[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: Re: [stunnel-users] Stunnel stuck at SSL state
From: Jack Liu <jackliu92 () hotmail ! com>
Date: 2011-04-27 17:41:59
Message-ID: COL116-W330761CA0A31F3A7A0D5BEB7980 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Okay no problem.
I am hosting a private Socket5 proxy with 3Proxy, adding Stunnel to it can encrypte \
data so it can secure my data when I am connecting through an unsecured network. Eg.
My Computer--->Proxycap(or other proxy \
soft)--(local)-->Stunnel(encryption,client)--->Unsecured WLAN(or \
network)--->Gateway&Network--->Stunnel(Decryption, server) \
--(local)-->3Proxy--->Gateway&Network--->Final destination If someone is hijacking my \
data with unsecured wireless, they wont easily see that I am sending. This is what I \
needed for.
**WLAN: Wireless LAN**
The other thing you can do:
My Computer--->Proxycap(or other proxy \
soft)--(local)-->Stunnel(encryption,client)--->Filter(Unable to analysis \
data)--->Gateway&Network--->Stunnel(Decryption, server) \
--(local)-->3Proxy--->Gateway&Network--->Final destination If there is a web filter \
in the network, most them should not be able to filter encrypted data. This is what I \
found out later on.
One thing I not sure is that I think your ISP will not know what site r u visiting by \
using Stunnel, but I think they can find out that your are sending some \
unknown(encrypted) data to some IP. However the ISP on my VPS will know what site did \
I visited for sure.
Thank you!
Mr. Jack
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept):before/accept \
initialization
To: jackliu92@hotmail.com; stunnel-users@stunnel.org
From: josealf@rocketmail.com
Date: Wed, 27 Apr 2011 10:05:06 +0000
Jack,
No need to apologize. There are no stupid questions... but those are the easiest to \
solve ;-)
It is not a waste of time if we all learn something, and I still don't know what you \
are doing with this combination of stunnel and 3proxy. So please, enlighten me. It \
could be useful for any of us. Thanks.
Jose
From: Jack Liu <jackliu92@hotmail.com>
Date: Tue, 26 Apr 2011 23:59:59 -0600
To: <josealf@rocketmail.com>; <stunnel-users@stunnel.org>
Subject: RE: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization
Thank you for replying...
I just solved all my problem out 5 minutes ago, since I was busy today, or else I \
would solve this earlier.
The problem was cause by misconfiguration/misunderstanding between client and server.
Then, I was sending my request to the server directly instead of sending it to \
127.0.0.1:xxxx (Stunnel client)
Now I figured everything out, and I am sorry for taking your time for a stupid \
question like this. Thanks again for everyone who have helped me and have a great \
day!
Date: Tue, 26 Apr 2011 21:02:31 -0700
From: josealf@rocketmail.com
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization
To: jackliu92@hotmail.com
CC: stunnel-users@stunnel.org
Jack,
Looks like you're getting closer... but I don't know where you're going :-)
I want to understand better your problem. So please help me:
1. Exactly what are you trying to acomplish? So far, I see that your stunnel is \
configured as a client to your 3proxy server. 2. What does the 3proxy server do? \
What's behind it? Does it works as a SSL server? The error you see suggests it is not \
speaking SSLV3.
Best regards
Jose
From: Jack Liu <jackliu92@hotmail.com>
To: Jack Liu <jackliu92@hotmail.com>; stunnel-users@stunnel.org
Sent: Tue, April 26, 2011 12:01:16 PM
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization
After adding
client = yes into cfg, problem fixed, howerver, new problem created:
2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from \
xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 \
allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: \
connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 \
LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 \
seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected \
127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected \
remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote \
FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set \
on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): \
before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state \
(connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL \
alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: \
SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version \
number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to \
SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service \
3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching \
signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child \
process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: \
Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing \
pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix:
2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake \
failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: \
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Thank you!
Mr. Jack
From: jackliu92@hotmail.com
To: sunyucong@gmail.com; stunnel-users@stunnel.org
Date: Mon, 25 Apr 2011 21:26:58 -0600
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else.
I am positive that this problem is not cause by iptables, becuase I tried with \
iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
> From: sunyucong@gmail.com
> Date: Mon, 25 Apr 2011 20:00:30 -0700
> Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
> initialization
> To: jackliu92@hotmail.com
> CC: stunnel-users@stunnel.org
>
> I guess in centos that's /var/log/messages
> but in general, you should probably check everything in /var/log to make sure.
>
> On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu <jackliu92@hotmail.com> wrote:
> > Thank you for helping, but both logs r not presented in my var/log/ dir. Any
> > other suggestions?
> >
> >
> > Mr. Jack
> >
> >
> >
> >
> >
> > > From: sunyucong@gmail.com
> > > Date: Mon, 25 Apr 2011 16:25:20 -0700
> > > Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept):
> > > before/accept initialization
> > > To: jackliu92@hotmail.com
> > > CC: stunnel-users@stunnel.org
> > >
> > > Are you sure that's entire log? check /var/log/daemons.log and
> > > syslog.log as well.
> > >
> > > On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu <jackliu92@hotmail.com> wrote:
> > > > It anyone knows how to fix Stunnel stuck at SSL state (accept):
> > > > before/accept initialization???
> > > >
> > > > Here is the log:
> > > >
> > > > -----------------------------------------------------------------------------------------------------------
> > > > [root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from
> > > > /root/.rnd
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes
> > > > to
> > > > /root/.rnd
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims
> > > > sufficient
> > > > entropy for the PRNG
> > > > 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate:
> > > > /etc/stunnel/stunnel.pem
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file:
> > > > /etc/stunnel/stunnel.pem
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to
> > > > /etc/stunnel/CA
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to
> > > > /etc/stunnel/CRL
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for
> > > > service 3proxy
> > > > 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on
> > > > i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> > > > 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE
> > > > Sockets:POLL,IPv6 Auth:LIBWRAP
> > > > 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be
> > > > changed with 'ulimit -n')
> > > > 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE
> > > > limit for file descriptors
> > > > 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on
> > > > accept socket
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to
> > > > 0.0.0.0:30001
> > > > 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file
> > > > /var/run/stunnel.pid
> > > > 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from
> > > > xx.xxx.xxx.xx:41165
> > > > 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started
> > > > 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode
> > > > 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode
> > > > 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode
> > > > 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe
> > > > 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished
> > > > with code 0
> > > > 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from
> > > > xx.xxx.xxx.xx:41165 permitted by libwrap
> > > > 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from
> > > > xx.xxx.xxx.xx:41165
> > > > 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept):
> > > > before/accept initialization <-----------------------Stuck here
> > > > forever!!!
> > > > 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly
> > > > disconnected
> > > > 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes
> > > > sent
> > > > to SSL, 0 bytes sent to socket
> > > > 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left)
> > > > 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2;
> > > > terminating
> > > > 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file
> > > > /var/run/stunnel.pid
> > > > [root@vps1 ~]#
> > > >
> > > > -----------------------------------------------------------------------------------------------------------
> > > > stunnel.conf:
> > > > cert = /etc/stunnel/stunnel.pem
> > > > key = /etc/stunnel/stunnel.pem
> > > > CApath = /etc/stunnel/CA
> > > > CRLpath = /etc/stunnel/CRL
> > > > debug = 7
> > > > foreground = yes
> > > > verify = 1
> > > > #
> > > > [3proxy]
> > > > accept = 30001
> > > > connect = 127.0.0.1:33135
> > > >
> > > > -----------------------------------------------------------------------------------------------------------
> > > >
> > > > I am hosting with CentOS 5.5, and installed Stunnel via yum.
> > > > Planning to use it with 3Proxy. However I experience the problem above,
> > > > can
> > > > someone please help with that?
> > > > Thank you very much!
> > > >
> > > >
> > > >
> > > > Mr. Jack
> > > >
> > > > _______________________________________________
> > > > stunnel-users mailing list
> > > > stunnel-users@stunnel.org
> > > > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> > > >
> > > >
> >
_______________________________________________ stunnel-users mailing list \
stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users \
[Attachment #5 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Okay no problem.<BR>
<BR>
I am hosting a private Socket5 proxy with 3Proxy, adding Stunnel to it can encrypte \
data so it can secure my data when I am connecting through an unsecured network.<BR> \
Eg.<BR> My Computer--->Proxycap(or other proxy \
soft)--(local)-->Stunnel(encryption,client)--->Unsecured WLAN(or \
network)--->Gateway&Network--->Stunnel(Decryption, server) \
--(local)-->3Proxy--->Gateway&Network--->Final destination<BR>If someone \
is hijacking my data with unsecured wireless, they wont easily see that I am sending. \
This is what I needed for.<BR>
**WLAN: Wireless LAN**<BR>
<BR>
The other thing you can do:<BR>
My Computer--->Proxycap(or other proxy \
soft)--(local)-->Stunnel(encryption,client)--->Filter(Unable to analysis \
data)--->Gateway&Network--->Stunnel(Decryption, server) \
--(local)-->3Proxy--->Gateway&Network--->Final destination<BR> If there \
is a web filter in the network, most them should not be able to filter encrypted \
data. This is what I found out later on.<BR> <BR>
One thing I not sure is that I think your ISP will not know what site r u visiting by \
using Stunnel, but I think they can find out that your are sending some \
unknown(encrypted) data to some IP. However the ISP on my VPS will know what site did \
I visited for sure.<BR> <BR>
Thank you!<BR>
<BR>Mr. Jack<BR> <BR> <BR>
<HR id=stopSpelling>
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept):before/accept \
initialization<BR>To: jackliu92@hotmail.com; stunnel-users@stunnel.org<BR>From: \
josealf@rocketmail.com<BR>Date: Wed, 27 Apr 2011 10:05:06 +0000<BR><BR> <META \
name=Generator content="Microsoft SafeHTML"> <STYLE>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</STYLE>
Jack,<BR><BR>No need to apologize. There are no stupid questions... but those are the \
easiest to solve ;-)<BR><BR>It is not a waste of time if we all learn something, and \
I still don't know what you are doing with this combination of stunnel and 3proxy. So \
please, enlighten me. It could be useful for any of us. Thanks.<BR><BR>Jose <HR>
<DIV><B>From: </B>Jack Liu <jackliu92@hotmail.com> </DIV>
<DIV><B>Date: </B>Tue, 26 Apr 2011 23:59:59 -0600</DIV>
<DIV><B>To: </B><josealf@rocketmail.com>; \
<stunnel-users@stunnel.org></DIV> <DIV><B>Subject: </B>RE: [stunnel-users] \
Stunnel stuck at SSL state (accept): before/accept initialization</DIV> \
<DIV><BR></DIV>Thank you for replying...<BR>I just solved all my problem out 5 \
minutes ago, since I was busy today, or else I would solve this \
earlier.<BR> <BR>The problem was cause by misconfiguration/misunderstanding \
between client and server.<BR>Then, I was sending my request to the server directly \
instead of sending it to 127.0.0.1:xxxx (Stunnel client)<BR> <BR>Now I figured \
everything out, and I am sorry for taking your time for a stupid question \
like this.<BR>Thanks again for everyone who have helped me and have a great \
day!<BR> <BR> <HR id=ecxstopSpelling>
Date: Tue, 26 Apr 2011 21:02:31 -0700<BR>From: josealf@rocketmail.com<BR>Subject: Re: \
[stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization<BR>To: jackliu92@hotmail.com<BR>CC: stunnel-users@stunnel.org<BR><BR> \
<STYLE>
.ExternalClass DIV
{;}
</STYLE>
<DIV style="FONT-FAMILY: bookman old style, new york, times, serif; FONT-SIZE: 12pt">
<DIV>Jack,</DIV>
<DIV> </DIV>
<DIV>Looks like you're getting closer... but I don't know where you're going \
:-)</DIV> <DIV> </DIV>
<DIV>I want to understand better your problem. So please help me:</DIV>
<DIV> </DIV>
<DIV>1. Exactly what are you trying to acomplish? So far, I see that your \
stunnel is configured as a client to your 3proxy server. </DIV> <DIV>2. \
What does the 3proxy server do? What's behind it? Does it works as a SSL server? The \
error you see suggests it is not speaking SSLV3.<BR></DIV> <DIV>Best regards</DIV>
<DIV>Jose</DIV>
<DIV style="FONT-FAMILY: bookman old style, new york, times, serif; FONT-SIZE: \
12pt"><BR> <DIV style="FONT-FAMILY: times new roman, new york, times, serif; \
FONT-SIZE: 12pt"><FONT size=2 face=Tahoma> <HR SIZE=1>
<B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Jack Liu \
<jackliu92@hotmail.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> \
Jack Liu <jackliu92@hotmail.com>; stunnel-users@stunnel.org<BR><B><SPAN \
style="FONT-WEIGHT: bold">Sent:</SPAN></B> Tue, April 26, 2011 12:01:16 \
PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: [stunnel-users] \
Stunnel stuck at SSL state (accept): before/accept initialization<BR></FONT><BR> \
<STYLE>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</STYLE>
After adding<BR>client = yes into cfg, problem fixed, howerver, new problem \
created:<BR> <BR>2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy \
accepted connection from xx.xxx.xxx.xx:2017<BR>2011.04.26 10:47:29 \
LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking \
mode)<BR>2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting \
127.0.0.1:30010<BR>2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: \
s_poll_wait 127.0.0.1:30010: waiting 10 seconds<BR>2011.04.26 10:47:29 \
LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010<BR>2011.04.26 \
10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from \
127.0.0.1:59959<BR>2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 \
initialized<BR>2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on \
remote socket<BR>2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): \
before/connect initialization<BR>2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL \
state (connect): SSLv3 write client hello A<BR>2011.04.26 10:47:29 \
LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure<BR>2011.04.26 \
10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL \
routines:SSL3_GET_RECORD:wrong version number<BR>2011.04.26 10:47:29 \
LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to \
socket<BR>2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 \
left)<BR>2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the \
signal pipe<BR>2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 \
terminated on signal 2<BR>2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal \
2; terminating<BR>2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file \
/var/run/stunnel.pid<BR><BR>Anyone have any suggestion how to fix:<BR>2011.04.26 \
10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake \
failure<BR>2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: \
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number<BR> <BR>Thank \
you!<BR><BR>Mr. Jack<BR> <BR><BR><BR><BR> <BR> <HR id=ecxstopSpelling>
From: jackliu92@hotmail.com<BR>To: sunyucong@gmail.com; \
stunnel-users@stunnel.org<BR>Date: Mon, 25 Apr 2011 21:26:58 -0600<BR>Subject: Re: \
[stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization<BR><BR> <STYLE>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</STYLE>
Thx for continuing reply my msg, Yes, there is var/log/messages<BR><BR>Inside there \
only has some iptables log, FTP, SMTP application log and nothing else.<BR>I am \
positive that this problem is not cause by iptables, becuase I tried with iptables \
off.<BR> <BR>Nothing else related to stunnel is found in that \
folder.<BR> <BR>Any other suggestions?<BR><BR>Mr. Jack<BR> <BR>> From: \
sunyucong@gmail.com<BR>> Date: Mon, 25 Apr 2011 20:00:30 -0700<BR>> Subject: \
Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept \
initialization<BR>> To: jackliu92@hotmail.com<BR>> CC: \
stunnel-users@stunnel.org<BR>> <BR>> I guess in centos that's \
/var/log/messages<BR>> but in general, you should probably check everything in \
/var/log to make sure.<BR>> <BR>> On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu \
<jackliu92@hotmail.com> wrote:<BR>> > Thank you for helping, but both \
logs r not presented in my var/log/ dir. Any<BR>> > other suggestions?<BR>> \
><BR>> ><BR>> > Mr. Jack<BR>> ><BR>> ><BR>> \
><BR>> ><BR>> ><BR>> >> From: sunyucong@gmail.com<BR>> \
>> Date: Mon, 25 Apr 2011 16:25:20 -0700<BR>> >> Subject: Re: \
[stunnel-users] Stunnel stuck at SSL state (accept):<BR>> >> before/accept \
initialization<BR>> >> To: jackliu92@hotmail.com<BR>> >> CC: \
stunnel-users@stunnel.org<BR>> >><BR>> >> Are you sure that's \
entire log? check /var/log/daemons.log and<BR>> >> syslog.log as \
well.<BR>> >><BR>> >> On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu \
<jackliu92@hotmail.com> wrote:<BR>> >> > It anyone knows how to fix \
Stunnel stuck at SSL state (accept):<BR>> >> > before/accept \
initialization???<BR>> >> ><BR>> >> > Here is the \
log:<BR>> >> ><BR>> >> > \
-----------------------------------------------------------------------------------------------------------<BR>> \
>> > [root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf<BR>> >> > \
2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from<BR>> \
>> > /root/.rnd<BR>> >> > 2011.04.24 02:25:13 \
LOG7[32174:3085993680]: Wrote 1024 new random bytes<BR>> >> > to<BR>> \
>> > /root/.rnd<BR>> >> > 2011.04.24 02:25:13 \
LOG7[32174:3085993680]: RAND_status claims<BR>> >> > sufficient<BR>> \
>> > entropy for the PRNG<BR>> >> > 2011.04.24 02:25:13 \
LOG6[32174:3085993680]: PRNG seeded successfully<BR>> >> > 2011.04.24 \
02:25:13 LOG7[32174:3085993680]: Certificate:<BR>> >> > \
/etc/stunnel/stunnel.pem<BR>> >> > 2011.04.24 02:25:13 \
LOG7[32174:3085993680]: Key file:<BR>> >> > \
/etc/stunnel/stunnel.pem<BR>> >> > 2011.04.24 02:25:13 \
LOG7[32174:3085993680]: Verify directory set to<BR>> >> > \
/etc/stunnel/CA<BR>> >> > 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL \
directory set to<BR>> >> > /etc/stunnel/CRL<BR>> >> > \
2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for<BR>> \
>> > service 3proxy<BR>> >> > 2011.04.24 02:25:13 \
LOG5[32174:3085993680]: stunnel 4.15 on<BR>> >> > i686-redhat-linux-gnu \
with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008<BR>> >> > 2011.04.24 02:25:13 \
LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE<BR>> >> > \
Sockets:POLL,IPv6 Auth:LIBWRAP<BR>> >> > 2011.04.24 02:25:13 \
LOG6[32174:3085993680]: file ulimit = 1024 (can be<BR>> >> > changed with \
'ulimit -n')<BR>> >> > 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() \
used - no FD_SETSIZE<BR>> >> > limit for file descriptors<BR>> \
>> > 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed<BR>> \
>> > 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking \
mode<BR>> >> > 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in \
non-blocking mode<BR>> >> > 2011.04.24 02:25:13 LOG7[32174:3085993680]: \
FD 5 in non-blocking mode<BR>> >> > 2011.04.24 02:25:13 \
LOG7[32174:3085993680]: SO_REUSEADDR option set on<BR>> >> > accept \
socket<BR>> >> > 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound \
to<BR>> >> > 0.0.0.0:30001<BR>> >> > 2011.04.24 02:25:13 \
LOG7[32174:3085993680]: Created pid file<BR>> >> > \
/var/run/stunnel.pid<BR>> >> > 2011.04.24 02:25:20 \
LOG7[32174:3085993680]: 3proxy accepted FD=6 from<BR>> >> > \
xx.xxx.xxx.xx:41165<BR>> >> > 2011.04.24 02:25:20 LOG7[32174:3085990800]: \
3proxy started<BR>> >> > 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 \
in non-blocking mode<BR>> >> > 2011.04.24 02:25:20 \
LOG7[32174:3085990800]: FD 7 in non-blocking mode<BR>> >> > 2011.04.24 \
02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode<BR>> >> > \
2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe<BR>> \
>> > 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 \
finished<BR>> >> > with code 0<BR>> >> > 2011.04.24 02:25:20 \
LOG7[32174:3085990800]: Connection from<BR>> >> > xx.xxx.xxx.xx:41165 \
permitted by libwrap<BR>> >> > 2011.04.24 02:25:20 \
LOG5[32174:3085990800]: 3proxy connected from<BR>> >> > \
xx.xxx.xxx.xx:41165<BR>> >> > 2011.04.24 02:25:20 LOG7[32174:3085990800]: \
SSL state (accept):<BR>> >> > before/accept \
initialization \
<-----------------------Stuck here<BR>> >> > forever!!!<BR>> \
>> > 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer \
suddenly<BR>> >> > disconnected<BR>> >> > 2011.04.24 02:25:22 \
LOG5[32174:3085990800]: Connection reset: 0 bytes<BR>> >> > sent<BR>> \
>> > to SSL, 0 bytes sent to socket<BR>> >> > 2011.04.24 \
02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left)<BR>> >> > \
2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2;<BR>> >> > \
terminating<BR>> >> > 2011.04.24 02:25:25 LOG7[32174:3085993680]: \
removing pid file<BR>> >> > /var/run/stunnel.pid<BR>> >> > \
[root@vps1 ~]#<BR>> >> ><BR>> >> > \
-----------------------------------------------------------------------------------------------------------<BR>> \
>> > stunnel.conf:<BR>> >> > cert = \
/etc/stunnel/stunnel.pem<BR>> >> > key = /etc/stunnel/stunnel.pem<BR>> \
>> > CApath = /etc/stunnel/CA<BR>> >> > CRLpath = \
/etc/stunnel/CRL<BR>> >> > debug = 7<BR>> >> > foreground = \
yes<BR>> >> > verify = 1<BR>> >> > #<BR>> >> > \
[3proxy]<BR>> >> > accept = 30001<BR>> >> > connect = \
127.0.0.1:33135<BR>> >> ><BR>> >> > \
-----------------------------------------------------------------------------------------------------------<BR>> \
>> ><BR>> >> > I am hosting with CentOS 5.5, and installed \
Stunnel via yum.<BR>> >> > Planning to use it with 3Proxy. However I \
experience the problem above,<BR>> >> > can<BR>> >> > someone \
please help with that?<BR>> >> > Thank you very much!<BR>> >> \
><BR>> >> ><BR>> >> ><BR>> >> > Mr. \
Jack<BR>> >> ><BR>> >> \
>_______________________________________________<BR>> >> > \
stunnel-users mailing list<BR>> >> > stunnel-users@stunnel.org<BR>> \
>> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users<BR>> >> \
><BR>> >> ><BR>> \
><BR><BR>_______________________________________________ stunnel-users mailing \
list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users \
</DIV></DIV></DIV> </body> </html>
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic