[stunnel-users] Stunnel-5.55 client close TLS socket before it could read more bytes

Ming Lu ming.lu at citrix.com
Fri Dec 13 10:48:53 CET 2019


Hello,


May I please have help on this issue? Thanks in advance!


I had a stunnel server and client communicating with TLSv1.2 (both of them are stunnel 5.55 and OpenSSL-1.1.1d) on CentOS 7 based Linux (kernel was updated as 4.19.0). The case is that client sends a HTTP request to server, and then server responds a payload with more than 640KB size. Normally, the server will close the connection by sending an alert firstly.


The issue is that sometimes (not 100% reproducible), stunnel client reported: "TLS socket closed (read hangup)". and then closed the TLS socket. So I could find an alert sent from client to server firstly from tcpdump. Consequently, this caused the application reported "unexpected end of input?" as there should be more data to be received.


I added a few debug logic and I indeed found that: there were occurrences that if stunnel client did not close the TLS socket, it could read more data from TLS socket in next poll loop:


--------------------

03:59:46 localhost stunnel: LOG6[0]: MingL: POLLRDHUP: 8192
03:59:46 localhost stunnel: LOG6[0]: MingL: ioctlsocket: 0
03:59:46 localhost stunnel: LOG6[0]: MingL: bytes: 0    <== client didn't close the sock in my debug version.
03:59:46 localhost stunnel: LOG6[0]: MingL: after checking
03:59:46 localhost stunnel: LOG6[0]: MingL: s_poll_wait: return 1
03:59:46 localhost stunnel: LOG6[0]: MingL: sock_can_rd: n
03:59:46 localhost stunnel: LOG6[0]: MingL: sock_can_wr: Y
03:59:46 localhost stunnel: LOG6[0]: MingL: ssl_can_rd: n
03:59:46 localhost stunnel: LOG6[0]: MingL: ssl_can_wr: n
03:59:46 localhost stunnel: LOG6[0]: MingL: pending: 1
03:59:46 localhost stunnel: LOG6[0]: MingL: write to sock 18432
03:59:46 localhost stunnel: LOG6[0]: MingL: read_wants_read Y
03:59:46 localhost stunnel: LOG6[0]: MingL: write_wants_writen
03:59:46 localhost stunnel: LOG6[0]: MingL: read from TLS 10168  <== then I observed the further read from TLS.
--------------------


Any help will be appreciated!

Ming

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20191213/dce6d36d/attachment-0001.htm>


More information about the stunnel-users mailing list