[stunnel-users] Stunnel 4.26 - AIX 5.3
Lund, Claus
Claus.Lund at state.vt.us
Thu Jan 22 13:59:58 CET 2009
Hi Tom,
We use stunnel a lot (including on AIX). And I know that way back when, I was doing some testing with a similar setup and was never successful getting the "exec = telnetd" to work quite right when stunnel was running as a service.
I did some quick testing right now on one of our AIX boxes (using stunnel 4.22) and it doesn't work for me either. Everything looks fine when stunnel is started and the first connection comes along and works beautifully... But then stunnel dies after the connection is closed.
I assume you're using the exec = /usr/bin/telnetd option because you don't have telnetd enabled through inetd? We can't generally run telnetd either so I understand that requirement. But maybe you can get a waiver and leave it running behind a port that only accepts local connections?
_______________________________
Claus Lund
System Developer
Vermont Department of Taxes
802-828-3735
-----Original Message-----
From: stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] On Behalf Of Spence, Thomas Civ 844 CS/SCBX
Sent: Wednesday, January 21, 2009 4:59 PM
To: stunnel-announce at mirt.net; stunnel-users at mirt.net
Subject: [stunnel-users] Stunnel 4.26 - AIX 5.3
Dear Users,
* I'm running Stunnel 4.26 as a service, but it dies on logoff...
* Could you tell me which one should I put comment "/* ... */" at
stunnel.c or protocol.c so I want stunnel's daemon won't stop running.
* I am using stunnel.conf, like this:
-------
pid =
cert = /usr/local/ssl/private/stunnel.pem
output = stunnel.log
[tssl]
accept = 992
exec = /usr/sbin/telnetd
-------
*stunnel.log
-------
[/usr/local/etc/stunnel]# cat *.log
2009.01.21 16:42:54 LOG7[462906:1]: Snagged 64 random bytes from //.rnd
2009.01.21 16:42:54 LOG7[462906:1]: Wrote 1024 new random bytes to
//.rnd
2009.01.21 16:42:54 LOG7[462906:1]: RAND_status claims sufficient
entropy for the PRNG
2009.01.21 16:42:54 LOG7[462906:1]: PRNG seeded successfully
2009.01.21 16:42:55 LOG7[462906:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2009.01.21 16:42:55 LOG7[462906:1]: Certificate loaded
2009.01.21 16:42:55 LOG7[462906:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2009.01.21 16:42:55 LOG7[462906:1]: Private key loaded
2009.01.21 16:42:55 LOG7[462906:1]: SSL context initialized for service
tssl
2009.01.21 16:42:55 LOG5[462906:1]: stunnel 4.26 on
powerpc-ibm-aix5.3.0.0 with OpenSSL 0.9.8j 07 Jan 2009
2009.01.21 16:42:55 LOG5[462906:1]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP
2009.01.21 16:42:55 LOG6[462906:1]: file ulimit = 65534 (can be changed
with 'ulimit -n')
2009.01.21 16:42:55 LOG6[462906:1]: poll() used - no FD_SETSIZE limit
for file descriptors
2009.01.21 16:42:55 LOG5[462906:1]: 31999 clients allowed
2009.01.21 16:42:55 LOG7[462906:1]: FD 10 in non-blocking mode
2009.01.21 16:42:55 LOG7[462906:1]: FD 11 in non-blocking mode
2009.01.21 16:42:55 LOG7[462906:1]: FD 12 in non-blocking mode
2009.01.21 16:42:55 LOG7[462906:1]: SO_REUSEADDR option set on accept
socket
2009.01.21 16:42:55 LOG7[462906:1]: tssl bound to 0.0.0.0:992
2009.01.21 16:42:55 LOG7[540758:1]: No pid file being created
2009.01.21 16:43:17 LOG7[540758:1]: tssl accepted FD=0 from x.x.x.x:3532
2009.01.21 16:43:17 LOG7[540758:258]: tssl started
2009.01.21 16:43:17 LOG7[540758:258]: FD 0 in non-blocking mode
2009.01.21 16:43:17 LOG7[540758:258]: Waiting for a libwrap process
2009.01.21 16:43:17 LOG7[540758:258]: Acquired libwrap process #0
2009.01.21 16:43:17 LOG7[540758:258]: Releasing libwrap process #0
2009.01.21 16:43:17 LOG7[540758:258]: Released libwrap process #0
2009.01.21 16:43:17 LOG7[540758:258]: tssl permitted by libwrap from
x.x.x.x:3532
2009.01.21 16:43:17 LOG5[540758:258]: tssl accepted connection from
x.x.x.x:3532
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): before/accept
initialization
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 read
client hello A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 write
server hello A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 write
certificate A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 write
server done A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 flush
data
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 read
client key exchange A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 read
finished A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 write
change cipher spec A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 write
finished A
2009.01.21 16:43:17 LOG7[540758:258]: SSL state (accept): SSLv3 flush
data
2009.01.21 16:43:17 LOG7[540758:258]: 1 items in the session cache
2009.01.21 16:43:17 LOG7[540758:258]: 0 client connects
(SSL_connect())
2009.01.21 16:43:17 LOG7[540758:258]: 0 client connects that finished
2009.01.21 16:43:17 LOG7[540758:258]: 0 client renegotiations
requested
2009.01.21 16:43:17 LOG7[540758:258]: 1 server connects
(SSL_accept())
2009.01.21 16:43:17 LOG7[540758:258]: 1 server connects that finished
2009.01.21 16:43:17 LOG7[540758:258]: 0 server renegotiations
requested
2009.01.21 16:43:17 LOG7[540758:258]: 0 session cache hits
2009.01.21 16:43:17 LOG7[540758:258]: 0 session cache misses
2009.01.21 16:43:17 LOG7[540758:258]: 0 session cache timeouts
2009.01.21 16:43:17 LOG6[540758:258]: SSL accepted: new session
negotiated
2009.01.21 16:43:17 LOG6[540758:258]: Negotiated ciphers: DES-CBC3-SHA
SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
2009.01.21 16:43:17 LOG7[540758:258]: bind#1: Invalid argument (22)
2009.01.21 16:43:17 LOG7[540758:258]: bind#2: Invalid argument (22)
2009.01.21 16:43:17 LOG6[540758:258]: Local mode child started
(PID=639170)
2009.01.21 16:43:17 LOG7[540758:258]: Remote FD=13 initialized
2009.01.21 16:43:34 LOG7[540758:258]: Socket closed on read
2009.01.21 16:43:34 LOG7[540758:258]: SSL write shutdown
2009.01.21 16:43:34 LOG7[540758:258]: SSL alert (write): warning: close
notify
2009.01.21 16:43:34 LOG6[540758:258]: SSL socket closed on SSL_shutdown
2009.01.21 16:43:34 LOG7[540758:258]: Socket write shutdown
2009.01.21 16:43:34 LOG5[540758:258]: Connection closed: 8360 bytes sent
to SSL, 101 bytes sent to socket
2009.01.21 16:43:34 LOG7[540758:258]: tssl finished (0 left)
-------
Your help will be appreciate... Thank you.
________________________________
Tom Spence
AIX Sys Adm
ABIDES System Support
844th CS/SCBX
Pentagon - MD822
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list