[stunnel-users] Truncated responses with stunnel >= 5.05

Tuomas Silen tuomas at silen.fi
Fri Nov 7 05:33:01 CET 2014


Hi there,

After upgrading to stunnel 5.07 I've seen a lot of truncated http responses. I've tested different 
versions and 5.04 is the last one to work fine. There seems to be fixes to a similar issue in 5.05, 
but at least for me the result seems to be the opposite. I'm on Ubuntu 12.04.

Looking at the logs, the log entries are identical except for one part, the amount of data sent to SSL:

stunnel >= 5.05, not working:
LOG3[31153]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
LOG5[31153]: Connection closed: 67584 byte(s) sent to SSL, 184 byte(s) sent to socket
stunnel 5.04, works:
LOG3[6248]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
LOG5[6248]: Connection closed: 113051 byte(s) sent to SSL, 184 byte(s) sent to socket

It's worth noting that in both cases the closing happens after TIMEOUTclose has exceeded (probably 
because of a missing close notify?).

In any case, apparently less data is sent to SSL and that's how it seems like; the end of the http 
responses get truncated. If everything's very fast (e.g. localhost connections only) the problem 
seems not to happen, not very often at least. With connections between two servers I've been able to 
reproduce it pretty much every time in my setup (stunnel -> haproxy -> apache -> unicorn).

Undefining the POLLRDHUP or reverting the changes in 5.05 to src/client.c seem to fix the problem 
for me.

Any ideas what would be a proper fix?

Thanks!

Best regards,

Tuomas Silen




More information about the stunnel-users mailing list