[stunnel-users] Truncated responses with stunnel >= 5.05
Tuomas Silen
tuomas at silen.fi
Fri Nov 7 05:33:01 CET 2014
Hi there,
After upgrading to stunnel 5.07 I've seen a lot of truncated http responses. I've tested different
versions and 5.04 is the last one to work fine. There seems to be fixes to a similar issue in 5.05,
but at least for me the result seems to be the opposite. I'm on Ubuntu 12.04.
Looking at the logs, the log entries are identical except for one part, the amount of data sent to SSL:
stunnel >= 5.05, not working:
LOG3[31153]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
LOG5[31153]: Connection closed: 67584 byte(s) sent to SSL, 184 byte(s) sent to socket
stunnel 5.04, works:
LOG3[6248]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
LOG5[6248]: Connection closed: 113051 byte(s) sent to SSL, 184 byte(s) sent to socket
It's worth noting that in both cases the closing happens after TIMEOUTclose has exceeded (probably
because of a missing close notify?).
In any case, apparently less data is sent to SSL and that's how it seems like; the end of the http
responses get truncated. If everything's very fast (e.g. localhost connections only) the problem
seems not to happen, not very often at least. With connections between two servers I've been able to
reproduce it pretty much every time in my setup (stunnel -> haproxy -> apache -> unicorn).
Undefining the POLLRDHUP or reverting the changes in 5.05 to src/client.c seem to fix the problem
for me.
Any ideas what would be a proper fix?
Thanks!
Best regards,
Tuomas Silen
More information about the stunnel-users
mailing list