[stunnel-users] stunnel HUP bug

Stefan Behte s.behte at babiel.com
Wed Feb 9 11:51:27 CET 2011


Hi,

>> kill -HUP does not seem to work for me with 4.35, I always get:
>> 
>> 2011.02.07 17:51:25 LOG5[14988:139705784043264]: Received signal 15;
>> terminating

>I could not reproduce your problem.  Are you sure that you used
>"kill -HUP 14988" and not "kill 14988"?  Otherwise please send
>us your configuration file and more logs, including the lines
>logged by stunnel at startup.

Sorry but I cannot reproduce it anymore, either. I am 100% sure, I sent kill -HUP, though (it's even in the history). 

As I tried to reproduce the issue, I got a different one. :/

# /etc/init.d/stunnel start &>/dev/null; cat stunnel

2011.02.09 11:23:53 LOG5[1332:139976438163200]: Reading configuration from file /etc/stunnel/stunnel.conf
2011.02.09 11:23:53 LOG6[1332:139976438163200]: Could not load DH parameters from /etc/stunnel/www.mydomain.com.crt
2011.02.09 11:23:53 LOG6[1332:139976438163200]: Could not load DH parameters from /etc/stunnel/www.myotherdomain.com.crt
2011.02.09 11:23:53 LOG5[1332:139976438163200]: Configuration successful
2011.02.09 11:23:53 LOG5[1332:139976438163200]: No limit detected for the number of clients
2011.02.09 11:23:53 LOG5[1338:139976438163200]: stunnel 4.35 on x86_64-pc-linux-gnu with OpenSSL 1.0.0c 2 Dec 2010
2011.02.09 11:23:53 LOG5[1338:139976438163200]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

# ps auxwww | grep stunnel
stunnel   1333  0.0  0.0  29164   628 pts/0    S    11:23   0:00 /usr/sbin/stunnel /etc/stunnel/stunnel.conf
stunnel   1334  0.0  0.0  29164   628 pts/0    S    11:23   0:00 /usr/sbin/stunnel /etc/stunnel/stunnel.conf
stunnel   1335  0.0  0.0  29164   628 pts/0    S    11:23   0:00 /usr/sbin/stunnel /etc/stunnel/stunnel.conf
stunnel   1336  0.0  0.0  29164   632 pts/0    S    11:23   0:00 /usr/sbin/stunnel /etc/stunnel/stunnel.conf
stunnel   1337  0.0  0.0  29164   632 pts/0    S    11:23   0:00 /usr/sbin/stunnel /etc/stunnel/stunnel.conf
stunnel   1338  0.0  0.0  29164   856 ?        Ss   11:23   0:00 /usr/sbin/stunnel /etc/stunnel/stunnel.conf
root      1344  0.0  0.0   6204   580 pts/0    S+   11:24   0:00 grep --colour=auto stunnel

# kill -HUP 1338

2011.02.09 11:25:18 LOG5[1338:139976438163200]: Reading configuration from file /etc/stunnel/stunnel.conf
2011.02.09 11:25:18 LOG6[1338:139976438163200]: Could not load DH parameters from /etc/stunnel/www.mydomain.com.crt
2011.02.09 11:25:18 LOG3[1338:139976438163200]: error queue: 140B0002 : error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
2011.02.09 11:25:18 LOG3[1338:139976438163200]: error queue: 20074002 : error:20074002:BIO routines:FILE_CTRL:system lib
2011.02.09 11:25:18 LOG3[1338:139976438163200]: SSL_CTX_use_PrivateKey_file: 200100D: error:0200100D:system library:fopen:Permission denied
2011.02.09 11:25:18 LOG3[1338:139976438163200]: Error binding https to 0.0.0.0:444
2011.02.09 11:25:18 LOG3[1338:139976438163200]: bind: Permission denied (13)

# /etc/init.d/stunnel restart

2011.02.09 11:40:22 LOG5[2017:140528250427136]: Received signal 15; terminating
2011.02.09 11:40:23 LOG5[2123:140176257128192]: Reading configuration from file /etc/stunnel/stunnel.conf

[.. same as above: 2011.02.09 11:23:53 ..]

But the socket is not in use, netstat does not list it. Stunnel works fine again after the restart. 

stunnel.conf:

setuid = stunnel
setgid = stunnel
pid = /var/run/stunnel/stunnel.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

debug = info
output = /var/log/squid/stunnel

[https]
accept  = 444
connect = 127.0.0.1:8089
TIMEOUTclose = 0
cert = /etc/stunnel/www.mydomain.com.crt
key = /etc/stunnel/www.mydomain.com.key

[https]
accept  = 445
connect = 127.0.0.1:8083
TIMEOUTclose = 0
cert = /etc/stunnel/www.myotherdomain.com.crt
key = /etc/stunnel/www.myotherdomain.com.key

Best regards,

Stefan Behte
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110209/8b054905/attachment.html>


More information about the stunnel-users mailing list