Bug 18998 - stunnel hangs
Summary: stunnel hangs
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: stunnel   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-12 20:55 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-20 23:11:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2000-10-12 20:55:24 UTC
stunnel often hangs when transferring 
the last portion of the steam (probably because of openssl library error)

Comment 1 Need Real Name 2000-10-12 21:02:23 UTC
To reproduce this use the following:
1. create test.cgi file
------------------------------------
#!/bin/sh
echo 'Content-type: text/html'
echo
echo 'MAIL SAVED'
exec /bin/cat >/dev/null
------------------------------------

Note the cgi must read data from stdin,
(like in POST method).
This is what "exec /bin/cat >/dev/null" for.

then start stunnell
/usr/sbin/stunnel -f -D 7 -d 443 -r 80

Create two files t1 and t2 and use curl compiled with SSL

perl -e 'for(my $x=0;$x<128288;$x++){print " ";}' > /tmp/t1
then
./src/curl -3 -v -d @/tmp/t1 https://127.0.0.1/cgi-bin/test.cgi
hangs.

then do
perl -e 'for(my $x=0;$x<1048576;$x++){print " ";}' > /tmp/t2
./src/curl -3  -d @/tmp/t2 https://127.0.0.1/cgi-bin/test.cgi

and it works. (note that 1048576=2^20)

in the same time forcing curl to use SSL2 works OK
Then access it from curl
./src/curl -3 -v -d @/tmp/jjjXX https://127.0.0.1/cgi-bin/test.cgi



Comment 2 Need Real Name 2000-10-12 21:06:25 UTC
Also stunnel to stunnel work OK when compiled as default,
but It DOES NOT work if you set different buffer sizes in client and server.
To repoduce use:

1. Use standard stunnell (buffer 8192) as a server
/usr/sbin/stunnel -f -D 7 -p /usr/share/ssl/certs/stunnel.pem -d 443 -r 80

2. Make another copy , edit file ssl.c
and put there
/* I/O buffer size */
#define BUFFSIZE      16413 /* 8192 */
then start stunnel
/my/special/anotherbuffersize/stunnel -f -D 7 -c -d 127.0.0.1:97 -r
127.0.0.1:443

3. now access  http://127.0.0.1:97/cgi-bin/test.cgi
(note port is 97 , as set in stunnel client)

./src/curl -3  -d @/tmp/t1 http://127.0.0.1:97/cgi-bin/test.cgi
or, better,
strace  ./src/curl -3  -d @/tmp/t1 http://127.0.0.1:97/cgi-bin/test.cgi
curl does not use any SSL any more, plain http access,
it goes via first stunnel (as a client) to second ( as a server) to plain http.

And it hanges. exactly in the same way as curl via ssl.
even curl strace is similar.



Comment 3 Need Real Name 2000-10-12 21:08:18 UTC
Also note that focing curl to SSL ver2 

./src/curl -2 -v -d @/tmp/jjjXX https://127.0.0.1/cgi-bin/test.cgi
works OK without any hang.

Comment 4 Michal Trojnara 2000-12-20 11:00:04 UTC
It's fixed in stunnel versions >=3.9.

Comment 5 Need Real Name 2000-12-20 19:57:42 UTC
Also, the stunnel from updates stunnel-3.9-1 
has a bug when started as 
/usr/sbin/stunnel -d 465 -r remote_host_ip:25
It prints 
Dec 20 14:38:16 localhost stunnel[20230]: stunnel 3.9 on i386-redhat-linux-gnu
PTHREAD+LIBWRAP
Dec 20 14:38:16 localhost stunnel[20231]: Cannot create pid file
/var/stunnel/stunnel.209.10.98.90.25.pid
Dec 20 14:38:16 localhost stunnel[20231]: Create: No such file or directory (2)

See, there is a string /var/stunnel in /usr/sbin/stunnel 
which is used in path.
rpm -q stunnel
stunnel-3.9-1
[root@localhost /root]# strings /usr/sbin/stunnel |grep /var/stunn
/var/stunnel/


I am posting this to openssl because there is no stunnel in the packages list


Comment 6 Nalin Dahyabhai 2000-12-20 23:11:19 UTC
We're working on a stunnel-3.9-2 errata to fix this last bug, and another.

Comment 7 Nalin Dahyabhai 2000-12-21 21:31:29 UTC
The errata package will be 3.10-2.


Note You need to log in before you can comment on or make changes to this bug.