[18563:3086215456]: Connection reset: 0
bytes sent to SSL, 0 bytes sent to socket
2008.03.10 11:32:23 LOG7[18563:3086215456]: stunnel finished (0 left)
Anyone have any ideas?
Thanks!
--
========================================================================
Ian Pilcher arequipeno at gmail.com
========================================================================
More information about the stunnel-users
mailing list