[prev in list] [next in list] [prev in thread] [next in thread] 

List:       stunnel-users
Subject:    Intermittent stunnel errors
From:       Partha Saha <partha () berkeley ! innomedia ! com>
Date:       2004-04-24 2:09:51
Message-ID: 4089CC6F.9070106 () berkeley ! innomedia ! com
[Download RAW message or body]

Hi all,

I have an interesting problem that I am hoping someone can shed some 
light on.

I use "stunnel" version 4.05 to provide HTTPS access to "boa" an open 
source webserver. I

Next I wrote a script using curl that repeatedly downloaded a web page
from the web server 10,000 times using HTTPS in a sequential manner.

If I launch the script once, I do not see any problem, all 10,000 
downloads are successful.

If I launch two or more instances of the script almost simultaneously, I 
start getting errors from time to time. Sometimes I see 5,000 errrors in
10,000 downloads (curl exit code 35).

On the server side, I see the following combination of errors:

Apr 23 17:15:52 loadtest1 stunnel[32424]: SSL_accept: 4077068: 
error:04077068:rsa routines:RSA_verify:bad signature

Apr 23 17:15:52 loadtest1 stunnel[32424]: error stack: 1408807A : 
error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature

Apr 23 17:21:16 loadtest1 stunnel[32428]: SSL_accept: 140D2081: 
error:140D2081:SSL routines:TLS1_ENC:block cipher pad is wrong

I see this problem whether I use client authentication (verify = 2)
or not.

I am not sure why the errors are intermittent.  Sometimes the errors
puts "stunnel" in a state that it will not give anything but errors.
Only restarting "stunnel" makes the errors go away.



-- 
Best regards,

Partha Saha, Ph.D.
Software Manager,
Innomedia, inc.

---------
One who knows NOT and knows that he knows NOT:
he is a student, teach him.
One who knows NOT and knows NOT that he knows NOT:
he is a fool, shun him.
One who knows and knows NOT that he knows:
he is asleep, wake him.
One who knows and knows that he knows:
he is the teacher, seek him.

[prev in list] [next in list] [prev in thread] [next in thread]