[stunnel-users] 6 processes + out of memory issues on CentOS 6 stunnel (4.29)

Todd Rinaldo toddr at cpanel.net
Wed Oct 31 14:05:57 CET 2012


I'm experimenting with using the stunnel that comes with CentOS 6 (4.29). I have a config file that is successfully being used on stunnel version 4.15 on the same host without any issues.

My issues:
1. starting stunnel creates 6 processes. I assume this has something to do with libwrap, but I'm not finding much discussion about it by doing a search. I'm also assuming that the binaries are forking after load, so it's not a significant memory expense to do this due to COW. Is this correct?

2. I'm getting 't of memory' (no "ou" in the error) messages from syslog when I do more than one request via chrome to port 2087. The process indicated from the message points to the stunnel process that has ownership of the open ports. A single request to this port doesn't seem to spawn the issue.  Can anyone suggest what might be causing this?

Upgrading to a newer version of stunnel is possible, but I would prefer to keep the version Red Hat provides so they can be on the hook for CVE issues.

My config file follows:
-----
cert = /var/cpanel/ssl/cpanel/cpanel.pem
chroot = /usr/local/cpanel/var/run/stunnel/
# PID is created inside chroot jail
pid = /stunnel.pid
setuid = cpanel
setgid = cpanel

# Service-level configuration

[cpanelhttps]
accept  = 2083
connect = 2082
TIMEOUTclose = 0

[whmhttps]
accept  = 2087
connect = 2086
TIMEOUTclose = 0

[webmailhttps]
accept  = 2096
connect = 2095
TIMEOUTclose = 0


More information about the stunnel-users mailing list