[stunnel-users] problem with stunnel 4.36 (server mode), error after the 1st connexion
Jose Alf.
josealf at rocketmail.com
Sun May 15 04:20:55 CEST 2011
Hi Laurent,
Does it works fine with a previous version? If so, What's the lates version that
works?
If you google for "bind#1: Invalid argument (22) aix stunnel" you will find a
mail thread with a similar issue.
Regards,
Jose
________________________________
From: "laurent.uk at bnpparibas.com" <laurent.uk at bnpparibas.com>
To: stunnel-users at stunnel.org
Sent: Fri, May 13, 2011 6:39:29 AM
Subject: [stunnel-users] problem with stunnel 4.36 (server mode), error after
the 1st connexion
Hi everyone,
i have installed the stunnel 4.36 today and now i have some errors...
The 1st connexion is working fine :
011.05.13 13:23:44 LOG5[1802366:1]: Reading configuration from file
/opt/freeware/etc/stunnel/stunnel_server_level1.conf
2011.05.13 13:23:44 LOG7[1802366:1]: Snagged 64 random bytes from //.rnd
2011.05.13 13:23:44 LOG7[1802366:1]: Wrote 1024 new random bytes to //.rnd
2011.05.13 13:23:44 LOG7[1802366:1]: PRNG seeded successfully
2011.05.13 13:23:44 LOG7[1802366:1]: Using DH parameters from
/opt/freeware/etc/stunnel/ca_nopass.pem
2011.05.13 13:23:44 LOG6[1802366:1]: DH initialized with 512 bit key
2011.05.13 13:23:44 LOG7[1802366:1]: ECDH initialized
2011.05.13 13:23:44 LOG7[1802366:1]: Certificate:
/opt/freeware/etc/stunnel/ca_nopass.pem
2011.05.13 13:23:44 LOG7[1802366:1]: Certificate loaded
2011.05.13 13:23:44 LOG7[1802366:1]: Key file:
/opt/freeware/etc/stunnel/ca_nopass.pem
2011.05.13 13:23:44 LOG7[1802366:1]: Private key loaded
2011.05.13 13:23:44 LOG7[1802366:1]: Verify directory set to
/opt/freeware/etc/stunnel/CA_files/
2011.05.13 13:23:44 LOG7[1802366:1]: Added /opt/freeware/etc/stunnel/CA_files/
revocation lookup directory
2011.05.13 13:23:44 LOG7[1802366:1]: Added /opt/freeware/etc/stunnel/CRL_files/
revocation lookup directory
2011.05.13 13:23:44 LOG5[1802366:1]: Peer certificate location
/opt/freeware/etc/stunnel/CA_files/
2011.05.13 13:23:44 LOG7[1802366:1]: SSL context initialized for service pesitip
2011.05.13 13:23:44 LOG5[1802366:1]: Configuration successful
2011.05.13 13:23:44 LOG5[1802366:1]: No limit detected for the number of clients
2011.05.13 13:23:44 LOG7[1802366:1]: signal_pipe: FD=4 allocated (blocking mode)
2011.05.13 13:23:44 LOG7[1802366:1]: signal_pipe: FD=5 allocated (blocking mode)
2011.05.13 13:23:44 LOG7[1802366:1]: accept socket: FD=6 allocated (non-blocking
mode)
2011.05.13 13:23:44 LOG7[1802366:1]: Option SO_REUSEADDR set on accept socket
2011.05.13 13:23:44 LOG7[1802366:1]: Service pesitip bound to 0.0.0.0:10443
2011.05.13 13:23:44 LOG7[1802366:1]: Service pesitip opened FD=6
2011.05.13 13:23:44 LOG7[1802366:1]: Created pid file
/var/adm/stunnel_server_level1.pid
2011.05.13 13:23:44 LOG5[1802366:1]: stunnel 4.36 on powerpc-ibm-aix5.2.0.0 with
OpenSSL 0.9.8k 25 Mar 2009
2011.05.13 13:23:44 LOG5[1802366:1]: Threading:PTHREAD SSL:ENGINE Auth:none
Sockets:POLL, IPv6
2011.05.13 13:28:36 LOG7[1802366:1]: local socket: FD=7 allocated (non-blocking
mode)
2011.05.13 13:28:36 LOG7[1802366:1]: Service pesitip accepted FD=7 from
10.254.181.230:2991
2011.05.13 13:28:36 LOG7[1802366:258]: Service pesitip started
2011.05.13 13:28:36 LOG7[1802366:258]: Option TCP_NODELAY set on local socket
2011.05.13 13:28:36 LOG5[1802366:258]: Service pesitip accepted connection from
10.254.181.230:2991
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): before/accept
initialization
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 read client
hello A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write server
hello A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write
certificate A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write
certificate request A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 flush data
2011.05.13 13:28:37 LOG7[1802366:258]: Starting certificate verification:
depth=1, /O=SWIFT
2011.05.13 13:28:37 LOG5[1802366:258]: Certificate accepted: depth=1, /O=SWIFT
2011.05.13 13:28:37 LOG7[1802366:258]: Starting certificate verification:
depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:28:37 LOG5[1802366:258]: Certificate accepted: depth=0,
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read client
certificate A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read client key
exchange A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read
certificate verify A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read finished A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 write change
cipher spec A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 write finished
A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 flush data
2011.05.13 13:28:37 LOG7[1802366:258]: 1 items in the session cache
2011.05.13 13:28:37 LOG7[1802366:258]: 0 client connects (SSL_connect())
2011.05.13 13:28:37 LOG7[1802366:258]: 0 client connects that finished
2011.05.13 13:28:37 LOG7[1802366:258]: 0 client renegotiations requested
2011.05.13 13:28:37 LOG7[1802366:258]: 1 server connects (SSL_accept())
2011.05.13 13:28:37 LOG7[1802366:258]: 1 server connects that finished
2011.05.13 13:28:37 LOG7[1802366:258]: 0 server renegotiations requested
2011.05.13 13:28:37 LOG7[1802366:258]: 0 session cache hits
2011.05.13 13:28:37 LOG7[1802366:258]: 0 external session cache hits
2011.05.13 13:28:37 LOG7[1802366:258]: 0 session cache misses
2011.05.13 13:28:37 LOG7[1802366:258]: 0 session cache timeouts
2011.05.13 13:28:37 LOG6[1802366:258]: SSL accepted: new session negotiated
2011.05.13 13:28:37 LOG6[1802366:258]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5
2011.05.13 13:28:37 LOG7[1802366:258]: remote socket: FD=8 allocated
(non-blocking mode)
2011.05.13 13:28:37 LOG6[1802366:258]: connect_blocking: connecting
159.50.5.165:10016
2011.05.13 13:28:37 LOG5[1802366:258]: connect_blocking: connected
159.50.5.165:10016
2011.05.13 13:28:37 LOG5[1802366:258]: Service pesitip connected remote server
from 159.50.5.165:52585
2011.05.13 13:28:37 LOG7[1802366:258]: Remote FD=8 initialized
2011.05.13 13:28:37 LOG7[1802366:258]: Option TCP_NODELAY set on remote socket
2011.05.13 13:31:25 LOG7[1802366:258]: SSL alert (read): warning: close notify
2011.05.13 13:31:25 LOG7[1802366:258]: SSL closed on SSL_read
2011.05.13 13:31:25 LOG7[1802366:258]: Sending socket write shutdown
2011.05.13 13:31:25 LOG3[1802366:258]: readsocket: Connection reset by peer (73)
2011.05.13 13:31:25 LOG5[1802366:258]: Connection reset: 275 bytes sent to SSL,
17935 bytes sent to socket
2011.05.13 13:31:25 LOG7[1802366:258]: Service pesitip finished (0 left)
2011.05.13 13:31:25 LOG7[1802366:258]: str_stats: 36 blocks, 4350 bytes
but when its the second i always have the error :
011.05.13 13:32:19 LOG7[1802366:1]: local socket: FD=7 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG7[1802366:1]: Service pesitip accepted FD=7 from
10.254.181.230:3007
2011.05.13 13:32:19 LOG7[1802366:259]: Service pesitip started
2011.05.13 13:32:19 LOG7[1802366:259]: Option TCP_NODELAY set on local socket
2011.05.13 13:32:19 LOG5[1802366:259]: Service pesitip accepted connection from
10.254.181.230:3007
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): before/accept
initialization
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client
hello A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write server
hello A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write
certificate A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write
certificate request A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 flush data
2011.05.13 13:32:19 LOG7[1802366:259]: Starting certificate verification:
depth=1, /O=SWIFT
2011.05.13 13:32:19 LOG6[1802366:259]: CERT: Verification not enabled
2011.05.13 13:32:19 LOG5[1802366:259]: Certificate accepted: depth=1, /O=SWIFT
2011.05.13 13:32:19 LOG7[1802366:259]: Starting certificate verification:
depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:32:19 LOG6[1802366:259]: CERT: Verification not enabled
2011.05.13 13:32:19 LOG5[1802366:259]: Certificate accepted: depth=0,
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client
certificate A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client key
exchange A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read
certificate verify A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read finished A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write change
cipher spec A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write finished
A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 flush data
2011.05.13 13:32:19 LOG7[1802366:259]: 2 items in the session cache
2011.05.13 13:32:19 LOG7[1802366:259]: 0 client connects (SSL_connect())
2011.05.13 13:32:19 LOG7[1802366:259]: 0 client connects that finished
2011.05.13 13:32:19 LOG7[1802366:259]: 0 client renegotiations requested
2011.05.13 13:32:19 LOG7[1802366:259]: 2 server connects (SSL_accept())
2011.05.13 13:32:19 LOG7[1802366:259]: 2 server connects that finished
2011.05.13 13:32:19 LOG7[1802366:259]: 0 server renegotiations requested
2011.05.13 13:32:19 LOG7[1802366:259]: 0 session cache hits
2011.05.13 13:32:19 LOG7[1802366:259]: 0 external session cache hits
2011.05.13 13:32:19 LOG7[1802366:259]: 0 session cache misses
2011.05.13 13:32:19 LOG7[1802366:259]: 0 session cache timeouts
2011.05.13 13:32:19 LOG6[1802366:259]: SSL accepted: new session negotiated
2011.05.13 13:32:19 LOG6[1802366:259]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5
2011.05.13 13:32:19 LOG7[1802366:259]: socket#1: FD=8 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG7[1802366:259]: socket#2: FD=9 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG7[1802366:259]: bind#1: Invalid argument (22)
2011.05.13 13:32:19 LOG7[1802366:259]: bind#2: Invalid argument (22)
2011.05.13 13:32:19 LOG7[1802366:259]: accept: FD=10 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG6[1802366:259]: Local mode child started (PID=614488)
2011.05.13 13:32:19 LOG7[1802366:259]: Remote FD=10 initialized
2011.05.13 13:32:19 LOG7[1802366:259]: Option TCP_NODELAY set on remote socket
2011.05.13 13:32:19 LOG3[1802366:259]: transfer: s_poll_wait: Invalid argument
(22)
2011.05.13 13:32:19 LOG3[614488:259]: : No such file or directory (2)
2011.05.13 13:32:19 LOG5[1802366:259]: Connection reset: 0 bytes sent to SSL, 0
bytes sent to socket
my configuration file is :
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode
cert = /opt/freeware/etc/stunnel/ca_nopass.pem
foreground = yes
syslog = yes
; Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = SSLv3
sslVersion = all
;ciphers = DES-CBC-SHA:
;ciphers = DES-CBC3-SHA:IDEA-CBC-MD5
; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /usr/local/stunnel/var/lib/stunnel
;chroot = /tmp/
;setuid = root
;setgid = other
; PID is created inside chroot jail
pid = /var/adm/stunnel_server_level1.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
;options = Options_SSL
; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
CApath = /opt/freeware/etc/stunnel/CA_files/
; It's often easier to use CAfile
;CAfile = /opt/freeware/etc/stunnel/ca.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
CRLpath = /opt/freeware/etc/stunnel/CRL_files/
; Alternatively you can use CRLfile
;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
; Use it for client mode
client = no
; Service-level configuration
[pesitip]
accept = 10443
connect = XXXXXXXXXXXXX:10016
Can you help me to find a solution for this problem please?
Thanks you very much.
Laurent UK
This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
Do not print this message unless it is necessary,
consider the environment.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
N'imprimez ce message que si necessaire,
pensez a l'environnement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110514/d066c9fe/attachment.html>
More information about the stunnel-users
mailing list