Fedora 20 + stunnel crashing
slamp slamp
slackamp at gmail.com
Sun Jan 5 22:29:59 UTC 2014
Fixed by adding "fips = no" to the stunnel config file. I don't remember
what version was of stunnel I had before but apparently 4.56 enables it by
default.
On Sun, Jan 5, 2014 at 5:01 PM, slamp slamp <slackamp at gmail.com> wrote:
> Hello All,
>
> Anyone able to use stunnel successfully in Fedora 20? It has been working
> for me for awhile prior to upgrading.
>
> Stunnel starts up fine, but as soon as it is used, it crashes but no
> indication as to why.
>
> I really only use stunnel to interface my sendmail with my ISP, if there
> is a simple way of doing this with sendmail, I'll remove stunnel.
>
> I believe I am using a simple config:
>
> $ cat /etc/stunnel/stunnel.conf
> ; Some performance tunings
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
>
> ; Some debugging stuff useful for troubleshooting
> debug = 7
> output = /var/log/stunnel.log
>
> ; Use it for client mode
> client = yes
> verify = 0
>
> ; Service-level configuration
>
> [pseudo-ssmtp]
> accept = relay-domain:2525
> connect = smtp.verizon.net:465
>
>
> ------------------
> logs:
>
> 2014.01.05 15:51:42 LOG7[613:3071158144]: Clients allowed=500
> 2014.01.05 15:51:42 LOG5[613:3071158144]: stunnel 4.56 on
> i686-redhat-linux-gnu platform
> 2014.01.05 15:51:42 LOG5[613:3071158144]: Compiled/running with OpenSSL
> 1.0.1e-fips 11 Feb 2013
> 2014.01.05 15:51:42 LOG5[613:3071158144]: Threading:PTHREAD
> Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
> 2014.01.05 15:51:42 LOG5[613:3071158144]: Reading configuration from file
> /etc/stunnel/stunnel.conf
> 2014.01.05 15:51:42 LOG5[613:3071158144]: FIPS mode is enabled
> 2014.01.05 15:51:42 LOG7[613:3071158144]: Compression not enabled
> 2014.01.05 15:51:42 LOG7[613:3071158144]: Snagged 64 random bytes from
> /dev/urandom
> 2014.01.05 15:51:42 LOG7[613:3071158144]: PRNG seeded successfully
> 2014.01.05 15:51:42 LOG6[613:3071158144]: Initializing service
> [pseudo-ssmtp]
> 2014.01.05 15:51:43 LOG7[613:3071158144]: SSL options set: 0x00000004
> 2014.01.05 15:51:43 LOG5[613:3071158144]: Configuration successful
> 2014.01.05 15:51:43 LOG7[613:3071158144]: Service [pseudo-ssmtp] (FD=12)
> bound to 127.0.0.1:2525
> 2014.01.05 15:51:43 LOG7[737:3071158144]: Created pid file
> /var/run/stunnel.pid
> 2014.01.05 16:21:57 LOG7[737:3071158144]: Service [pseudo-ssmtp] accepted
> (FD=3) from 127.0.0.1:34007
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Service [pseudo-ssmtp] started
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Waiting for a libwrap process
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Acquired libwrap process #0
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Releasing libwrap process #0
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Released libwrap process #0
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Service [pseudo-ssmtp] permitted
> by libwrap from 127.0.0.1:34007
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Service [pseudo-ssmtp] accepted
> connection from 127.0.0.1:34007
> 2014.01.05 16:21:57 LOG6[737:3078183744]: connect_blocking: connecting
> 206.46.232.100:465
> 2014.01.05 16:21:57 LOG7[737:3078183744]: connect_blocking: s_poll_wait
> 206.46.232.100:465: waiting 10 seconds
> 2014.01.05 16:21:57 LOG5[737:3078183744]: connect_blocking: connected
> 206.46.232.100:465
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Service [pseudo-ssmtp] connected
> remote server from 172.16.133.25:56457
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Remote socket (FD=14) initialized
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SNI: sending servername:
> smtp.verizon.net
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect):
> before/connect initialization
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 write
> client hello A
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read
> server hello A
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate
> verification: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions,
> Inc./CN=GTE CyberTrust Global Root
> 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=3,
> /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
> Global Root
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate
> verification: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions,
> Inc./CN=GTE CyberTrust Global Root
> 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=3,
> /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
> Global Root
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate
> verification: depth=2, /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore
> CyberTrust Root
> 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=2,
> /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate
> verification: depth=1, /O=Cybertrust Inc/CN=Cybertrust Public SureServer SV
> CA
> 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=1,
> /O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA
> 2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate
> verification: depth=0, /C=US/ST=Texas/L=Irving/O=Verizon Data Services
> LLC/OU=SLB Mail/CN=smtp.verizon.net
> 2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled
> 2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=0,
> /C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=SLB Mail/CN=
> smtp.verizon.net
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read
> server certificate A
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read
> server key exchange A
> 2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read
> server done A
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140105/cc21c30b/attachment-0001.html>
More information about the users
mailing list