Bug 18998 - stunnel hangs
stunnel hangs
Product: Red Hat Linux
Classification: Retired
Component: stunnel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2000-10-12 16:55 EDT by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-12-20 18:11:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-10-12 16:55:24 EDT
stunnel often hangs when transferring 
the last portion of the steam (probably because of openssl library error)
Comment 1 Need Real Name 2000-10-12 17:02:23 EDT
To reproduce this use the following:
1. create test.cgi file
echo 'Content-type: text/html'
exec /bin/cat >/dev/null

Note the cgi must read data from stdin,
(like in POST method).
This is what "exec /bin/cat >/dev/null" for.

then start stunnell
/usr/sbin/stunnel -f -D 7 -d 443 -r 80

Create two files t1 and t2 and use curl compiled with SSL

perl -e 'for(my $x=0;$x<128288;$x++){print " ";}' > /tmp/t1
./src/curl -3 -v -d @/tmp/t1

then do
perl -e 'for(my $x=0;$x<1048576;$x++){print " ";}' > /tmp/t2
./src/curl -3  -d @/tmp/t2

and it works. (note that 1048576=2^20)

in the same time forcing curl to use SSL2 works OK
Then access it from curl
./src/curl -3 -v -d @/tmp/jjjXX

Comment 2 Need Real Name 2000-10-12 17:06:25 EDT
Also stunnel to stunnel work OK when compiled as default,
but It DOES NOT work if you set different buffer sizes in client and server.
To repoduce use:

1. Use standard stunnell (buffer 8192) as a server
/usr/sbin/stunnel -f -D 7 -p /usr/share/ssl/certs/stunnel.pem -d 443 -r 80

2. Make another copy , edit file ssl.c
and put there
/* I/O buffer size */
#define BUFFSIZE      16413 /* 8192 */
then start stunnel
/my/special/anotherbuffersize/stunnel -f -D 7 -c -d -r

3. now access
(note port is 97 , as set in stunnel client)

./src/curl -3  -d @/tmp/t1
or, better,
strace  ./src/curl -3  -d @/tmp/t1
curl does not use any SSL any more, plain http access,
it goes via first stunnel (as a client) to second ( as a server) to plain http.

And it hanges. exactly in the same way as curl via ssl.
even curl strace is similar.

Comment 3 Need Real Name 2000-10-12 17:08:18 EDT
Also note that focing curl to SSL ver2 

./src/curl -2 -v -d @/tmp/jjjXX
works OK without any hang.
Comment 4 Michal Trojnara 2000-12-20 06:00:04 EST
It's fixed in stunnel versions >=3.9.
Comment 5 Need Real Name 2000-12-20 14:57:42 EST
Also, the stunnel from updates stunnel-3.9-1 
has a bug when started as 
/usr/sbin/stunnel -d 465 -r remote_host_ip:25
It prints 
Dec 20 14:38:16 localhost stunnel[20230]: stunnel 3.9 on i386-redhat-linux-gnu
Dec 20 14:38:16 localhost stunnel[20231]: Cannot create pid file
Dec 20 14:38:16 localhost stunnel[20231]: Create: No such file or directory (2)

See, there is a string /var/stunnel in /usr/sbin/stunnel 
which is used in path.
rpm -q stunnel
[root@localhost /root]# strings /usr/sbin/stunnel |grep /var/stunn

I am posting this to openssl because there is no stunnel in the packages list
Comment 6 Nalin Dahyabhai 2000-12-20 18:11:19 EST
We're working on a stunnel-3.9-2 errata to fix this last bug, and another.
Comment 7 Nalin Dahyabhai 2000-12-21 16:31:29 EST
The errata package will be 3.10-2.

Note You need to log in before you can comment on or make changes to this bug.