[stunnel-users] problem with stunnel 4.36 (server mode), error after the 1st connexion

Jose Alf. josealf at rocketmail.com
Sun May 15 04:20:55 CEST 2011


Hi Laurent,

Does it works fine with a previous version? If so, What's the lates version that 
works?

If you google for "bind#1: Invalid argument (22)  aix stunnel" you will find a 
mail thread with a similar issue.

Regards,
Jose




________________________________
From: "laurent.uk at bnpparibas.com" <laurent.uk at bnpparibas.com>
To: stunnel-users at stunnel.org
Sent: Fri, May 13, 2011 6:39:29 AM
Subject: [stunnel-users] problem with stunnel 4.36 (server mode), error after 
the 1st connexion


Hi everyone, 

i have installed the stunnel 4.36 today and now i have some errors... 

The 1st connexion is working fine : 

011.05.13 13:23:44 LOG5[1802366:1]: Reading configuration from file 
/opt/freeware/etc/stunnel/stunnel_server_level1.conf 

2011.05.13 13:23:44 LOG7[1802366:1]: Snagged 64 random bytes from //.rnd 
2011.05.13 13:23:44 LOG7[1802366:1]: Wrote 1024 new random bytes to //.rnd 
2011.05.13 13:23:44 LOG7[1802366:1]: PRNG seeded successfully 
2011.05.13 13:23:44 LOG7[1802366:1]: Using DH parameters from 
/opt/freeware/etc/stunnel/ca_nopass.pem 

2011.05.13 13:23:44 LOG6[1802366:1]: DH initialized with 512 bit key 
2011.05.13 13:23:44 LOG7[1802366:1]: ECDH initialized 
2011.05.13 13:23:44 LOG7[1802366:1]: Certificate: 
/opt/freeware/etc/stunnel/ca_nopass.pem 

2011.05.13 13:23:44 LOG7[1802366:1]: Certificate loaded 
2011.05.13 13:23:44 LOG7[1802366:1]: Key file: 
/opt/freeware/etc/stunnel/ca_nopass.pem 

2011.05.13 13:23:44 LOG7[1802366:1]: Private key loaded 
2011.05.13 13:23:44 LOG7[1802366:1]: Verify directory set to 
/opt/freeware/etc/stunnel/CA_files/ 

2011.05.13 13:23:44 LOG7[1802366:1]: Added /opt/freeware/etc/stunnel/CA_files/ 
revocation lookup directory 

2011.05.13 13:23:44 LOG7[1802366:1]: Added /opt/freeware/etc/stunnel/CRL_files/ 
revocation lookup directory 

2011.05.13 13:23:44 LOG5[1802366:1]: Peer certificate location 
/opt/freeware/etc/stunnel/CA_files/ 

2011.05.13 13:23:44 LOG7[1802366:1]: SSL context initialized for service pesitip 

2011.05.13 13:23:44 LOG5[1802366:1]: Configuration successful 
2011.05.13 13:23:44 LOG5[1802366:1]: No limit detected for the number of clients 

2011.05.13 13:23:44 LOG7[1802366:1]: signal_pipe: FD=4 allocated (blocking mode) 

2011.05.13 13:23:44 LOG7[1802366:1]: signal_pipe: FD=5 allocated (blocking mode) 

2011.05.13 13:23:44 LOG7[1802366:1]: accept socket: FD=6 allocated (non-blocking 
mode) 

2011.05.13 13:23:44 LOG7[1802366:1]: Option SO_REUSEADDR set on accept socket 
2011.05.13 13:23:44 LOG7[1802366:1]: Service pesitip bound to 0.0.0.0:10443 
2011.05.13 13:23:44 LOG7[1802366:1]: Service pesitip opened FD=6 
2011.05.13 13:23:44 LOG7[1802366:1]: Created pid file 
/var/adm/stunnel_server_level1.pid 

2011.05.13 13:23:44 LOG5[1802366:1]: stunnel 4.36 on powerpc-ibm-aix5.2.0.0 with 
OpenSSL 0.9.8k 25 Mar 2009 

2011.05.13 13:23:44 LOG5[1802366:1]: Threading:PTHREAD SSL:ENGINE Auth:none 
Sockets:POLL, IPv6 

2011.05.13 13:28:36 LOG7[1802366:1]: local socket: FD=7 allocated (non-blocking 
mode) 

2011.05.13 13:28:36 LOG7[1802366:1]: Service pesitip accepted FD=7 from 
10.254.181.230:2991 

2011.05.13 13:28:36 LOG7[1802366:258]: Service pesitip started 
2011.05.13 13:28:36 LOG7[1802366:258]: Option TCP_NODELAY set on local socket 
2011.05.13 13:28:36 LOG5[1802366:258]: Service pesitip accepted connection from 
10.254.181.230:2991 

2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): before/accept 
initialization 

2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 read client 
hello A 

2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write server 
hello A 

2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write 
certificate A 

2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write 
certificate request A 

2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 flush data 
2011.05.13 13:28:37 LOG7[1802366:258]: Starting certificate verification: 
depth=1, /O=SWIFT 

2011.05.13 13:28:37 LOG5[1802366:258]: Certificate accepted: depth=1, /O=SWIFT 
2011.05.13 13:28:37 LOG7[1802366:258]: Starting certificate verification: 
depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts 

2011.05.13 13:28:37 LOG5[1802366:258]: Certificate accepted: depth=0, 
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read client 
certificate A 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read client key 
exchange A 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read 
certificate verify A 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read finished A 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 write change 
cipher spec A 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 write finished 
A 

2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 flush data 
2011.05.13 13:28:37 LOG7[1802366:258]:    1 items in the session cache 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 client connects (SSL_connect()) 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 client connects that finished 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 client renegotiations requested 
2011.05.13 13:28:37 LOG7[1802366:258]:    1 server connects (SSL_accept()) 
2011.05.13 13:28:37 LOG7[1802366:258]:    1 server connects that finished 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 server renegotiations requested 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 session cache hits 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 external session cache hits 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 session cache misses 
2011.05.13 13:28:37 LOG7[1802366:258]:    0 session cache timeouts 
2011.05.13 13:28:37 LOG6[1802366:258]: SSL accepted: new session negotiated 
2011.05.13 13:28:37 LOG6[1802366:258]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA 
Au=RSA Enc=RC4(128) Mac=MD5 

2011.05.13 13:28:37 LOG7[1802366:258]: remote socket: FD=8 allocated 
(non-blocking mode) 

2011.05.13 13:28:37 LOG6[1802366:258]: connect_blocking: connecting 
159.50.5.165:10016 

2011.05.13 13:28:37 LOG5[1802366:258]: connect_blocking: connected 
159.50.5.165:10016 

2011.05.13 13:28:37 LOG5[1802366:258]: Service pesitip connected remote server 
from 159.50.5.165:52585 

2011.05.13 13:28:37 LOG7[1802366:258]: Remote FD=8 initialized 
2011.05.13 13:28:37 LOG7[1802366:258]: Option TCP_NODELAY set on remote socket 
2011.05.13 13:31:25 LOG7[1802366:258]: SSL alert (read): warning: close notify 
2011.05.13 13:31:25 LOG7[1802366:258]: SSL closed on SSL_read 
2011.05.13 13:31:25 LOG7[1802366:258]: Sending socket write shutdown 
2011.05.13 13:31:25 LOG3[1802366:258]: readsocket: Connection reset by peer (73) 

2011.05.13 13:31:25 LOG5[1802366:258]: Connection reset: 275 bytes sent to SSL, 
17935 bytes sent to socket 

2011.05.13 13:31:25 LOG7[1802366:258]: Service pesitip finished (0 left) 
2011.05.13 13:31:25 LOG7[1802366:258]: str_stats: 36 blocks, 4350 bytes 

but when its the second i always have the error : 

011.05.13 13:32:19 LOG7[1802366:1]: local socket: FD=7 allocated (non-blocking 
mode) 

2011.05.13 13:32:19 LOG7[1802366:1]: Service pesitip accepted FD=7 from 
10.254.181.230:3007 

2011.05.13 13:32:19 LOG7[1802366:259]: Service pesitip started 
2011.05.13 13:32:19 LOG7[1802366:259]: Option TCP_NODELAY set on local socket 
2011.05.13 13:32:19 LOG5[1802366:259]: Service pesitip accepted connection from 
10.254.181.230:3007 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): before/accept 
initialization 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client 
hello A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write server 
hello A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write 
certificate A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write 
certificate request A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 flush data 
2011.05.13 13:32:19 LOG7[1802366:259]: Starting certificate verification: 
depth=1, /O=SWIFT 

2011.05.13 13:32:19 LOG6[1802366:259]: CERT: Verification not enabled 
2011.05.13 13:32:19 LOG5[1802366:259]: Certificate accepted: depth=1, /O=SWIFT 
2011.05.13 13:32:19 LOG7[1802366:259]: Starting certificate verification: 
depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts 

2011.05.13 13:32:19 LOG6[1802366:259]: CERT: Verification not enabled 
2011.05.13 13:32:19 LOG5[1802366:259]: Certificate accepted: depth=0, 
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client 
certificate A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client key 
exchange A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read 
certificate verify A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read finished A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write change 
cipher spec A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write finished 
A 

2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 flush data 
2011.05.13 13:32:19 LOG7[1802366:259]:    2 items in the session cache 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 client connects (SSL_connect()) 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 client connects that finished 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 client renegotiations requested 
2011.05.13 13:32:19 LOG7[1802366:259]:    2 server connects (SSL_accept()) 
2011.05.13 13:32:19 LOG7[1802366:259]:    2 server connects that finished 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 server renegotiations requested 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 session cache hits 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 external session cache hits 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 session cache misses 
2011.05.13 13:32:19 LOG7[1802366:259]:    0 session cache timeouts 
2011.05.13 13:32:19 LOG6[1802366:259]: SSL accepted: new session negotiated 
2011.05.13 13:32:19 LOG6[1802366:259]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA 
Au=RSA Enc=RC4(128) Mac=MD5 

2011.05.13 13:32:19 LOG7[1802366:259]: socket#1: FD=8 allocated (non-blocking 
mode) 

2011.05.13 13:32:19 LOG7[1802366:259]: socket#2: FD=9 allocated (non-blocking 
mode) 

2011.05.13 13:32:19 LOG7[1802366:259]: bind#1: Invalid argument (22) 
2011.05.13 13:32:19 LOG7[1802366:259]: bind#2: Invalid argument (22) 
2011.05.13 13:32:19 LOG7[1802366:259]: accept: FD=10 allocated (non-blocking 
mode) 

2011.05.13 13:32:19 LOG6[1802366:259]: Local mode child started (PID=614488) 
2011.05.13 13:32:19 LOG7[1802366:259]: Remote FD=10 initialized 
2011.05.13 13:32:19 LOG7[1802366:259]: Option TCP_NODELAY set on remote socket 
2011.05.13 13:32:19 LOG3[1802366:259]: transfer: s_poll_wait: Invalid argument 
(22) 

2011.05.13 13:32:19 LOG3[614488:259]: : No such file or directory (2) 
2011.05.13 13:32:19 LOG5[1802366:259]: Connection reset: 0 bytes sent to SSL, 0 
bytes sent to socket 


my configuration file is : 

; Sample stunnel configuration file by Michal Trojnara 2002-2006 
; Some options used here may not be adequate for your particular configuration 
; Please make sure you understand them (especially the effect of chroot jail) 

; Certificate/key is needed in server mode and optional in client mode 
cert = /opt/freeware/etc/stunnel/ca_nopass.pem 
foreground = yes 
syslog = yes 
; Protocol version (all, SSLv2, SSLv3, TLSv1) 
;sslVersion = SSLv3 
sslVersion = all 
;ciphers = DES-CBC-SHA: 
;ciphers = DES-CBC3-SHA:IDEA-CBC-MD5 
; Some security enhancements for UNIX systems - comment them out on Win32 
;chroot = /usr/local/stunnel/var/lib/stunnel 
;chroot = /tmp/ 
;setuid = root 
;setgid = other 
; PID is created inside chroot jail 
pid = /var/adm/stunnel_server_level1.pid 

; Some performance tunings 
socket = l:TCP_NODELAY=1 
socket = r:TCP_NODELAY=1 
;compression = rle 

; Workaround for Eudora bug 
;options = DONT_INSERT_EMPTY_FRAGMENTS 
;options = Options_SSL 
; Authentication stuff 
verify = 3 
; Don't forget to c_rehash CApath 
; CApath is located inside chroot jail 
CApath = /opt/freeware/etc/stunnel/CA_files/ 
; It's often easier to use CAfile 
;CAfile = /opt/freeware/etc/stunnel/ca.pem 
; Don't forget to c_rehash CRLpath 
; CRLpath is located inside chroot jail 
CRLpath = /opt/freeware/etc/stunnel/CRL_files/ 
; Alternatively you can use CRLfile 
;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem 

; Some debugging stuff useful for troubleshooting 
debug = 7 

; Use it for client mode 
client = no 
; Service-level configuration 

[pesitip] 
accept = 10443 
connect = XXXXXXXXXXXXX:10016 

Can you help me to find a solution for this problem please? 

Thanks you very much. 

Laurent UK




This message and any attachments (the "message") is
intended solely for the addressees and is confidential. 
If you receive this message in error, please delete it and 
immediately notify the sender. Any use not in accord with 
its purpose, any dissemination or disclosure, either whole 
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message. 
BNP PARIBAS (and its subsidiaries) shall (will) not 
therefore be liable for the message if modified. 
Do not print this message unless it is necessary,
consider the environment.

                ---------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le 
"message") sont etablis a l'intention exclusive de ses 
destinataires et sont confidentiels. Si vous recevez ce 
message par erreur, merci de le detruire et d'en avertir 
immediatement l'expediteur. Toute utilisation de ce 
message non conforme a sa destination, toute diffusion 
ou toute publication, totale ou partielle, est interdite, sauf 
autorisation expresse. L'internet ne permettant pas 
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce 
message, dans l'hypothese ou il aurait ete modifie.
N'imprimez ce message que si necessaire,
pensez a l'environnement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110514/d066c9fe/attachment.html>


More information about the stunnel-users mailing list