[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: Re: [stunnel-users] problem with stunnel 4.36 (server mode),
From: "Jose Alf." <josealf () rocketmail ! com>
Date: 2011-05-15 2:20:55
Message-ID: 611138.33175.qm () web130108 ! mail ! mud ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Laurent,
Does it works fine with a previous version? If so, What's the lates version that
works?
If you google for "bind#1: Invalid argument (22) aix stunnel" you will find a
mail thread with a similar issue.
Regards,
Jose
________________________________
From: "laurent.uk@bnpparibas.com" <laurent.uk@bnpparibas.com>
To: stunnel-users@stunnel.org
Sent: Fri, May 13, 2011 6:39:29 AM
Subject: [stunnel-users] problem with stunnel 4.36 (server mode), error after
the 1st connexion
Hi everyone,
i have installed the stunnel 4.36 today and now i have some errors...
The 1st connexion is working fine :
011.05.13 13:23:44 LOG5[1802366:1]: Reading configuration from file
/opt/freeware/etc/stunnel/stunnel_server_level1.conf
2011.05.13 13:23:44 LOG7[1802366:1]: Snagged 64 random bytes from //.rnd
2011.05.13 13:23:44 LOG7[1802366:1]: Wrote 1024 new random bytes to //.rnd
2011.05.13 13:23:44 LOG7[1802366:1]: PRNG seeded successfully
2011.05.13 13:23:44 LOG7[1802366:1]: Using DH parameters from
/opt/freeware/etc/stunnel/ca_nopass.pem
2011.05.13 13:23:44 LOG6[1802366:1]: DH initialized with 512 bit key
2011.05.13 13:23:44 LOG7[1802366:1]: ECDH initialized
2011.05.13 13:23:44 LOG7[1802366:1]: Certificate:
/opt/freeware/etc/stunnel/ca_nopass.pem
2011.05.13 13:23:44 LOG7[1802366:1]: Certificate loaded
2011.05.13 13:23:44 LOG7[1802366:1]: Key file:
/opt/freeware/etc/stunnel/ca_nopass.pem
2011.05.13 13:23:44 LOG7[1802366:1]: Private key loaded
2011.05.13 13:23:44 LOG7[1802366:1]: Verify directory set to
/opt/freeware/etc/stunnel/CA_files/
2011.05.13 13:23:44 LOG7[1802366:1]: Added /opt/freeware/etc/stunnel/CA_files/
revocation lookup directory
2011.05.13 13:23:44 LOG7[1802366:1]: Added /opt/freeware/etc/stunnel/CRL_files/
revocation lookup directory
2011.05.13 13:23:44 LOG5[1802366:1]: Peer certificate location
/opt/freeware/etc/stunnel/CA_files/
2011.05.13 13:23:44 LOG7[1802366:1]: SSL context initialized for service pesitip
2011.05.13 13:23:44 LOG5[1802366:1]: Configuration successful
2011.05.13 13:23:44 LOG5[1802366:1]: No limit detected for the number of clients
2011.05.13 13:23:44 LOG7[1802366:1]: signal_pipe: FD=4 allocated (blocking mode)
2011.05.13 13:23:44 LOG7[1802366:1]: signal_pipe: FD=5 allocated (blocking mode)
2011.05.13 13:23:44 LOG7[1802366:1]: accept socket: FD=6 allocated (non-blocking
mode)
2011.05.13 13:23:44 LOG7[1802366:1]: Option SO_REUSEADDR set on accept socket
2011.05.13 13:23:44 LOG7[1802366:1]: Service pesitip bound to 0.0.0.0:10443
2011.05.13 13:23:44 LOG7[1802366:1]: Service pesitip opened FD=6
2011.05.13 13:23:44 LOG7[1802366:1]: Created pid file
/var/adm/stunnel_server_level1.pid
2011.05.13 13:23:44 LOG5[1802366:1]: stunnel 4.36 on powerpc-ibm-aix5.2.0.0 with
OpenSSL 0.9.8k 25 Mar 2009
2011.05.13 13:23:44 LOG5[1802366:1]: Threading:PTHREAD SSL:ENGINE Auth:none
Sockets:POLL, IPv6
2011.05.13 13:28:36 LOG7[1802366:1]: local socket: FD=7 allocated (non-blocking
mode)
2011.05.13 13:28:36 LOG7[1802366:1]: Service pesitip accepted FD=7 from
10.254.181.230:2991
2011.05.13 13:28:36 LOG7[1802366:258]: Service pesitip started
2011.05.13 13:28:36 LOG7[1802366:258]: Option TCP_NODELAY set on local socket
2011.05.13 13:28:36 LOG5[1802366:258]: Service pesitip accepted connection from
10.254.181.230:2991
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): before/accept
initialization
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 read client
hello A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write server
hello A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write
certificate A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 write
certificate request A
2011.05.13 13:28:36 LOG7[1802366:258]: SSL state (accept): SSLv3 flush data
2011.05.13 13:28:37 LOG7[1802366:258]: Starting certificate verification:
depth=1, /O=SWIFT
2011.05.13 13:28:37 LOG5[1802366:258]: Certificate accepted: depth=1, /O=SWIFT
2011.05.13 13:28:37 LOG7[1802366:258]: Starting certificate verification:
depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:28:37 LOG5[1802366:258]: Certificate accepted: depth=0,
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read client
certificate A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read client key
exchange A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read
certificate verify A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 read finished A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 write change
cipher spec A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 write finished
A
2011.05.13 13:28:37 LOG7[1802366:258]: SSL state (accept): SSLv3 flush data
2011.05.13 13:28:37 LOG7[1802366:258]: 1 items in the session cache
2011.05.13 13:28:37 LOG7[1802366:258]: 0 client connects (SSL_connect())
2011.05.13 13:28:37 LOG7[1802366:258]: 0 client connects that finished
2011.05.13 13:28:37 LOG7[1802366:258]: 0 client renegotiations requested
2011.05.13 13:28:37 LOG7[1802366:258]: 1 server connects (SSL_accept())
2011.05.13 13:28:37 LOG7[1802366:258]: 1 server connects that finished
2011.05.13 13:28:37 LOG7[1802366:258]: 0 server renegotiations requested
2011.05.13 13:28:37 LOG7[1802366:258]: 0 session cache hits
2011.05.13 13:28:37 LOG7[1802366:258]: 0 external session cache hits
2011.05.13 13:28:37 LOG7[1802366:258]: 0 session cache misses
2011.05.13 13:28:37 LOG7[1802366:258]: 0 session cache timeouts
2011.05.13 13:28:37 LOG6[1802366:258]: SSL accepted: new session negotiated
2011.05.13 13:28:37 LOG6[1802366:258]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5
2011.05.13 13:28:37 LOG7[1802366:258]: remote socket: FD=8 allocated
(non-blocking mode)
2011.05.13 13:28:37 LOG6[1802366:258]: connect_blocking: connecting
159.50.5.165:10016
2011.05.13 13:28:37 LOG5[1802366:258]: connect_blocking: connected
159.50.5.165:10016
2011.05.13 13:28:37 LOG5[1802366:258]: Service pesitip connected remote server
from 159.50.5.165:52585
2011.05.13 13:28:37 LOG7[1802366:258]: Remote FD=8 initialized
2011.05.13 13:28:37 LOG7[1802366:258]: Option TCP_NODELAY set on remote socket
2011.05.13 13:31:25 LOG7[1802366:258]: SSL alert (read): warning: close notify
2011.05.13 13:31:25 LOG7[1802366:258]: SSL closed on SSL_read
2011.05.13 13:31:25 LOG7[1802366:258]: Sending socket write shutdown
2011.05.13 13:31:25 LOG3[1802366:258]: readsocket: Connection reset by peer (73)
2011.05.13 13:31:25 LOG5[1802366:258]: Connection reset: 275 bytes sent to SSL,
17935 bytes sent to socket
2011.05.13 13:31:25 LOG7[1802366:258]: Service pesitip finished (0 left)
2011.05.13 13:31:25 LOG7[1802366:258]: str_stats: 36 blocks, 4350 bytes
but when its the second i always have the error :
011.05.13 13:32:19 LOG7[1802366:1]: local socket: FD=7 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG7[1802366:1]: Service pesitip accepted FD=7 from
10.254.181.230:3007
2011.05.13 13:32:19 LOG7[1802366:259]: Service pesitip started
2011.05.13 13:32:19 LOG7[1802366:259]: Option TCP_NODELAY set on local socket
2011.05.13 13:32:19 LOG5[1802366:259]: Service pesitip accepted connection from
10.254.181.230:3007
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): before/accept
initialization
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client
hello A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write server
hello A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write
certificate A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write
certificate request A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 flush data
2011.05.13 13:32:19 LOG7[1802366:259]: Starting certificate verification:
depth=1, /O=SWIFT
2011.05.13 13:32:19 LOG6[1802366:259]: CERT: Verification not enabled
2011.05.13 13:32:19 LOG5[1802366:259]: Certificate accepted: depth=1, /O=SWIFT
2011.05.13 13:32:19 LOG7[1802366:259]: Starting certificate verification:
depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:32:19 LOG6[1802366:259]: CERT: Verification not enabled
2011.05.13 13:32:19 LOG5[1802366:259]: Certificate accepted: depth=0,
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client
certificate A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client key
exchange A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read
certificate verify A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read finished A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write change
cipher spec A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 write finished
A
2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 flush data
2011.05.13 13:32:19 LOG7[1802366:259]: 2 items in the session cache
2011.05.13 13:32:19 LOG7[1802366:259]: 0 client connects (SSL_connect())
2011.05.13 13:32:19 LOG7[1802366:259]: 0 client connects that finished
2011.05.13 13:32:19 LOG7[1802366:259]: 0 client renegotiations requested
2011.05.13 13:32:19 LOG7[1802366:259]: 2 server connects (SSL_accept())
2011.05.13 13:32:19 LOG7[1802366:259]: 2 server connects that finished
2011.05.13 13:32:19 LOG7[1802366:259]: 0 server renegotiations requested
2011.05.13 13:32:19 LOG7[1802366:259]: 0 session cache hits
2011.05.13 13:32:19 LOG7[1802366:259]: 0 external session cache hits
2011.05.13 13:32:19 LOG7[1802366:259]: 0 session cache misses
2011.05.13 13:32:19 LOG7[1802366:259]: 0 session cache timeouts
2011.05.13 13:32:19 LOG6[1802366:259]: SSL accepted: new session negotiated
2011.05.13 13:32:19 LOG6[1802366:259]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5
2011.05.13 13:32:19 LOG7[1802366:259]: socket#1: FD=8 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG7[1802366:259]: socket#2: FD=9 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG7[1802366:259]: bind#1: Invalid argument (22)
2011.05.13 13:32:19 LOG7[1802366:259]: bind#2: Invalid argument (22)
2011.05.13 13:32:19 LOG7[1802366:259]: accept: FD=10 allocated (non-blocking
mode)
2011.05.13 13:32:19 LOG6[1802366:259]: Local mode child started (PID=614488)
2011.05.13 13:32:19 LOG7[1802366:259]: Remote FD=10 initialized
2011.05.13 13:32:19 LOG7[1802366:259]: Option TCP_NODELAY set on remote socket
2011.05.13 13:32:19 LOG3[1802366:259]: transfer: s_poll_wait: Invalid argument
(22)
2011.05.13 13:32:19 LOG3[614488:259]: : No such file or directory (2)
2011.05.13 13:32:19 LOG5[1802366:259]: Connection reset: 0 bytes sent to SSL, 0
bytes sent to socket
my configuration file is :
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode
cert = /opt/freeware/etc/stunnel/ca_nopass.pem
foreground = yes
syslog = yes
; Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = SSLv3
sslVersion = all
;ciphers = DES-CBC-SHA:
;ciphers = DES-CBC3-SHA:IDEA-CBC-MD5
; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /usr/local/stunnel/var/lib/stunnel
;chroot = /tmp/
;setuid = root
;setgid = other
; PID is created inside chroot jail
pid = /var/adm/stunnel_server_level1.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
;options = Options_SSL
; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
CApath = /opt/freeware/etc/stunnel/CA_files/
; It's often easier to use CAfile
;CAfile = /opt/freeware/etc/stunnel/ca.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
CRLpath = /opt/freeware/etc/stunnel/CRL_files/
; Alternatively you can use CRLfile
;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
; Use it for client mode
client = no
; Service-level configuration
[pesitip]
accept = 10443
connect = XXXXXXXXXXXXX:10016
Can you help me to find a solution for this problem please?
Thanks you very much.
Laurent UK
This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
Do not print this message unless it is necessary,
consider the environment.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
N'imprimez ce message que si necessaire,
pensez a l'environnement.
[Attachment #5 (text/html)]
<html><head><style type="text/css"><!-- DIV {margin:0px;} \
--></style></head><body><div style="font-family:bookman old style,new \
york,times,serif;font-size:12pt"><div>Hi Laurent,<br><br>Does it works fine with a \
previous version? If so, What's the lates version that works?<br><br>If you google \
for "bind#1: Invalid argument (22) aix stunnel" you will find a mail thread \
with a similar issue.<br><br>Regards,<br>Jose<br></div><div \
style="font-family:bookman old style, new york, times, serif;font-size:12pt"><br><div \
style="font-family:times new roman, new york, times, serif;font-size:12pt"><font \
face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: \
bold;">From:</span></b> "laurent.uk@bnpparibas.com" \
<laurent.uk@bnpparibas.com><br><b><span style="font-weight: \
bold;">To:</span></b> stunnel-users@stunnel.org<br><b><span style="font-weight: \
bold;">Sent:</span></b> Fri, May 13, 2011 6:39:29 AM<br><b><span style="font-weight: \
bold;">Subject:</span></b> [stunnel-users] problem with stunnel 4.36 (server mode), \
error after the 1st connexion<br></font><br>
<br><font face="sans-serif" size="2">Hi everyone,</font>
<br>
<br><font face="sans-serif" size="2">i have installed the stunnel 4.36 today
and now i have some errors...</font>
<br>
<br><font face="sans-serif" size="2">The 1st connexion is working fine :</font>
<br>
<table border="1" width="100%">
<tbody><tr valign="top">
<td width="100%"><font face="sans-serif" size="2">011.05.13 13:23:44 LOG5[1802366:1]:
Reading configuration from file \
/opt/freeware/etc/stunnel/stunnel_server_level1.conf</font> <br><font \
face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]: Snagged 64 random \
bytes from //.rnd</font> <br><font face="sans-serif" size="2">2011.05.13 13:23:44 \
LOG7[1802366:1]: Wrote 1024 new random bytes to //.rnd</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
PRNG seeded successfully</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Using DH parameters from /opt/freeware/etc/stunnel/ca_nopass.pem</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG6[1802366:1]:
DH initialized with 512 bit key</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
ECDH initialized</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Certificate: /opt/freeware/etc/stunnel/ca_nopass.pem</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Certificate loaded</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Key file: /opt/freeware/etc/stunnel/ca_nopass.pem</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Private key loaded</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Verify directory set to /opt/freeware/etc/stunnel/CA_files/</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Added /opt/freeware/etc/stunnel/CA_files/ revocation lookup directory</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Added /opt/freeware/etc/stunnel/CRL_files/ revocation lookup directory</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG5[1802366:1]:
Peer certificate location /opt/freeware/etc/stunnel/CA_files/</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
SSL context initialized for service pesitip</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG5[1802366:1]:
Configuration successful</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG5[1802366:1]:
No limit detected for the number of clients</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
signal_pipe: FD=4 allocated (blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
signal_pipe: FD=5 allocated (blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
accept socket: FD=6 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Option SO_REUSEADDR set on accept socket</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Service pesitip bound to 0.0.0.0:10443</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Service pesitip opened FD=6</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG7[1802366:1]:
Created pid file /var/adm/stunnel_server_level1.pid</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG5[1802366:1]:
stunnel 4.36 on powerpc-ibm-aix5.2.0.0 with OpenSSL 0.9.8k 25 Mar 2009</font>
<br><font face="sans-serif" size="2">2011.05.13 13:23:44 LOG5[1802366:1]:
Threading:PTHREAD SSL:ENGINE Auth:none Sockets:POLL, IPv6</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:1]:
local socket: FD=7 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:1]:
Service pesitip accepted FD=7 from 10.254.181.230:2991</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
Service pesitip started</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
Option TCP_NODELAY set on local socket</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG5[1802366:258]:
Service pesitip accepted connection from 10.254.181.230:2991</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
SSL state (accept): before/accept initialization</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
SSL state (accept): SSLv3 read client hello A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
SSL state (accept): SSLv3 write server hello A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
SSL state (accept): SSLv3 write certificate A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
SSL state (accept): SSLv3 write certificate request A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:36 LOG7[1802366:258]:
SSL state (accept): SSLv3 flush data</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
Starting certificate verification: depth=1, /O=SWIFT</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG5[1802366:258]:
Certificate accepted: depth=1, /O=SWIFT</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
Starting certificate verification: depth=0, \
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts</font> <br><font \
face="sans-serif" size="2">2011.05.13 13:28:37 LOG5[1802366:258]: Certificate \
accepted: depth=0, /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 read client certificate A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 read client key exchange A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 read certificate verify A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 read finished A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 write change cipher spec A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 write finished A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
SSL state (accept): SSLv3 flush data</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
1 items in the session cache</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 client connects (SSL_connect())</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 client connects that finished</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 client renegotiations requested</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
1 server connects (SSL_accept())</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
1 server connects that finished</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 server renegotiations requested</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 session cache hits</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 external session cache hits</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 session cache misses</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
0 session cache timeouts</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG6[1802366:258]:
SSL accepted: new session negotiated</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG6[1802366:258]:
Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
remote socket: FD=8 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG6[1802366:258]:
connect_blocking: connecting 159.50.5.165:10016</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG5[1802366:258]:
connect_blocking: connected 159.50.5.165:10016</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG5[1802366:258]:
Service pesitip connected remote server from 159.50.5.165:52585</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
Remote FD=8 initialized</font>
<br><font face="sans-serif" size="2">2011.05.13 13:28:37 LOG7[1802366:258]:
Option TCP_NODELAY set on remote socket</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG7[1802366:258]:
SSL alert (read): warning: close notify</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG7[1802366:258]:
SSL closed on SSL_read</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG7[1802366:258]:
Sending socket write shutdown</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG3[1802366:258]:
readsocket: Connection reset by peer (73)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG5[1802366:258]:
Connection reset: 275 bytes sent to SSL, 17935 bytes sent to socket</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG7[1802366:258]:
Service pesitip finished (0 left)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:31:25 LOG7[1802366:258]:
str_stats: 36 blocks, 4350 bytes</font></td></tr></tbody></table>
<br>
<br><font face="sans-serif" size="2">but when its the second i always have
the error :</font>
<br>
<table border="1" width="100%">
<tbody><tr valign="top">
<td width="100%"><font face="sans-serif" size="2">011.05.13 13:32:19 LOG7[1802366:1]:
local socket: FD=7 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:1]:
Service pesitip accepted FD=7 from 10.254.181.230:3007</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
Service pesitip started</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
Option TCP_NODELAY set on local socket</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG5[1802366:259]:
Service pesitip accepted connection from 10.254.181.230:3007</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): before/accept initialization</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 read client hello A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 write server hello A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 write certificate A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 write certificate request A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 flush data</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
Starting certificate verification: depth=1, /O=SWIFT</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG6[1802366:259]:
CERT: Verification not enabled</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG5[1802366:259]:
Certificate accepted: depth=1, /O=SWIFT</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
Starting certificate verification: depth=0, \
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts</font> <br><font \
face="sans-serif" size="2">2011.05.13 13:32:19 LOG6[1802366:259]:
CERT: Verification not enabled</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG5[1802366:259]:
Certificate accepted: depth=0, \
/C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts</font> <br><font \
face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): \
SSLv3 read client certificate A</font> <br><font face="sans-serif" \
size="2">2011.05.13 13:32:19 LOG7[1802366:259]: SSL state (accept): SSLv3 read client \
key exchange A</font> <br><font face="sans-serif" size="2">2011.05.13 13:32:19 \
LOG7[1802366:259]: SSL state (accept): SSLv3 read certificate verify A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 read finished A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 write change cipher spec A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 write finished A</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
SSL state (accept): SSLv3 flush data</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
2 items in the session cache</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 client connects (SSL_connect())</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 client connects that finished</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 client renegotiations requested</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
2 server connects (SSL_accept())</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
2 server connects that finished</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 server renegotiations requested</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 session cache hits</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 external session cache hits</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 session cache misses</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
0 session cache timeouts</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG6[1802366:259]:
SSL accepted: new session negotiated</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG6[1802366:259]:
Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
socket#1: FD=8 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
socket#2: FD=9 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
</font><font color="red" face="sans-serif" size="2">bind#1: Invalid argument
(22)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
</font><font color="red" face="sans-serif" size="2">bind#2: Invalid argument
(22)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
accept: FD=10 allocated (non-blocking mode)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG6[1802366:259]:
Local mode child started (PID=614488)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
Remote FD=10 initialized</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG7[1802366:259]:
Option TCP_NODELAY set on remote socket</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG3[1802366:259]:
</font><font color="red" face="sans-serif" size="2">transfer: s_poll_wait:
Invalid argument (22)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG3[614488:259]:
> </font><font color="red" face="sans-serif" size="2">No such file or directory
(2)</font>
<br><font face="sans-serif" size="2">2011.05.13 13:32:19 LOG5[1802366:259]:
Connection reset: 0 bytes sent to SSL, 0 bytes sent to \
socket</font></td></tr></tbody></table> <br>
<br><font face="sans-serif" size="2">my configuration file is :</font>
<br>
<table border="1" width="100%">
<tbody><tr valign="top">
<td width="100%"><font face="sans-serif" size="2">; Sample stunnel configuration
file by Michal Trojnara 2002-2006</font>
<br><font face="sans-serif" size="2">; Some options used here may not be
adequate for your particular configuration</font>
<br><font face="sans-serif" size="2">; Please make sure you understand them
(especially the effect of chroot jail)</font>
<br>
<br><font face="sans-serif" size="2">; Certificate/key is needed in server
mode and optional in client mode</font>
<br><font face="sans-serif" size="2">cert = \
/opt/freeware/etc/stunnel/ca_nopass.pem</font> <br><font face="sans-serif" \
size="2">foreground = yes</font> <br><font face="sans-serif" size="2">syslog = \
yes</font> <br><font face="sans-serif" size="2">; Protocol version (all, SSLv2, \
SSLv3, TLSv1)</font>
<br><font face="sans-serif" size="2">;sslVersion = SSLv3</font>
<br><font face="sans-serif" size="2">sslVersion = all</font>
<br><font face="sans-serif" size="2">;ciphers = DES-CBC-SHA:</font>
<br><font face="sans-serif" size="2">;ciphers = DES-CBC3-SHA:IDEA-CBC-MD5</font>
<br><font face="sans-serif" size="2">; Some security enhancements for UNIX
systems - comment them out on Win32</font>
<br><font face="sans-serif" size="2">;chroot = \
/usr/local/stunnel/var/lib/stunnel</font> <br><font face="sans-serif" \
size="2">;chroot = /tmp/</font> <br><font face="sans-serif" size="2">;setuid = \
root</font> <br><font face="sans-serif" size="2">;setgid = other</font>
<br><font face="sans-serif" size="2">; PID is created inside chroot jail</font>
<br><font face="sans-serif" size="2">pid = /var/adm/stunnel_server_level1.pid</font>
<br>
<br><font face="sans-serif" size="2">; Some performance tunings</font>
<br><font face="sans-serif" size="2">socket = l:TCP_NODELAY=1</font>
<br><font face="sans-serif" size="2">socket = r:TCP_NODELAY=1</font>
<br><font face="sans-serif" size="2">;compression = rle</font>
<br>
<br><font face="sans-serif" size="2">; Workaround for Eudora bug</font>
<br><font face="sans-serif" size="2">;options = DONT_INSERT_EMPTY_FRAGMENTS</font>
<br><font face="sans-serif" size="2">;options = Options_SSL</font>
<br><font face="sans-serif" size="2">; Authentication stuff</font>
<br><font face="sans-serif" size="2">verify = 3</font>
<br><font face="sans-serif" size="2">; Don't forget to c_rehash CApath</font>
<br><font face="sans-serif" size="2">; CApath is located inside chroot jail</font>
<br><font face="sans-serif" size="2">CApath = \
/opt/freeware/etc/stunnel/CA_files/</font> <br><font face="sans-serif" size="2">; \
It's often easier to use CAfile</font> <br><font face="sans-serif" size="2">;CAfile = \
/opt/freeware/etc/stunnel/ca.pem</font> <br><font face="sans-serif" size="2">; Don't \
forget to c_rehash CRLpath</font> <br><font face="sans-serif" size="2">; CRLpath is \
located inside chroot jail</font> <br><font face="sans-serif" size="2">CRLpath = \
/opt/freeware/etc/stunnel/CRL_files/</font> <br><font face="sans-serif" size="2">; \
Alternatively you can use CRLfile</font> <br><font face="sans-serif" \
size="2">;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem</font> <br>
<br><font face="sans-serif" size="2">; Some debugging stuff useful for \
troubleshooting</font> <br><font face="sans-serif" size="2">debug = 7</font>
<br>
<br><font face="sans-serif" size="2">; Use it for client mode</font>
<br><font face="sans-serif" size="2">client = no</font>
<br><font face="sans-serif" size="2">; Service-level configuration</font>
<br>
<br><font face="sans-serif" size="2">[pesitip]</font>
<br><font face="sans-serif" size="2">accept = 10443</font>
<br><font face="sans-serif" size="2">connect = \
XXXXXXXXXXXXX:10016</font></td></tr></tbody></table> <br>
<br><font face="sans-serif" size="2">Can you help me to find a solution for
this problem please?</font>
<br>
<br><font face="sans-serif" size="2">Thanks you very much.</font>
<br><font face="sans-serif" size="2"><br>
Laurent UK<br>
</font><font face="monospace"><br>
<br>
<br>
<br>
This message and any attachments (the "message") is<br>
intended solely for the addressees and is confidential. <br>
If you receive this message in error, please delete it and <br>
immediately notify the sender. Any use not in accord with <br>
its purpose, any dissemination or disclosure, either whole <br>
or partial, is prohibited except formal approval. The internet<br>
can not guarantee the integrity of this message. <br>
BNP PARIBAS (and its subsidiaries) shall (will) not <br>
therefore be liable for the message if modified. <br>
Do not print this message unless it is necessary,<br>
consider the environment.<br>
<br>
\
---------------------------------------------<br> <br>
Ce message et toutes les pieces jointes (ci-apres le <br>
"message") sont etablis a l'intention exclusive de ses <br>
destinataires et sont confidentiels. Si vous recevez ce <br>
message par erreur, merci de le detruire et d'en avertir <br>
immediatement l'expediteur. Toute utilisation de ce <br>
message non conforme a sa destination, toute diffusion <br>
ou toute publication, totale ou partielle, est interdite, sauf <br>
autorisation expresse. L'internet ne permettant pas <br>
d'assurer l'integrite de ce message, BNP PARIBAS (et ses<br>
filiales) decline(nt) toute responsabilite au titre de ce <br>
message, dans l'hypothese ou il aurait ete modifie.<br>
N'imprimez ce message que si necessaire,<br>
pensez a l'environnement.</font></div></div>
</div></body></html>
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic