Debian Bug report logs -
#626856
stunnel4: stunnel fails to connect() when in inetd mode.
Reported by: David Caldwell <david@porkrind.org>
Date: Sun, 15 May 2011 22:45:01 UTC
Severity: important
Found in version stunnel4/3:4.35-2
Fixed in version stunnel4/3:4.39-1
Done: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>:
Bug#626856; Package stunnel4.
(Sun, 15 May 2011 22:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to David Caldwell <david@porkrind.org>:
New Bug report received and forwarded. Copy sent to Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>.
(Sun, 15 May 2011 22:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: stunnel4
Version: 3:4.35-2
Severity: important
Stunnel isn't working for me in inetd mode.
I'm using this line as a test in /etc/inetd.conf:
1122 stream tcp nowait cyrus.mail /usr/sbin/tcpd /usr/bin/stunnel -p /etc/ssl/private/ssl-cert-snakeoil.pem -l /bin/cat -- cat
And this to connect:
openssl s_client -connect localhost:1122
This shows up in /var/log/daemon:
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: Reading configuration from descriptor 3
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: Configuration successful
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: No limit detected for the number of clients
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: stunnel 4.35 on x86_64-pc-linux-gnu with OpenSSL 1.0.0d 8 Feb 2011
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: Service stunnel accepted connection from 127.0.0.1:40642
May 15 15:23:49 death stunnel: LOG3[29319:140456217454336]: connect: Operation now in progress (115)
May 15 15:23:49 death stunnel: LOG5[29319:140456217454336]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
The line "connect: Operation now in progress (115)" appears to come from
src/client.c:963 in function make_sockets(). It looks like connect() is
returning EINPROGRESS which doesn't really seem like an error to me, but I just
gave a cursory glance at the code so I don't really know what I'm talking about.
If I downgrade to 3:4.29-1 then everything works as I expect. I wasn't able to
find the versions between .29 and .35 so I don't know exactly which version
broke but I suspect it broke in the last couple months.
-David
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages stunnel4 depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.13-4 Embedded GNU C Library: Shared lib
ii libssl1.0.0 1.0.0d-2 SSL shared libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii netbase 4.45 Basic TCP/IP networking system
ii openssl 1.0.0d-2 Secure Socket Layer (SSL) binary a
ii perl-modules 5.12.3-6 Core Perl modules
stunnel4 recommends no packages.
Versions of packages stunnel4 suggests:
pn logcheck-database <none> (no description available)
-- Configuration Files:
/etc/ppp/ip-down.d/0stunnel4 [Errno 13] Permission denied: u'/etc/ppp/ip-down.d/0stunnel4'
/etc/ppp/ip-up.d/0stunnel4 [Errno 13] Permission denied: u'/etc/ppp/ip-up.d/0stunnel4'
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>:
Bug#626856; Package stunnel4.
(Sat, 21 May 2011 10:24:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonas Ådahl <jadahl@gmail.com>:
Extra info received and forwarded to list. Copy sent to Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>.
(Sat, 21 May 2011 10:24:03 GMT) (full text, mbox, link).
Message #10 received at 626856@bugs.debian.org (full text, mbox, reply):
A workaround for this that I discovered is to set the sslVersion to
"all" in the stunnel configuration file. Though this enables SSLv2
which is insecure.
Tested on Debian 5.0.6, stunnel4 version 3:4.22-2.
Added tag(s) pending.
Request was from Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
to control@bugs.debian.org.
(Thu, 21 Jul 2011 23:15:06 GMT) (full text, mbox, link).
Reply sent
to Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>:
You have taken responsibility.
(Thu, 21 Jul 2011 23:24:06 GMT) (full text, mbox, link).
Notification sent
to David Caldwell <david@porkrind.org>:
Bug acknowledged by developer.
(Thu, 21 Jul 2011 23:24:06 GMT) (full text, mbox, link).
Message #17 received at 626856-close@bugs.debian.org (full text, mbox, reply):
Source: stunnel4
Source-Version: 3:4.39-1
We believe that the bug you reported is fixed in the latest version of
stunnel4, which is due to be installed in the Debian FTP archive:
stunnel4_4.39-1.debian.tar.gz
to main/s/stunnel4/stunnel4_4.39-1.debian.tar.gz
stunnel4_4.39-1.dsc
to main/s/stunnel4/stunnel4_4.39-1.dsc
stunnel4_4.39-1_amd64.deb
to main/s/stunnel4/stunnel4_4.39-1_amd64.deb
stunnel4_4.39.orig.tar.gz
to main/s/stunnel4/stunnel4_4.39.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 626856@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> (supplier of updated stunnel4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 21 Jul 2011 15:46:25 -0700
Source: stunnel4
Binary: stunnel4
Architecture: source amd64
Version: 3:4.39-1
Distribution: unstable
Urgency: low
Maintainer: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
Changed-By: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
Description:
stunnel4 - Universal SSL tunnel for network daemons
Closes: 594876 626856 627765
Changes:
stunnel4 (3:4.39-1) unstable; urgency=low
.
* New Upstream Releases. Highlights:
+ 4.38:
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved interactivity.
- Bugfix: Signal pipe set to non-blocking mode. This bug caused
hangs of stunnel features based on signals, e.g. local mode, FORK
threading, or configuration file reload on Unix. Win32 platform was
not affected.
+ 4.37:
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3" option.
- Bugfix: Non-blocking socket handling in local mode fixed
(Closes: #626856).
+ 4.36:
- Dynamic memory management for strings manipulation:
no more static STRLEN limit, lower stack footprint. (Closes: #594876).
- Strict public key comparison added for "verify = 3" certificate
checking mode (thx to Philipp Hartwig).
For more details see upstream ChangeLog.
.
* Removed /usr/lib/stunnel/libstunnel.la file.
* Support restarting selected stunnel instances. Thanks Peter Palfrader.
(Closes: #627765).
Checksums-Sha1:
a6777f8aedddb4a3fd904e96209d33000bdbf835 1221 stunnel4_4.39-1.dsc
381e35a7af354b93aee6d2914485de369bdad76f 552000 stunnel4_4.39.orig.tar.gz
70df277a822e4785106fb1d4f9586c574feab006 29693 stunnel4_4.39-1.debian.tar.gz
90256ec4dcff4a53d8e01d9d9f888537fe3be22d 166508 stunnel4_4.39-1_amd64.deb
Checksums-Sha256:
c082de5df6208174e0ae5db23dd405aa8830f96a0bc170a6058fbb06e8b9ab23 1221 stunnel4_4.39-1.dsc
972e4c150e3012ba8777f149c858e1e290aeb7ad7976e1551ac1752bc04fb0ed 552000 stunnel4_4.39.orig.tar.gz
9a164389eccf041f7a8ad4b18da518a6f93db687e32c7c9508bf0e1980c0e715 29693 stunnel4_4.39-1.debian.tar.gz
6f36e0af95f9f9f358dff58f936c87d41d9d41f20475c438736c4b4d5dc46987 166508 stunnel4_4.39-1_amd64.deb
Files:
1557005ed4e861103af49c52cdb0be6b 1221 net optional stunnel4_4.39-1.dsc
853739119a8364daea750154af6d7e79 552000 net optional stunnel4_4.39.orig.tar.gz
0087155ce64107acef9f3fe80c556a16 29693 net optional stunnel4_4.39-1.debian.tar.gz
a121d341b4bfef00cfb77fa742922686 166508 net optional stunnel4_4.39-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk4osGgACgkQAZmDGK3JvCheJgCggbXCx+3VMTJbz2DM08/2+tKJ
mq8An2MzfmA+6867BSuTWh3GEBwmOHgt
=Nw0x
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 20 Aug 2011 07:35:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Jul 16 04:27:08 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.