[stunnel-users] [Stunnel Guru needed] stunnel running, but no longer serve connection after a while ("Dispatching signals from the signal pipe" in logs ==> all stops)

Thomas Manson dev.mansonthomas at gmail.com
Sat Apr 7 08:24:46 CEST 2012


This bug has been corrected in

Version 4.38, 2011.06.28, urgency: MEDIUM:

   - New features
      - Server-side SNI implemented (RFC 3546 section 3.1) with a new
      service-level option "nsi".
      - "socket" option also accepts "yes" and "no" for flags.
      - Nagle's algorithm is now disabled by default for improved
      interactivity.
   - Bugfixes
      - A compilation fix was added for OpenSSL version < 1.0.0.
      - Signal pipe set to non-blocking mode. This bug caused hangs of
      stunnel features based on signals, e.g. local mode, FORK threading, or
      configuration file reload on Unix. Win32 platform was not affected.


however it don't precise from which version it affects stunnel... so my try
with 11.04 is a bit risky, even if 4.29 is quite far from 4.38.

Maybe upgrading to 12.04 could solve the issue, but I don't like to upgrade
right away (I had some bad surpise ;))

so compiling from source seems to be the safest option.

Thomas.

On Sat, Apr 7, 2012 at 07:58, Thomas Manson <dev.mansonthomas at gmail.com>wrote:

> i've just checked my setup right now and the funny thing is that I think
> it stopped working exactly at the same second of the same hour & minute of
> the day :
>
>
> root at ns0:/var/log/stunnel4# ll
> total 940
> drwxr-xr-x  2 stunnel4 stunnel4   4096 2012-04-07 06:25 .
> drwxr-xr-x 14 root     root       4096 2012-04-07 06:25 ..
> -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> extranet.serviceplus-hse.com_stunnel.log
> -rw-r-----  1 stunnel4 stunnel4 926267 2012-04-07 06:25
> extranet.serviceplus-hse.com_stunnel.log.1
> -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> mansonthomas.com_stunnel.log
> -rw-r-----  1 stunnel4 stunnel4   5804 2012-04-07 06:25
> mansonthomas.com_stunnel.log.1
> -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25 stunnel.log
> -rw-r-----  1 stunnel4 stunnel4  11710 2012-04-07 06:25 stunnel.log.1
> root at ns0:/var/log/stunnel4# ll
> total 940
> drwxr-xr-x  2 stunnel4 stunnel4   4096 2012-04-07 06:25 .
> drwxr-xr-x 14 root     root       4096 2012-04-07 06:25 ..
> -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> extranet.serviceplus-hse.com_stunnel.log
> -rw-r-----  1 stunnel4 stunnel4 926267 2012-04-07 06:25
> extranet.serviceplus-hse.com_stunnel.log.1
> -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25
> mansonthomas.com_stunnel.log
> -rw-r-----  1 stunnel4 stunnel4   5804 2012-04-07 06:25
> mansonthomas.com_stunnel.log.1
> -rw-r-----  1 stunnel4 stunnel4      0 2012-04-07 06:25 stunnel.log
> -rw-r-----  1 stunnel4 stunnel4  11710 2012-04-07 06:25 stunnel.log.1
> root at ns0:/var/log/stunnel4# tail stunnel.log.1
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Option TCP_NODELAY set on
> remote socket
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Socket closed on read
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending SSL write shutdown
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL alert (write):
> warning: close notify
> 2012.04.06 22:21:19 LOG6[4745:139677248579328]: SSL_shutdown successfully
> sent close_notify
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: SSL socket closed on
> SSL_read
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Sending socket write
> shutdown
> 2012.04.06 22:21:19 LOG5[4745:139677248579328]: Connection closed: 206
> bytes sent to SSL, 139 bytes sent to socket
> 2012.04.06 22:21:19 LOG7[4745:139677248579328]: Service
> https-123monsite.com finished (0 left)
> 2012.04.07 06:25:04 LOG7[4745:139677248583456]: Dispatching signals from
> the signal pipe
> root at ns0:/var/log/stunnel4#
>
> compared to my first post... :
>
>
>
>
>    - 2012.04.04 06:25:04 LOG7[24778:139641780213536]: Dispatching signals
>    from the signal pipe
>    -
>    and at the same time (2012.04.04 06:25:04)  all logs file stops :
>
>
>    - root at ns0:/var/log/stunnel4# ll
>    - total 128
>    - drwxr-xr-x  2 stunnel4 stunnel4  4096 2012-04-04 12:10 .
>    - drwxr-xr-x 14 root     root      4096 2012-04-04 06:25 ..
>    - -rw-r-----  1 stunnel4 stunnel4 98084 2012-04-04 *06:25*
>     extranet.serviceplus-hse.com_stunnel.log
>    - -rw-r-----  1 stunnel4 stunnel4  4491 2012-04-04 06:25
>    mansonthomas.com_stunnel.log
>    - -rw-r-----  1 stunnel4 stunnel4     0 2012-04-04 06:25 stunnel.log
>    - -rw-r-----  1 stunnel4 stunnel4 11058 2012-04-04 06:25 stunnel.log.1
>
>
>
> I could cron a restart at the appropriate time but I think I'll compile
> from sources.
>
> Regards,
> Thomas.
>
> On Sat, Apr 7, 2012 at 07:51, Thomas Manson <dev.mansonthomas at gmail.com>wrote:
>
>> Yes, it helps a lot !
>>
>> I've another server running a different version of Ubuntu (11.04 where
>> stunnel version is 4.29-1 instead of 11.10 and stunnel 4.35-2build1)
>>
>> Do you think it can work on older version ?
>>
>> I was thinking to try this because I've seen some message about the same
>> symptoms after upgrade so...
>>
>> but maybe the two version are too close and I will need to compile from
>> sources...
>>
>> what do you think about this?
>>
>> Regards,
>> Thomas.
>>
>>
>> On Sat, Apr 7, 2012 at 06:56, Scott Gifford <sgifford at suspectclass.com>wrote:
>>
>>> On Wed, Apr 4, 2012 at 6:16 AM, Thomas Manson <
>>> dev.mansonthomas at gmail.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>>   I'm really struggling to make stunnel working for more than a few
>>>> hours. (and the client is yelling hard...) (I solved some other issue :
>>>> logging per website and making more than one stunnel works)
>>>>
>>>
>>> Hi Thomas,
>>>
>>> I was just troubleshooting what looks like a very similar issue.  I
>>> believe this is fixed in a later version of stunnel, which you can get from
>>> stunnel.org and compile yourself from source.
>>>
>>> This is the ChangeLog entry that I think addresses your problem:
>>>
>>>   - Signal pipe set to non-blocking mode.  This bug caused hangs of
>>> stunnel
>>>     features based on signals, e.g. local mode, FORK threading, or
>>>     configuration file reload on Unix.  Win32 platform was not affected.
>>>
>>>
>>> I have just updated from the official Oneiric version to this one, so I
>>> don't yet know if it will fix the problem long-term, but I think my odds
>>> are not too bad.
>>>
>>> Hope this helps,
>>>
>>> -----Scott.
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120407/b5f00aa6/attachment.html>


More information about the stunnel-users mailing list