Description of problem: If I configure stunnel for SMTP TLS then it gives the wrong greeting (see below) and crashes on a subsequent EHLO. Version-Release number of selected component (if applicable): stunnel-4.15-2 How reproducible: Every time. Steps to Reproduce: 1. Configure stunnel. I created /etc/stunnel/stunnel.conf containing this: ------------------------------------------- cert = /etc/pki/tls/certs/localhost.crt key = /etc/pki/tls/private/localhost.key chroot = /var/run/stunnel setuid = nobody setgid = nobody pid = /stunnel.pid [smtps] accept = 465 connect = 25 protocol = smtp -------------------------------------- Don't forget to mkdir /var/run/stunnel chgrp nobody:nobody /var/run/stunnel 2. Start stunne: "stunnel /etc/stunnel/stunnel.conf 3. Connect to port 465 and start an SMTP conversation. You'll see this (I've put <<< and >>> to indicate who is sending what # telnet localhost 465 <<< Trying 127.0.0.1... <<< Connected to localhost.localdomain (127.0.0.1). <<< Escape character is '^]'. <<< 220220 beth.example.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 10 Sep 2007 17:18:58 +0100 + stunnel >>> ehlo localhost <<< 250-ehlo localhost Welcome <<< Connection closed by foreign host. /var/log/secure says this: Sep 10 17:18:57 beth stunnel: LOG5[28421:3086252944]: smtps connected from 127.0.0.1:3297 Sep 10 16:18:58 beth stunnel: LOG5[28421:3086252944]: Negotiations for smtp (server side) started On x86_64 I also get this: Sep 10 17:12:00 aleph kernel: stunnel[25408]: segfault at 0000555555564f5f rip 000055555555feb7 rsp 000000004000f8b0 error 7 You can see what the actual protocol exchange should be if you telnet to port 25 and send the "ehlo localhost". In this case, the greeting starts "220" not "220220" and there's rather more than the one line with the spurious continuation in response to the ehlo. For the moment, I've installed Fedora 7's stunnel (stunnel-4.20-2) and that works fine.
Sorry, where it says "chgrp nobody:nobody /var/run/stunnel" that should of course be "chown ..."
Created attachment 204111 [details] A backported patch Thanks for your report. If you are a RHEL customer and have an active support entitlement, please contact official Red Hat Support at https://www.redhat.com/apps/support/ to allow correct prioritization of this issue.
Only got a developer license :-( However, the patch applies just fine and fixes the problem. Many thanks.
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. This request will be reviewed for a future Red Hat Enterprise Linux release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0894.html