From: "Paul Smedley" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 1729648 for ecs-isp@2rosenthals.com; Sat, 06 Mar 2021 15:30:10 -0500 Received: from [192.168.200.201] (port=42931 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1lIdYm-0000sB-1u for ecs-isp@2rosenthals.com; Sat, 06 Mar 2021 15:30:00 -0500 Received: from mail-pl1-f172.google.com ([209.85.214.172]:38900) by mail2.2rosenthals.com with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1lIdYb-0003hV-25 for ecs-isp@2rosenthals.com; Sat, 06 Mar 2021 15:29:49 -0500 Received: by mail-pl1-f172.google.com with SMTP id s7so3066737plg.5 for ; Sat, 06 Mar 2021 12:29:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smedley-id-au.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=LdJ+MXqB9bZacEMBM+XYEZEBAAzL+XK+ygRgQ6ot3lk=; b=VsIlpzj2cGROGolDNwgtLGY/DGAj0Xqhc29SV+J6tmSdy3WynrLbdjyl4w8hX9lKYO hDJ5m3ZxVZHWT/v9viLer+3u9EYksHOjT8tFOPAL1MTNGzodpBgalWg2u3k3P+jMYXYP 33fgwUngy0HrNZi+SUfmNzwp8vDEQixrmGNDEiiP11nh4rkiENwrNccimMAxhKTv4Vqn ud76u65sMmcAlkw9p6Wzwf3vs7Pf5W0hnE6BEeRbs/ehq2gkyngVS+i8bRODZBaqD4dV FLFqQnM3QCNWrOLOBmoscVnoja3OsiVa+q2Vpd5QQ3FQt34+zYNeMTsKaHvhL/EVonXK u4zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=LdJ+MXqB9bZacEMBM+XYEZEBAAzL+XK+ygRgQ6ot3lk=; b=bEzvmbTUMIMjInIVaMhToxbJiNX5C9swrkuCx25ZT1tv1qGcikHk6Jiyh71lVp3uTW RJneZuoYHD1RjWfB56TUQi5itiA8dhs/E3wZp4YEzP/KJwbX4tluqS6zJOAO4s6m5UJj LmeIS7Ui1X5xBh0UMAoJSU/csWzqKI0JexeIvSdG1DYltEaCEJvoMPtAwBDgj+tyw9Qe ZnnJUJIK8kpQxI8STzfMNFP9P6wAiYa8a+RT30RxVCPpcHU/cQAHNh5MvrGO00m+94YU 91VCBElrUBf7x6N5bxI4SbfbtcvbDHrJbUO8Rdc73Hc97hN24mtLKuk19vzNYkRDo8BT wKTw== X-Gm-Message-State: AOAM530+VmRw4JoEJIACVKF9RG/epe5619qFPPZDmNzc3TGItzviGZXu IBG93yUJv/euTUHlyQxw77THJzqTPi1Sve3k X-Google-Smtp-Source: ABdhPJw7YOOi6VO/XMoQosj7HXu8mUC/fUD6Y9wHC6d889lt5GDQU1zY1ZDOOaYzc+i8bI7XYrTgkQ== X-Received: by 2002:a17:902:7897:b029:e2:c149:cbe6 with SMTP id q23-20020a1709027897b02900e2c149cbe6mr13724464pll.68.1615062588104; Sat, 06 Mar 2021 12:29:48 -0800 (PST) Return-Path: Received: from localhost.localdomain (2403-5800-5100-f00-7018-5a33-ed23-d4e7.ip6.aussiebb.net. [2403:5800:5100:f00:7018:5a33:ed23:d4e7]) by smtp.gmail.com with ESMTPSA id a24sm6516252pff.18.2021.03.06.12.29.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 06 Mar 2021 12:29:47 -0800 (PST) Subject: Re: [eCS-ISP] Stunnel 5.58 To: eCS ISP Mailing List References: Message-ID: <6e969e70-d4e6-cf96-6d5e-1b6fbab02ab4@smedley.id.au> Date: Sun, 7 Mar 2021 06:59:42 +1030 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Hi Max, On 6/3/21 10:36 pm, Massimo S. wrote: > > > Il 05/03/2021 21:33, Paul Smedley ha scritto: >> Hi Max, >> >> On 1/3/21 8:41 pm, Massimo S. wrote: >>> >>> >>> Il 01/03/2021 11:06, Massimo S. ha scritto: >>>> >>>> >>>> Il 27/02/2021 22:29, Paul Smedley ha scritto: >>>>> Hi All, >>>>> >>>>> On 28/2/21 5:47 am, Massimo S. wrote: >>>>>> >>>>>> >>>>>> Il 27/02/2021 09:52, Paul Smedley ha scritto: >>>>>>> Hey Steven, >>>>>>> >>>>>>> On 27/2/21 7:03 pm, Steven Levine wrote: >>>>>>>> In , on 02/27/21 >>>>>>>>     at 06:16 PM, "Paul Smedley" said: >>>>>>>> >>>>>>>> Hi Paul, >>>>>>>> >>>>>>>>> Not tested - but I'd expect it to work... >>>>>>>> >>>>>>>>> https://smedley.id.au/tmp/stunnel-5.56-os2-20210227.zip >>>>>>>> >>>>>>>> I will install it here soon-ish.  Does it include debug data? >>>>>>>> Since >>>>>>>> Massimo fixed his mantis mail issues, I expect to resume working on >>>>>>>> Massimo's ticket # 709 once I finish up some other work in >>>>>>>> progress. >>>>>>> It doesn't - but I can rebuild in the morning. >>>>>>> >>>>>>>> I don't know if I mentioned it, but I suspect the 100% is some >>>>>>>> sort of >>>>>>>> fast select retry loop.  I should be able to confirm with with the >>>>>>>> debugger. >>>>>>> >>>>>>> That wouldn't surprise me - our select() is pretty buggy. >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Paul >>>>>> >>>>>> hi all, >>>>>> >>>>>> thanks a lot will wait debug build >>>>>> >>>>>> i add in the last days stunnel on the 2nd server (1core VM) gave a >>>>>> lot of >>>>>> 100% cpu, i had to put an hour close & restart >>>>>> >>>>>> on the other server i don't see much issues (about cpu load) since >>>>>> it's 4core >>>>> >>>>> https://smedley.id.au/tmp/stunnel-5.58-os2-20210228-debug.zip >>>>> >>>>> Cheers, >>>>> >>>>> Paul >>>> >>>> hi all, >>>> >>>> upgraded server 2 to this build >>>> thanks >>>> >>>> massimo >>> >>> hi, >>> >>> gone back to 5.56 debug since this one crash on startup: >>> >>> INTERNAL ERROR: TLS initialization failed at stunnel.c, line 124 >>> >>> Killed by SIGABRT >>> >>> pid=0x69aa ppid=0x696f tid=0x0001 slot=0x005e pri=0x0200 mc=0x0001 >>> ps=0x0010 >>> >>> \STUNNEL.EXE >>> Process dumping was disabled, use DUMPPROC / PROCDUMP to enable it. >> >> I am NOT seeing this here.  I just tested the build and it's working >> fine in my environment. Please post the full output of trying to run >> stunnel, not just the one line with the internal error. There may be >> useful additional context around that error. >> >> Cheers, >> >> Paul > > Hi, > > what you mean about full output? > i've no exceptQ dump, nor entry in popuplog.os2 Contrast Steven's error message: Starting Stunnel daemon from D:\SLAInc\stunnel\stunnel-to-steven-dnacih-com\etc stunnel stunnel_to_steven.conf [ ] Initializing inetd mode configuration [ ] Clients allowed=4882 [.] stunnel 5.58 on i386-pc-os2-emx built by Paul Smedley on Feb 28 2021 [.] Compiled/running with OpenSSL 1.1.1j 16 Feb 2021 [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI [ ] errno: (* _errno()) [ ] Initializing inetd mode configuration [.] Reading configuration from file D:/SLAInc/stunnel/stunnel-to-steven-dnacih-com/etc/stunnel_to_steven.conf [.] UTF-8 byte order mark not detected [.] FIPS mode disabled [ ] Compression disabled [ ] No PRNG seeding was required [ ] Initializing service [vnc] [ ] stunnel default security level set: 2 [ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK [ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 [ ] TLS options: 0x02100004 (+0x00000000, -0x00000000) [ ] Loading certificate from file: ssl/private/slainc.crt [!] SSL_CTX_use_certificate_chain_file: ssl/ssl_rsa.c:301: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small [!] Service [vnc]: Failed to initialize TLS context [!] Configuration failed [ ] Deallocating temporary section defaults [ ] Deallocating section [vnc] With yours: INTERNAL ERROR: TLS initialization failed at stunnel.c, line 124 I suspect there was more than a single line of output when you ran stunnel, which would provide useful context as to why TLS could not be initialised. Cheers, Paul